Using Imagix 4D for Code Reviews

Code reviews are a part of the development process essential for creating reliable, performing, and secure software applications. The approach primarily used is relatively simple: one or several peers of the original developer are asked to go through the code, understand its logic, and check for inconsistencies, missing logic, or other discrepancies from project requirements and guidelines. The reviewers then note their findings and forward them to the developer for remediation.

By combining precise information about the symbols, dependencies and logic of the source code together with automated analysis capabilities and a user interface that speeds understanding and supports systematic review, Imagix 4D enables code reviews to be more efficient and thorough.

Understanding the Code

A major part of the overall effort of code reviews is for the reviewers to understand the code produced by another developer. Typically, they know the general business and requirements fairly well, have experience in code development, and are well versed in the specific business or project level guidelines. Hence, the reviewers' first challenge is to quickly get an overview of the code and a more detailed understanding of the areas of focus.

Imagix 4D provides superior support for this though its graphical exploration tools. These start at the overview level with architecture diagrams. From there, users can drill down into class and function diagrams to examine areas of specific interest, and successively move all the way down to control flow diagrams and hyper-linked source code. Complementing this drill down functionality are smart one step analysis queries that address questions common in investigating source code.

Code Guideline Checks

Code reviewers often are asked to look for source level indicators of inconsistencies or missing logic. These include such items as code omitted via conditional compilation, missing cases or unterminated cases in switch statements, and assignments mistakenly used instead of comparisons. In addition, some project guidelines might be based on software metrics, such as maximum allowable function complexities, class coupling and comment density.

Included in the information generated by Imagix 4D are source checks and extensive software metrics. These are presented in displays tied into the hyper-linked source code and graphical views, making the code guideline step an integral part of the reviewing the software in Imagix 4D. For the requirements that require human inspection (e.g. is omitted code properly commented), Imagix 4D's interface lets the user iterate through all locations where this occurs.

Global Code Consistency Checks

As much as feasible, reviewers audit global variables and functions to ensure they are used consistently. This is particularly emphasized after changes, in order to verify that the developer has considered the impact of the change on all previous uses of the modified variable or function declaration. Often, added scrutiny is also given to recursive functions and to the special issues that they can cause in certain systems.

Through single Imagix 4D commands, users can check cross references of the changed functions or variables; all uses can be inspected in one condensed view. The hyper-linked presentation of these displays allows users to then examine the individual context and verify proper adjustment of use. Additionally, for variables, the calculation tree view analysis can be used to view all data flowing into assignments and to verify consistency.

Supplementing these semi-automated inspections, Imagix 4D provides a series of variable and function flow reports. These apply global data flow analysis across the full software system to identify such issues as unassigned variables that are read, or variable assignments that are never subsequently used. Often, these are indicators of further inconsistencies.

Multi-tasking System Reviews

Multi-tasking systems require special care because understanding the interaction of tasks is very complex for reviewers just becoming familiar with the code.

Imagix 4D provides facilities to define tasks and the synchronization primitives. These definitions then enable a data flow-based multi-tasking analysis of the system. The resulting reports point out shared variable use, thread-safeness of variable access, inconsistencies in synchronization calls, and data feedback loop concerns. As with all Imagix 4D displays, the reports contain links that serve as launching points for further drill down.

Coverage and Performance

If test coverage or performance analysis data is available for the system, it can help guide reviewers to areas of concern. Typically, the challenge for reviewers is to interpret the data in the context of unknown code.

Imagix 4D can import and display coverage data and performance data within the perspective of its graphical views, providing reviewers a single tool to investigate the design and code for possible issues.

Providing Findings to Developers

Each time the reviewers find a potential concern, they need to communicate to the developer which source artifacts are related to the issue. While this might be simple for single source lines, the more significant findings can often involve dependency chains and/or multiple design level views.

With Imagix 4D, reviewers are able to use shared Imagix 4D projects, saved architectures and bookmarks to describe the areas of concern and to provide the developer with unambiguous references for remediation. Where the review process calls for individual reports, Imagix 4D's document generation provides a mechanism to easily encapsulate and package the relevant info.

Code review