Interview on the use of automated vs. manual code inspection

by donpedro

Founded in 1985 and head-quartered in the UK, PRQA specialises in defect prevention and promoting safe code practices to ensure reliability for safety-critical, mission-critical and commercial systems. PRQA maintains full voting representation on the ISO working groups for C and C++, is a founding member of the MISRA C Working Group (producers of C and C++ coding standards) and the originator of the High Integrity C++ Coding Standard (HICPP).
Frans Nomden, Eastern Europe Territory Manager for PRQA – talks to Gabriel Neagu about the importance of static analysis and why to choose automated solutions over manual inspection methods.

What are your views on manual code inspection?
PRQA advocates the use of automated code inspection process simply due to the exponential growth in the amount of code that is getting developed and in its complexity.
For example, a simple washing machine can now contain in excess of one million lines of embedded code and it would be a gargantuan task to manually detect issues in this maze of code. The other factor is that every time fresh code is added to the existing code base, the entire code has to be re-inspected wasting valuable time and effort when this task can be automated. We however recognise that in order for this automated process to work, human intervention is still necessary to control deviations and exceptions to certain non-compliancies.

What is the difference between bug catching and coding standard compliance?
Basically bug catching uses dataflow orientated run-time simulation to identify defects, whereas coding standard compliance is adhering to best practice and therefore preventing the introduction the defects in the first instance. There are some static tools available in the market which only look at finding defects and do not aid in process improvement. Whereas we enable our clients to improve their coding process and develop high quality code by finding and fixing issues early and often during the development phase, prior to testing. We believe in the principle “prevention is better than cure.” Hence we enforce a coding standard and help our customers to develop robust and high integrity code.

How important are static analysis tools?
Static analysis tools are a very important means to catch bugs and identify coding issues extremely early in the development cycle, passing better code into the latter stages of the development process. At PRQA we recommend the use of a static analysis tool in conjunction with a coding standard – this solution enables developers to catch defects, comply to best practice and prevents the introduction of bugs.

How do static analysis tools assist a developer in improving the quality of the code?
Static analysis is a crucial element of the high-quality software development processes, enabling developers to identify defects in the code very early in the development process. By ensuring compliance to a coding standard, static analysis not only identifies the defects that can cause program crashes, but also provides best practice guidance, enables the developer to produce higher quality code and therefore prevents the introduction of defects.
Static analysis helps to automate code reviews, removing the opportunity for human error in the process, providing objective results that removes the emotion often associated with individuals reviewing another developers’ code.
QA•C and QA•C++ tools offer developers immediate feedback on code they have written, allowing them to address issues before committing changes to the organisation’s code repository. The tools can also be used to provide a measure of overall project quality when used in conjunction with a software quality management system.

What kind of coding standards do your products enforce?
Historically several industries have created specific coding standards that are adopted by manufacturers throughout the supply chain. Some of the key standards that we support are:
High Integrity C++
In-House / Internal Coding Standards

Who uses your tools?
Mentor Graphics’ Automotive Networking Business Unit, located in Hungary, Budapest, used PRQA’s QA∙C in the development of Volcano; an in-vehicle network design tool. Thales Rail Signalling Part Security Solutions and Continental are both users of our tools based in Romania. Other international automotive clients are BMW, Toyota, Delphi, and Autoliv. Defence and Aerospace includes SELEX Galileo, Thales, Northrop Grumman and BAE Systems. Medical devices are also getting a lot of traction these days and amongst our clients, we can name Abiomed, Novo Nordisk and Gambro.

Related Articles

Leave a Comment