Overview
Features
Download
Documentation
Community
Add-Ons & Services
The POCO C++ Libraries Blog

Bulletproofing C++ Code

Filed under: Uncategorized by gerhard at 16:37

Sergei Sokolov examines interesting techniques at Dr. Dobbs Journal, that improve the stability and reduce the risks of errors for C++ programming.

Here a short summary.

Step 1. Use Static Analyis

  • Peer code reviews remain the best approach for finding code defects
  • using a human brain to read and understand the code, looking for defects with a fresh eye
  • about 60 percent of defects can be removed via code reviews
  • automated static analysis effectively support this step
  • two types of static analysis exists : pattern matching (based on coding practices or coding policy) and dataflow analysis
  • Effective application of static analysis goes beyond buying the appropriate tools; it also requires the careful application and monitoring of processes

Step 2. Establish a Reliable Regression Base

  • in average 25 percent of software defects are introduced while programmers are fixing and changing code during maintenance
  • first create some regression tests before making any code changes
  • There are two approaches to create such a regression test suite. Top-down by identifying the module-under-test’s high-level API and bottom-up by starting from the leaf-level functions and examine the internal paths.
  • support this step by tools capable auto-generating API tests and test coverage.
  • Once the test suite is in place, its execution must be automated so that it can be run on a regular and frequent basis

Step 3. Develop Unit and Regression Tests

  • Once you begin writing code or fixing issues in existing code, there’s no excuse for neglecting to properly test the code you wrote
  • If you have fixed a defect, tests have to be created to verify the fix

Step 4. Static Analysis and Code Review

  • Once the new code passes all the checks, including a clean bill of health from static analysis and regression testing with sufficient coverage, it should be finalized by a team code review
2 Comments »
  1. The name of the guy is actually Sergei Sokolov, not Solkov:)

    Comment by TheRawGod on January 17, 2007, 11:49

  2. Thanx for the info, fixed it :-)

    Comment by peter on January 25, 2007, 10:38

RSS RSS feed for comments on this post. TrackBack URI

Leave a comment