A code review is a methodical process for examining software source code to identify problems and improve software quality. The process is regarded as an important task in the development of critical embedded systems, especially those that require certification.
A code review team typically consists of a moderator, quality engineer or manager, the software developer, and other peers. The team often uses a checklist to systematically review all pertinent aspects of the software. For example, the team may assess code complexity and check compliance to coding standards such as MISRA-C/C++ or JSF++.
Detecting subtle run-time errors can be extremely challenging. For example, it’s easy to miss an overflow or underflow due to complex mathematical operations that involve programmatic control. Techniques such as static code analysis can help automate and streamline the code review process.
For example, the Polyspace static code analysis tool can detect and prove the absence of run-time errors in source code. Reports generated from Polyspace products can be used in a code review process to identify which parts of the code are proven to be reliable and which aspects are at risk for failure. Polyspace products also statically determine variable ranges, and produce function call graphs and data dictionaries to show how and where variables are written to and read from. This information can be invaluable in a code review where it is important to precisely explain the data and control flow of the software.