Post by thread:[OT]: Code Validation Tools

Andy, I have an opinion. If you have code that *seems* correct and compiles cleanly and lint is happy with it, you are ready to do a code review. Code reviews are a process where you explain to other programmers what the program does, and why, and how. In the process, the review team will likely find a large proportion of your latent bugs. Testing is good, too, but its very expensive per bug to find errors by testing, compared to code reviews. This is partly because it is usually difficult to exercise all branches in a program. Code reviews are a very effective tool, no matter what other formal methods for development that you may adopt. Take a look at Jack Ganssle's web site for more about this: http://www.ganssle.com He suggests a particular method for doing code reviews. For a very small company like mine, I've had to adapt the methods. But I'm getting good results finding latent bugs that would not have been caught in testing. Regards, Barry. ------------ Barry King, KA1NLH NRG Systems "Measuring the Wind's Energy" http://www.nrgsystems.com Check out the accumulated (PIC) wisdom of the ages at: PIC/PICList FAQ: http://www.piclist.org

part 0 2596 bytes content-type:application/octet-stream;Hi, I agree with Barry - once you are happy with your "Linted" code, conduct a review. Take your Lint reports along, there may be some issues up for discussion from the Lint output, too. It doesnt have to be a "formal" review, such as Fagan inspection - we find that we have a lot of success with more informal peer reviews/ code walkthroughs. It is also a good incentive to write decent code when you know your colleagues are going to rip it apart at their first opportunity ;-) Regards, Dan |-------------> |(Embedded | |image moved | |to file: | |pic00262.pcx)| | | |-------------> >------------------------------------------------------------------------| |Barry King <spam_OUTbarryTakeThisOuTNRGSYSTEMS.COM> | |08/06/2000 23:04 | >------------------------------------------------------------------------| Please respond to pic microcontroller discussion list <.....PICLISTKILLspam@spam@MITVMA.MIT.EDU> To: PICLISTKILLspamMITVMA.MIT.EDU cc: (bcc: Dan Lloyd/GBPTD/ABB) Subject: Re: [OT]: Code Validation Tools > Lint Security Level:? Internal Andy, I have an opinion. If you have code that *seems* correct and compiles cleanly and lint is happy with it, you are ready to do a code review. Code reviews are a process where you explain to other programmers what the program does, and why, and how. In the process, the review team will likely find a large proportion of your latent bugs. Testing is good, too, but its very expensive per bug to find errors by testing, compared to code reviews. This is partly because it is usually difficult to exercise all branches in a program. Code reviews are a very effective tool, no matter what other formal methods for development that you may adopt. Take a look at Jack Ganssle's web site for more about this: http://www.ganssle.com He suggests a particular method for doing code reviews. For a very small company like mine, I've had to adapt the methods. But I'm getting good results finding latent bugs that would not have been caught in testing. Regards, Barry. ------------ Barry King, KA1NLH NRG Systems "Measuring the Wind's Energy" http://www.nrgsystems.com Check out the accumulated (PIC) wisdom of the ages at: PIC/PICList FAQ: http://www.piclist.org Content-type: application/octet-stream; name="pic00262.pcx" Content-Disposition: attachment; filename="pic00262.pcx" Attachment converted: creation:pic00262.pcx (????/----) (00016364)

