Solved

Java Code Review Checklist for potential bugs

Posted on 2001-08-20
2
4,251 Views
Last Modified: 2009-06-25
Hi,
I am looking for a good checklist for potential bugs in Java Code. Points you would check in a code review.

Thanks,
rjocham
0
Comment
Question by:rjocham
2 Comments
 
LVL 4

Accepted Solution

by:
mberumen earned 100 total points
ID: 6407944
rjocham,  

Ideally your code would reflect your class diagram and use case scenarios as well as your coding conventions, standards etc.     If you designed properly it should be fairly simple to verify code vs design.     There are however several things you should check...
B.2.3.Source Code Review

The following checklist contains the kinds of questions a reviewer during development may ask at the source code review based on [SOFTENG], [ANS104], and
[EWICS2].

Completeness

     Is the code a complete and precise implementation of the design as documented in the SDD?
     Was the code integrated and debugged to satisfy the design specified in the SDD?
     Does the code create the required databases, including the appropriate initial data?
     Are there any unreferenced or undefined variables, constants, or data types?

Consistency

     Is the code logically consistent with the SDD?
     Are the same format, invocation convention, and structure used throughout?

Correctness

     Does the code conform to specified standards?
     Are all variables properly specified and used?
     Are all comments accurate?
     Are all programs invoked with the correct number of parameters?

Modifiability

     Does the code refer to constants symbolically to facilitate change?
     Are cross-references or data dictionaries included to show variable and constant access by the program?
     Does code consist of programs with only one entry point and one exit point? (exception is with fatal error handling)
     Does code reference labels or other symbolic constants rather than addresses?

Predictability

     Is the code written in a language with well-defined syntax and semantics:
     Was the use of self-modifying code avoided?
     Does the code avoid relying on defaults provided by the programming language?
     Is the code free of unintended infinite loops?
     Does the code avoid recursion?

Robustness

     Does the code protect against detectable runtime errors (e.g., range array index values, division by zero, out of range variable values, and stack overflow)?

Structuredness

     Is each function of the program recognizable as a block of code?
     Do loops only have one entrance?

Traceability

     Does the code identify each program uniquely?
     Is there a cross-reference framework through which the code can be easily and directly traced to the SDD?
     Does the code contain or reference a revision history of all code modifications and the reason for them?
     Have all safety and computer security functions been flagged?

Understandability

     Do the comment statements adequately describe each routine, using clear English language?
     Were ambiguous or unnecessarily complex coding used? If so, are they clearly commented?
     Were consistent formatting techniques (e.g., indentation, use of white space) used to enhance clarity?
     Was a mnemonic naming convention used? Does the naming reflect the type of variable?
     Is the valid range of each variable defined?
     Does the code use mathematical equations which correspond to the mathematical models described/derived in the SDD?

Verifiability

     Are implementation practices and techniques that are difficult to test avoided?

For additional information check these web sites
http://hissa.ncsl.nist.gov/publications/nistir4909/#source_code_review
http://www.homeport.org/~adam/review.html#overview
0
 
LVL 2

Expert Comment

by:rajeshprasath
ID: 24708937
Hi
I found one Code Review Checklist Article which looks like very useful. Please check http://technotes.towardsjob.com/java/code-review-checklist-for-java for the code review checklist for java
Raju
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now