Source code auditing

In case of every programming language, there exists a variety of programming best practices which provide guidelines for writing good, fast, maintainable and secure code. FrontEndART SourceAudit products are capable of checking whether these best practices are being adhered to or not by developers. Besides these best practices, the tool can detect serious programming errors, which are either caused by unawareness or inadvertence of the developers. Checking coding rule violations by tools is basically an automation of manual code review, which is therefore a much cheaper, more precise and much faster alternative of it.

Common properties of the rule violation checks are the following:

  • Precisely located piece of code which violates a particular coding rule.
  • Elimination of the rule violations is usually easy and cheap.
  • Elimination of the rule violations quickly and significantly improves code quality.

There are many points in a development life cycle when checking the coding rules can be applied. But, there is a very simple rule that has to be emphasized: The cost of eliminating a coding rule violation (bug) increases by time. Checking code against the coding rules can take place at the following points of the life cycle:

  • Developer site - the code is checked before it is committed back to the CMS. This is the earliest point when rule violations can be detected and eliminated. The FrontEndART SourceAudit product family includes products that integrate into the Microsoft Visual Studio IDE and make it easy for the developers to check their code before they would commit it back to the central code base. As there are also command line versions of these products available, integration into other IDE-s is feasible and easy.

  • Central code review - the code is already part of the global code base, which is being checked against the rule violations. Usually, this kind of analysis is integrated into the nightly builds, but can also be executed on demand, if necessary.

Finding and fixing serious coding rule violations at any later time (testing phase, after release) is much more expensive. Consequently the code audit should take place before testing.

The detailed list and the descriptions of the coding rules can be downloaded on the right download bar of the page.



More than just coding rules

There are many other things beside the coding rules that can be detected and calculated during a static code analysis. The FrontEndART SourceAudit products also identify the following issues:

  • Bad code smells
    In computer programming, bad code smell is a symptom in the source code that possibly indicates a deeper problem, which can lead to a malfunctioning software.
    Read more >> || Description of bad smells (PDF)
  • Code duplications
    It is a common practice to reuse source code by simply copying and pasting its parts. Although this approach can reduce software development time, the price in the long-term must be paid in the form of increased maintainability costs. One of the primary concerns is that if the original code segment needs to be corrected, all the copied parts need to be checked and changed accordingly as well.
    Read more >> || Description of code duplications (PDF)
  • Metrics
    A software metric is a measure of some property of a piece of software or its specification. Tom DeMarco stated, “You can’t control what you can't measure.” Measuring metrics is the first step to get to know to a product’s quality.
    Read more >> || Source code metrics for C/C++(PDF), C#(PDF), Java(PDF)



Company specific programming styles

Most companies have their own programming style guidelines which should be followed by the developers. These guidelines serve to avoid common pitfalls, to help understand the code, etc. FrontEndART offers to implement company specific style guideline checkers as a service.