SCRUB is a code review tool that supports both large, team-based software development efforts (e.g., for mission software) as well as individual tasks. The tool was developed at JPL to support a new, streamlined code review process that combines human-generated review reports with program-generated review reports from a customizable range of state-of-the-art source code analyzers. The leading commercial tools include Codesonar, Coverity, and Klocwork, each of which can achieve a reasonably low rate of false-positives in the warnings that they generate. The time required to analyze code with these tools can vary greatly. In each case, however, the tools produce results that would be difficult to realize with human code inspections alone. There is little overlap in the results produced by the different analyzers, and each analyzer used generally increases the effectiveness of the overall effort. The SCRUB tool allows all reports to be accessed through a single, uniform interface (see figure) that facilitates browsing code and reports. Improvements over existing software include significant simplification, and leveraging of a range of commercial, static source code analyzers in a single, uniform framework.

SCRUB User Interface is shown when it is opened in local mode.
The tool runs as a small stand-alone application, avoiding the security problems related to tools based on Web-browsers. A developer or reviewer, for instance, must have already obtained access rights to a code base before that code can be browsed and reviewed with the SCRUB tool. The tool cannot open any files or folders to which the user does not already have access. This means that the tool does not need to enforce or administer any additional security policies. The analysis results presented through the SCRUB tool’s user interface are always computed off-line, given that, especially for larger projects, this computation can take longer than appropriate for interactive tool use.

The recommended code review process that is supported by the SCRUB tool consists of three phases: Code Review, Developer Response, and Closeout Resolution. In the Code Review phase, all tool-based analysis reports are generated, and specific comments from expert code reviewers are entered into the SCRUB tool. In the second phase, Developer Response, the developer is asked to respond to each comment and tool-report that was produced, either agreeing or disagreeing to provide a fix that addresses the issue that was raised. In the third phase, Closeout Resolution, all disagreements are discussed in a meeting of all parties involved, and a resolution is made for all disagreements. The first two phases generally take one week each, and the third phase is concluded in a single closeout meeting.

This work was done by Gerard J. Holzmann of Caltech for NASA’s Jet Propulsion Laboratory. For more information, download the Technical Support Package (free white paper) at www.techbriefs.com/tsp under the Software category.

This software is available for commercial licensing. Please contact Daniel Broderick of the California Institute of Technology at This email address is being protected from spambots. You need JavaScript enabled to view it.. Refer to NPO-46817.

Topics:
Computer software and hardware Data management Data management Software Technical review Technical review Tools and equipment
This Brief includes a Technical Support Package (TSP).
Document cover
Support for Systematic Code Reviews With the SCRUB Tool

(reference NPO-46817) is currently available for download from the TSP library.

Don't have an account?

Magazine cover
Software Tech Briefs Magazine

This article first appeared in the September, 2010 issue of Software Tech Briefs Magazine (Vol. 34 No. 9).

Read more articles from this issue here.

Read more articles from the archives here.

Overview

The document outlines the SCRUB tool, a code review tool developed at the Jet Propulsion Laboratory (JPL) to enhance the software development process, particularly for large team-based projects. SCRUB aims to streamline the code review process by combining human-generated review reports with program-generated reports from various analysis tools, all accessible through a single interface.

The code review process is crucial in software development, ensuring that code is understandable, well-structured, and free from design flaws and coding defects. Traditional code review methods can be time-consuming and expensive, especially for large projects. For instance, reviewing one million lines of code could take years if done through line-by-line reviews by a small team. To address these challenges, SCRUB leverages tool-based analyses to efficiently identify coding rule violations and common errors, allowing for a more effective review process.

The SCRUB review process consists of three main phases: Code Review, Developer Response, and Closeout Resolution. In the Code Review phase, tool-based analysis reports are generated, and comments from expert reviewers are collected. The Developer Response phase involves the developer addressing each comment and report, either agreeing to make changes or providing justifications for not doing so. Finally, the Closeout Resolution phase includes a meeting to discuss any disagreements and reach a resolution.

The document highlights the effectiveness of the SCRUB process, noting that in a case study involving the Mars Science Laboratory (MSL) mission source code, approximately 75% of the reports led to modifications of the source code. This indicates that the SCRUB tool not only facilitates thorough reviews but also encourages improvements in code quality.

Additionally, the document provides specific instructions on using the SCRUB tool, including a checklist for code reviews and a summary of the prevailing coding standards, particularly the JPL coding standard for flight software written in C. The tool's design allows for both individual and collaborative use, making it adaptable to various project sizes and team structures.

In summary, the SCRUB tool represents a significant advancement in the code review process, combining human expertise with automated analysis to improve software quality and efficiency in aerospace-related projects.