Lessons Learned
Until recently, our checking involved only the QA team checking coding standards compliance at the project level. This was effective for tracking defect trends and maintaining the rule set. However, there were several drawbacks.
First, the reported violation sources do not always match the code in the development environment. Developers don't usually work on a centralized source-code repository; they write and modify code in a private area, then copy or check-in the source code to the centralized repository. If the development source code differs from the code that QA is testing, it can be difficult for developers to identify and repair the source of reported violations.
Second, developers prefer to immediately verify that a violation correction has eliminated the problem.
For these reasons, we decided to have the coding standards checker run by developers as well as the QA team.
Developers who do not carefully follow standards may produce code with many violations, and are often reluctant to correct the violations. This is especially problematic with violations from identifier- or design-related rules, which are difficult to correct in later development phases because making such corrections can have a large, project-wide impact. We recommend checking coding standards conformance from the early coding phase so that the violated code is corrected before it is propagated out of the module.
One reason why the coding standards checking effort with our previous tool failed was the lack of rule maintenance at the organization level.
After the initial rule set is established, rules should be customized continuously because some rules might not apply to particular projects and development style might vary across development domains. A rule set should be maintained throughout each project's operations as the project constraints evolve.
Automatic coding standards checking should complement code reviews. In our development process, code review is mandatory because it effectively catches developers' logical errors and mistakes. However, developers nevertheless skip code reviews due to schedule constraints. Our experiences and research show that some developers are easily distracted by style issues and focus on them during code reviews (D. Kelly and T. Shepard, "Qualitative Observations from Software Code Inspection Experiments"; CASCON, 2002). Consequently, some developers view the code review process as being time-consuming with little benefit, and then skip it. This can be prevented by removing coding standards violations with automatic coding standards checking before the review, which allows the review to focus on finding logical and serious errors. Moreover, because automatic checking covers only about 50 percent of the items in our coding standards (some items are complicated to implement with an automated tool), code reviews are needed to check the remaining items.
Conclusion
We have applied the checker to several projects in our organization and achieved significant code-quality improvements in each case. We plan to apply it to additional projects and analyze the effects on code quality.
Coding Standards Gain Traction
by Robert D. Buckley
MISRA-C, short for the "Motor Industry Software Reliability Association," is a coding standard hatched by auto industry experts who recognized that software was becoming increasingly pervasive in their products. The MISRA guidelines (www.misra-c2.com) "provide important advice...for the creation and application of safe, reliable software within vehicles" by promoting best practices and identifying a safe subset of C.
Others saw value in this coding standard. Consequently, MISRA's approach is now applied in avionics, defense, medical, and telecom, among other industries. My favorite example is a customer who used it while developing software for an implantable human heart. Now there's an embedded, safety-critical application.
Increasingly, software developers recognize that adopting coding standards is an integral step toward building high-integrity, quality software. A case in point: We're working with a leading EDA vendor that is using insights from Herb Sutter and Andrei Alexandrescu's book C++ Coding Standards: 101 Rules, Guidelines, and Best Practices (Addison-Wesley, ISBN 0321113586) for its internal standards.
Is MISRA-C the mother of today's coding standards? Maybe so. Toyota's internal coding standard extends it. Our PRQA High-Integrity C++ (www.codingstandard.com) leverages it. The recently released (once government classified) Joint Strike Fighter Air Vehicle C++ Coding Standard (www.jsf.mil/downloads/down_documentation.htm) has lots of references to it. MISRA-C itself continues to evolve, and we'll see a MISRA-C++ equivalent soon.
Ultimately, good coding standards serve as repositories of best practices. They're the collaborative efforts of the best minds out there, filled with insight and ready for you to share and profit from. Robert is CEO of the Programming Research, Inc. and can be reached at rdb@ programmingresearch.com. |