part 0 3249 bytes content-type:application/octet-stream; For the record, we are talking > 100K lines of code. It hasn't been lint'd yet - I'm looking for a decent lint package as well. WHAT HAVE YOU USED!? Formal ode reviews will come (I believe in them having used them in the past), but right now the software dept is one guy - moi! (I'm looking for more engineers, as posted previously) Andy D Lloyd <.....dan.lloydKILLspam.....GB.ABB.COM> on 06/09/2000 03:14:31 AM Please respond to pic microcontroller discussion list <EraseMEPICLISTspam_OUTTakeThisOuTMITVMA.MIT.EDU> To: PICLISTspam_OUTMITVMA.MIT.EDU cc: (bcc: Andrew Kunz/TDI_NOTES) Subject: Re: [OT]: Code Validation Tools > Lint Hi, I agree with Barry - once you are happy with your "Linted" code, conduct a review. Take your Lint reports along, there may be some issues up for discussion from the Lint output, too. It doesnt have to be a "formal" review, such as Fagan inspection - we find that we have a lot of success with more informal peer reviews/ code walkthroughs. It is also a good incentive to write decent code when you know your colleagues are going to rip it apart at their first opportunity ;-) Regards, Dan |-------------> |(Embedded | |image moved | |to file: | |pic00262.pcx)| | | |-------------> >------------------------------------------------------------------------| |Barry King <@spam@barryKILLspamNRGSYSTEMS.COM> | |08/06/2000 23:04 | >------------------------------------------------------------------------| Please respond to pic microcontroller discussion list <KILLspamPICLISTKILLspamMITVMA.MIT.EDU> To: RemoveMEPICLISTTakeThisOuTMITVMA.MIT.EDU cc: (bcc: Dan Lloyd/GBPTD/ABB) Subject: Re: [OT]: Code Validation Tools > Lint Security Level:? Internal Andy, I have an opinion. If you have code that *seems* correct and compiles cleanly and lint is happy with it, you are ready to do a code review. Code reviews are a process where you explain to other programmers what the program does, and why, and how. In the process, the review team will likely find a large proportion of your latent bugs. Testing is good, too, but its very expensive per bug to find errors by testing, compared to code reviews. This is partly because it is usually difficult to exercise all branches in a program. Code reviews are a very effective tool, no matter what other formal methods for development that you may adopt. Take a look at Jack Ganssle's web site for more about this: http://www.ganssle.com He suggests a particular method for doing code reviews. For a very small company like mine, I've had to adapt the methods. But I'm getting good results finding latent bugs that would not have been caught in testing. Regards, Barry. ------------ Barry King, KA1NLH NRG Systems "Measuring the Wind's Energy" http://www.nrgsystems.com Check out the accumulated (PIC) wisdom of the ages at: PIC/PICList FAQ: http://www.piclist.org Content-type: application/octet-stream; name="pic00262.pcx" Content-Disposition: attachment; filename="pic00262.pcx" Attachment converted: creation:pic00262.pcx 1 (????/----) (00016371)

