Is the code a complete and precise implementation of the design as documented in the Software Design Description (SDD)?
Was the code integrated and debugged to satisfy the design specified in the SDD?
Does the code create the required databases, including the appropriate initial data?
Are there any unreferenced or undefined variables, constants, or data types?
Is the code logically consistent with the SDD?
Are the same format, invocation convention, and structure used throughout?
Does the code conform to specified standards?
Are all variables properly specified and used?
Are all comments accurate?
Are all programs invoked with the correct number of parameters?
Does the code refer to constants symbolically to facilitate change?
Are cross-references or data dictionaries included to show variable and constant access by the program?
Does code consist of programs with only one entry point and one exit point? (exception is with fatal error handling)
Does code reference labels or other symbolic constants rather than addresses?
Is the code written in a language with well-defined syntax and semantics:
Was the use of self-modifying code avoided?
Does the code avoid relying on defaults provided by the programming language?
Is the code free of unintended infinite loops?
Does the code avoid recursion?
Does the code protect against detectable runtime errors (e.g., range array index values, division by zero, out of range variable values, and stack overflow)?
Is each function of the program recognizable as a block of code?
Do loops only have one entrance?
Does the code identify each program uniquely?
Is there a cross-reference framework through which the code can be easily and directly traced to the SDD?
Does the code contain or reference a revision history of all code modifications and the reason for them?
Have all safety and computer security functions been flagged?
Understandability
Do the comment statements adequately describe each routine, using clear English language?
Were ambiguous or unnecessarily complex coding used? If so, are they clearly commented?
Were consistent formatting techniques (e.g., indentation, use of white space) used to enhance clarity?
Was a mnemonic naming convention used? Does the naming reflect the type of variable?
Is the valid range of each variable defined?
Does the code use mathematical equations which correspond to the mathematical models described/derived in the SDD?
Verifiability
Are implementation practices and techniques that are difficult to test avoided?
From NISTIR 4909 - Software Quality Assurance: Documentation and Reviews
IT Education | Career | Online & Offline Training | Certification | PM/SW Engineering | SDLC BookShelf | Webmastering | eCommerce IT Security | Orgs & Associations | For Consultants | For Women | Volunteer/Donate | Wares | Site Map©1998-2006 IT TechnoSphere.Net - Education, Training and Learning Resources for IT Professional