Adopt a standard way of writing your firmware, and reject code that strays from the standard. The standard ensures that all firmware developed at your company meets minimum levels of readability and maintainability. Source code has two equally important functions: it must work, and it must clearly communicate how it works to a future programmer, or to the future version of yourself. A peril of instituting a firmware standard is the wildly diverse opinions people have about inconsequential things. Indentation is a classic example: developers will fight for months over quite minor issues.
The only important thing is to make a decision. Step 3 : Use Code Inspections There is a silver bullet that can drastically improve the rate at which you develop code while also reducing bugs. Formal Code Inspections are probably the most important tool you can use to get your code out faster with fewer bugs. The very best of inspection practices yield stunning results. Disciplined Development 17 One study showed that, as a rule of thumb, each defect identified during inspection saves around 9 hours of time downstream.
The Art of Designing Embedded Systems,Ganssle
There is no known better way tofind bugs than through Code lnspections! Skipping inspections is a sure sign of the amateur firmware jockey. The Inspection Team The best inspections come about from properly organized teams. Keep management offthe team. Experience indicates that when a manager is involved usually only the most superficial bugs are caught, since no one wishes to show the author to be the cause of major program defects.
Four formal roles exist: the Moderator, Reader, Recorder, and Author. The Moderator, always technically competent, leads the inspection process. He or she paces the meeting, coaches other team members, deals with scheduling a meeting place and disseminating materials before the meeting, and follows up on rework if any. The Reader takes the team through the code by paraphrasing its operation. Never let the Author take this role, since he may read what he meant instead of what was implemented.
A Recorder notes each error on a standard form. This frees the other team members to focus on thinking deeply about the code. As Code Inspections are never confrontational, the Author should never be in a position of defending the code. An additional role is that of Trainee. No one seems to have a clear idea how to create embedded developers.
One technique is to include new folks only one or two per team into the Code Inspection. Bear in mind that Bull HN found four-person inspection teams to be twice as efficient and twice as effective as three-person teams. A Code Inspection with three people perhaps using the Author as the Recorder surely beats none at all, but do try to fill each role separately. The Process Code Inspections are a process consisting of several steps; all are required for optimal results.
The steps, shown in Figure , are as follows: Planning-When the code compiles cleanly no errors or warning messages , and after it passes through Lint if used the Author submits listings to the Moderator, who forms an inspection team. The Moderator distributes listings to each team member, as well as other related documents such as design requirements and documentation. The bulk of the Planning process is done by the Moderator, who can use email to coordinate with team members.
An effective Moderator respects the time constraints of his or her colleagues and avoids interrupting them. Overview-This optional step is a meeting when the inspection team members are not familiar with the development project. Disciplined Development 19 vides enough background to team members to facilitate their understanding of the code. Preparation-Inspectors individually examine the code and related materials. They use a checklist to ensure that they check all potential problem areas. Each inspector marks up his or her copy of the code listing with suspected problem areas.
Inspection Meeting-The entire team meets to review the code. The Moderator runs the meeting tightly. The only subject for discussion is the code under review; any other subject is simply not appropriate and is not allowed. The person designated as Reader presents the code by paraphrasing the meaning of small sections of code in a context higher than that of the code itself. The Reader continuously decides how many lines of code to paraphrase, picking a number that allows reasonable extraction of meaning. He paraphrases every decision point, every branch, case, etc.
Avoid ad hoc nitpicking; follow the firmware standard to guide all stylistic issues. Reject code that does not conform to the letter of the standard. Log and classify defects as Major or Minor. A Major bug is one that could result in a problem visible to the customer. Minor bugs are those that include spelling errors, noncompliance with the firmware standards, and poor workmanship that does not lead to a major error.
Why the classification? Fill out two forms. The code itself is the only thing under review; the author may not be criticized. Then he seems like the good guy. At this meeting, make no attempt to rework the code or to come up with alternative approaches.
Just find errors and log them; let the Author deal with implementing solutions. The Moderator must keep the meeting fast-paced and efficient. Note that comment lines require as much review as code lines. Misspellings, lousy grammar, and poor communication of ideas are as deadly in comments as outright bugs in code. Firmware must work, and it must also communicate its meaning. The comments are a critical part of this and deserve as much attention as the code itself. If it varies significantly from the estimate, figure out why, so you can learn from your estimation process.
Limit inspection meetings to a maximum of two hours. At the conclusion of the review of each function decide whether the code should be accepted as is or sent back for rework.
Rework-The Author makes all suggested corrections, gets a clean compile and Lint if used and sends it back to the Moderator. Follow-up-The Moderator checks the reworked code. Once the Moderator is satisfied, the inspection is formally complete and the code may be tested.
- The art of designing embedded systems | Pic microcontroller, Systems engineering, Ebooks.
- The Art of Designing Embedded Systems eBook.
- Shop now and earn 2 points per $1.
- Control Engineering | Book Review: The Art of Designing Embedded Systems!
- Bestselling Series.
- The Art of Designing Embedded Systems by Jack Ganssle | | Booktopia.
Other Points One hidden benefit of Code Inspections is their intrinsic advertising value. We talk about software reuse, while all too often failing spectacularly at it.
Reuse is certainly tough, requiring lots of discipline. When four people inspect code, four people have some level of buy-in to that software, and all four will generally realize the function exists. The literature is full of the pros and cons of inspecting code before you get a clean compile. My feeling is that the compiler is nothing more than a tool, one that very cheaply and quickly picks up the stupid, silly errors we all make.
Compile first and use a Lint tool to find other problems.
The Art of Designing Embedded Systems,Ganssle : Ganssle :
Let the tools-not expensive people-pick up the simple mistakes. I also helieve that the only good compile is a clean compile. No error messages. No warning messages. Warnings are deadly when some other Disciplined Development 2 1 programmer, maybe years from now, tries to change a line. Do the inspection post-compile but pre-test.
Sorry, but testing first negates most of the benefits. First, inspection is the cheapest way to find bugs; the entire point of it is to avoid testing. Second, all too often a pre-tested module never gets inspected. Inspections work best when done quickly-but not too fast. Figure graphs percentage of bugs found in the inspection versus number of lines inspected per hour as found in a number of studies. Code Inspections cannot succeed without a defined firmware standard. The two go hand in hand.
Book Review: The Art of Designing Embedded Systems
We do inspections because they have a significant net negative cost. The inspection includes four people: the Moderator, Reader, Recorder, and Author. Read this slender volume, then read it again, and then get your boss to read it. For a decade the authors conducted coding wars at a number of different companies, pitting teams against each other on a standard set of software problems.
- The Art of Designing Embedded Systems?
- The Art of Designing Embedded Systems (EDN Series for Design Engineers);
- Interstice and Boundary.
The results showed that, using any measure of performance speed, defects, etc. Even experience mattered little, as long as the programmers had been working for at least 6 months. Switch statement without a default case if only a subse of the possible conditions used? Minor bugs are those that include spelling errors, non-compliance with the firmware standards, and poor workmanship that does not lead to a major error. Needless interruptions yielded poor performance. Their study suggests that quiet time saves vast amounts of money. Think about this. The winners-those performing almost three times as well as the losers, had the following environmental factors: Disciplined Development 25 1st quartile 4th quartile Dedicated workspace 78 sq ft 46 sq ft Is it quiet?
Can you divert your calls? Frequent interruptions?