part 0 4725 bytes content-type:application/octet-stream; Please respond to pic microcontroller discussion list <spamBeGonePICLISTspamBeGoneMITVMA.MIT.EDU> To: TakeThisOuTPICLISTEraseMEspam_OUTMITVMA.MIT.EDU cc: (bcc: Dan Lloyd/GBPTD/ABB) Subject: Re: [OT]: Code Validation Tools > Lint Security Level:? Internal Hi, For the record, we are talking > 100K lines of code. * Arranged in suitably sized modules, no doubt........The project we just did has a similar amount of code and we Linted it, no problem. It hasn't been lint'd yet - I'm looking for a decent lint package as well. WHAT HAVE YOU USED!? * Keep your hair on, Aaron! :-) We are using 'the' Lint (Gimpel Software, version h) which we have to frig because it doesnt directly "support" our IAR compiler (not a big problem). We also find that it generates a lot of 'disinformation' but this is an evil that can be tolerated. I know that there are Windows-style linting packages but we like the old-fashioned dos one. I had tried one called PC-Lint, which seemed to give "good" (sorry, didnt have time to perform a full evaluation against what we were using, hence the relative term) results.....just depends what you prefer. Formal ode reviews will come (I believe in them having used them in the past), but right now the software dept is one guy - moi! (I'm looking for more engineers, as posted previously) * Then you have a problem, which is a pity, as we find reviews extremely effective. I know there are firms around that will review and audit code for you, but I imagine they do it very formally.....depends what you want from it/how much you want to pay. Regards, Dan Andy D Lloyd <RemoveMEdan.lloydTakeThisOuTGB.ABB.COM> on 06/09/2000 03:14:31 AM Please respond to pic microcontroller discussion list <PICLISTEraseME.....MITVMA.MIT.EDU> To: EraseMEPICLISTMITVMA.MIT.EDU cc: (bcc: Andrew Kunz/TDI_NOTES) Subject: Re: [OT]: Code Validation Tools > Lint Hi, I agree with Barry - once you are happy with your "Linted" code, conduct a review. Take your Lint reports along, there may be some issues up for discussion from the Lint output, too. It doesnt have to be a "formal" review, such as Fagan inspection - we find that we have a lot of success with more informal peer reviews/ code walkthroughs. It is also a good incentive to write decent code when you know your colleagues are going to rip it apart at their first opportunity ;-) Regards, Dan |-------------> |(Embedded | |image moved | |to file: | |pic00262.pcx)| | | |-------------> >------------------------------------------------------------------------| |Barry King <RemoveMEbarryEraseMEEraseMENRGSYSTEMS.COM> | |08/06/2000 23:04 | >------------------------------------------------------------------------| Please respond to pic microcontroller discussion list <RemoveMEPICLISTspam_OUTKILLspamMITVMA.MIT.EDU> To: RemoveMEPICLISTTakeThisOuTspamMITVMA.MIT.EDU cc: (bcc: Dan Lloyd/GBPTD/ABB) Subject: Re: [OT]: Code Validation Tools > Lint Security Level:? Internal Andy, I have an opinion. If you have code that *seems* correct and compiles cleanly and lint is happy with it, you are ready to do a code review. Code reviews are a process where you explain to other programmers what the program does, and why, and how. In the process, the review team will likely find a large proportion of your latent bugs. Testing is good, too, but its very expensive per bug to find errors by testing, compared to code reviews. This is partly because it is usually difficult to exercise all branches in a program. Code reviews are a very effective tool, no matter what other formal methods for development that you may adopt. Take a look at Jack Ganssle's web site for more about this: http://www.ganssle.com He suggests a particular method for doing code reviews. For a very small company like mine, I've had to adapt the methods. But I'm getting good results finding latent bugs that would not have been caught in testing. Regards, Barry. ------------ Barry King, KA1NLH NRG Systems "Measuring the Wind's Energy" http://www.nrgsystems.com Check out the accumulated (PIC) wisdom of the ages at: PIC/PICList FAQ: http://www.piclist.org Content-type: application/octet-stream; name="pic00262.pcx" Content-Disposition: attachment; filename="pic00262.pcx" Attachment converted: creation:pic00262.pcx 2 (????/----) (00016378) Content-type: application/octet-stream; name="pic01398.pcx" Content-Disposition: attachment; filename="pic01398.pcx" Attachment converted: creation:pic01398.pcx (????/----) (00016379)

part 0 1754 bytes content-type:application/octet-stream; Please respond to pic microcontroller discussion list <EraseMEPICLISTspamspamBeGoneMITVMA.MIT.EDU> To: RemoveMEPICLISTKILLspamMITVMA.MIT.EDU cc: (bcc: Dan Lloyd/GBPTD/ABB) Subject: Re: [OT]: Code Validation Tools > Lint Security Level:? Internal * Replies denoted by a "*" >We are using 'the' Lint (Gimpel Software, >version h) which we have to frig because it doesnt directly "support" our IAR >compiler (not a big problem). We also find that it generates a lot of I'd look at using IAR dongleware as a problem, though <G> * Not much choice available for our micro...... I just downloaded LC-Lint from http://lclint.cs.virginia.edu/win32.html >tried one called PC-Lint, which seemed to give "good" (sorry, didnt have time to >perform a full evaluation against what we were using, hence the relative term) >results.....just depends what you prefer. Gimpel makes "PC-Lint" * It wasn't PC-Lint from Gimpel that I was trying out, then - I remember it being by someone else I also seem to remember the name had "PC" and "Lint" in it, I'm pretty sure about that. I'll have to try to find it again. >* Then you have a problem, which is a pity, as we find reviews extremely >effective. I know there are firms around that will review and audit code for They've worked wonders in the past for me, too. I may have to go to an audit >you, but I imagine they do it very formally.....depends what you want from >it/how much you want to pay Dan Content-type: application/octet-stream; name="pic01934.pcx" Content-Disposition: attachment; filename="pic01934.pcx" Attachment converted: creation:pic01934.pcx (????/----) (00016458)

