Menu
▾
▴
[Firebird-test] WBT: Code Audit
|
From: Pavel C. <pc...@us...> - 2002-07-03 11:02:24
|
Hi all, Code audit is just a form of Peer Review. But while peer review as described in separate message address only code changes and small parts of codebase that's being work on, Code audit extends the peer review to the whole codebase. Pro's and Con's: This technique is not used regularly (except for critical systems) because is very expensive in terms of human labour and required knowledge. But we're in unusual situation, because we inherited aprox. 35MB of source code, where most of it was not touched by Firebird developers. There are large portions of code that only few (if anyone at all) knows in detail, and this knowledge is mostly a by-product of learning, so these developers read it to just decipher what's it supposed to do, not to check it's correctness. Of course, some bugs were found that way (like famous politically correct security hole), but it's mostly an exception. So, with Code audit we can: 1) Learn more about engine internals, and DOCUMENT IT !!! The famous secret "Interbase internals" document is a little bit outdated and not complete. It's a nice opportunity to finish it. 2) We may find some bugs 3) Identify potential flaws in design (at least optimizer come to mind here) Implementation: Every source file in _Firebird2_ module (29MB) would be reviewed. It would be nice if these files would be also _documented_. That mean both, in-line comments and separate FB internals document, where major data structures and subsystems would be documented, including their mutual relations. Current status: This technique was not used (at all AFAIK), except as a by-product of learning. Questions for you: 1) Do you think that we should do Code review as is explained here ? 2) If yes, what should be the primary purpose: code correctness or documentation ? 3) What do you think / recommend re. Code audit ? Your comments would be greatly appreciated. Best regards Pavel Cisar http://www.ibphoenix.com For all your upto date Firebird and InterBase information |
