The IfSQ Standards
IfSQ Level-3: Industry Best Practice
The IfSQ Level-3 Standard will collate an extensive and up-to-date set of defect indicators, including those from Level-1 and Level-2. These indicators will be encapsulated in a comprehensive check-list for code walkthroughs, used to perform an in-depth analysis of program source code.
Because the Level-3 Standard will represent current industry best practice, it will be updated regularly in order that it reflects any new research. Level-3 will therefore be made available on a subscription basis.
Compared to the first two levels, IfSQ Level-3 will be significantly more expensive and time-consuming to apply, since it requires a substantially higher degree of programming expertise, and also because it requires two people to perform the assessment, due to the extent of the checklist.
Work In Progress
- WIP-1—Vague "To Do": A programmer has left a note to himself or his colleague indicating that a piece of work needs to be done. However it is clear that the work has not been carried out, and there is no indication as to when the work needs to be done.
- WIP-2—Disabled Code: Code has been written and the programmer has disabled it, or switched it off, without making it clear why it has been disabled, or when or whether it will be reenabled.
- WIP-3—Empty Statement Block: The programmer has left a statement block or placeholder empty. When a programmer designs a program top-down he will often first outline the structure of the program in the form of statement blocks and fill in the content of each block in the course of his work. An empty statement block therefore indicates that there may be missing logic and that some extra code may be required.
- SP-1—Routine Too Long: Routines longer than 150 lines (excluding comments and blank lines) have been shown to be less stable, more subject to change, and more expensive to fix than shorter routines.
- SP-2—Nesting Too Deep: Studies have shown that few people can understand nesting of conditional statements to more than 3 levels.
- SP-3—Routine Too Complex: Control-flow complexity has been correlated with low reliabilty and frequent errors.
- SP-4—Module Not Cohesive: Routines which are cohesive are typically easier to modify, easier to fix and contain less errors than routines wth diverse tasks.
- SP-5—Poor Choice of Name: A name used in a program too short, too long, too cryptic, too similar to another name or inconsistent with other names
Single Point of Maintenance
- SPM-1—Magic Numbers: Numeric literals (other than 0 or 1) have been hard-coded into the program.
- SPM-2—Magic Strings: A string literal has been hard-coded into a statement that influences the flow of a program.
- SPM-3—Copy/Paste Programming: An identical or largely similar section of code appears in two or more places in a program or set of programs. Copy and Paste is considered by many industry experts to be a design error.
- DP-1—Parameter Not Checked: A parameter received by a program is used without first checking if its contents are present and within the expected range.
- DP-2—Status Ignored After Call: Error status codes or exceptions from the run-time environment are suppressed or ignored, masking internal processing errors.
- DP-3—Unexpected State Not Trapped: Part of a program that uses a value to switch between different branches does not trap unexpected cases.
- DP-4—Unused Variables: There are unreferenced variables in the code. Unreferenced variables are a strong indicator for other errors.
- DP-5—Information Exposed: Information internal to a module has been made available to other modules. The practice of information hiding makes it much easier to modify large programs.
- Causes for Concern
Please note that the Level-3 Standard is not yet complete.
More categories and defect indicators may be added before it is published.