Yeah, except that the PC side is the one in need of the code review at this point. Andy Barry King <barrySTOPspamspam_OUTNRGSYSTEMS.COM> on 06/09/2000 12:05:27 PM Please respond to pic microcontroller discussion list <spamBeGonePICLISTSTOPspamEraseMEMITVMA.MIT.EDU> To: KILLspamPICLISTspamBeGoneMITVMA.MIT.EDU cc: (bcc: Andrew Kunz/TDI_NOTES) Subject: Re: [OT]: Code Validation Tools > Lint Andy, We're very small, too. We have a consultant that has worked with us occasionally for years. He knows the product, and the gist of what we're trying to do. We will hire him for the code reviews. Well worth it, as you say. IMHO, one of the reasons for using C is that any hardware-savvy person that speaks the language can be a useful reviewer, they don't have to know PICs. In fact, explaining the PIC hardware requirements to an embedded 68K or x86 or 8051 programmer may be the most useful part of the review. -Barry. ------------ Barry King, KA1NLH NRG Systems "Measuring the Wind's Energy" http://www.nrgsystems.com Check out the accumulated (PIC) wisdom of the ages at: PIC/PICList FAQ: http://www.piclist.org

No ideas, but it sounds like a useful tool if you aren't familiar with a project. Would have helped me get up to speed with this one I'm sure. It isn't easy being handed 100K lines of code and being told "fix it" when you don't even know well what it's supposed to do! Andy D Lloyd <EraseMEdan.lloydEraseMEGB.ABB.COM> on 06/12/2000 07:31:36 AM Please respond to pic microcontroller discussion list <@spam@PICLIST@spam@spam_OUTMITVMA.MIT.EDU> To: spamBeGonePICLISTKILLspamMITVMA.MIT.EDU cc: (bcc: Andrew Kunz/TDI_NOTES) Subject: Re: [OT]: Code Validation Tools > Lint Hi (Andy), Futhermore.........Yeah, my mistake (what was I thinking?) about the PC-Lint. The program I was on about was called "CLint", I believe. It was a Windows front-end product, if that excites you. Personally, I just integrate PC-Lint (!) with CodeWright so it was of no real benefit. What I would be interested in is a code visualisation tool......I was looking at CC Rider for a little while - something you can quickly run on legacy code to see how it is put together . Any ideas/other products known to you? Regards, Dan

part 0 1756 bytes content-type:application/octet-stream; Please respond to pic microcontroller discussion list <.....PICLISTspam_OUTMITVMA.MIT.EDU> To: TakeThisOuTPICLIST.....TakeThisOuTMITVMA.MIT.EDU cc: (bcc: Dan Lloyd/GBPTD/ABB) Subject: Re: [OT]: Code Validation Tools > Lint Security Level:? Internal * Replies denoted by a "*" >We are using 'the' Lint (Gimpel Software, >version h) which we have to frig because it doesnt directly "support" our IAR >compiler (not a big problem). We also find that it generates a lot of I'd look at using IAR dongleware as a problem, though <G> * Not much choice available for our micro...... I just downloaded LC-Lint from http://lclint.cs.virginia.edu/win32.html >tried one called PC-Lint, which seemed to give "good" (sorry, didnt have time to >perform a full evaluation against what we were using, hence the relative term) >results.....just depends what you prefer. Gimpel makes "PC-Lint" * It wasn't PC-Lint from Gimpel that I was trying out, then - I remember it being by someone else I also seem to remember the name had "PC" and "Lint" in it, I'm pretty sure about that. I'll have to try to find it again. >* Then you have a problem, which is a pity, as we find reviews extremely >effective. I know there are firms around that will review and audit code for They've worked wonders in the past for me, too. I may have to go to an audit >you, but I imagine they do it very formally.....depends what you want from >it/how much you want to pay Dan Content-type: application/octet-stream; name="pic01934.pcx" Content-Disposition: attachment; filename="pic01934.pcx" Attachment converted: creation:pic01934.pcx 1 (????/----) (00016697)