Code review is part of QA (quality assurance) practices in software development. It can be alternated with active development phases, also in the context of agile methodologies.
The inspection of source code for revision purposes requires that at least one of the subjects involved is not the author of the code itself. At the same time, the auditor must have the skills necessary for a critical evaluation of the sources.
The objectives of the analysis
The scope of code revision goes beyond testing or debugging. Usually, it focuses on other aspects, such as the formal correctness of algorithms and the evaluation of optimization strategies.
However, the review may also involve issues related to asynchronous programming and security.
In a multi-threaded context it is possible to perform tasks in background, keeping the user interface responsive. Multi-threading grants users the full control of the application at all times and, in general, an increment in performance.
Furthermore, asynchronous programming is a fundamental requirement for distributed applications. However, it requires additional care for the management of the state of the application in order to avoid deadlock issues, race conditions and loss of consistency.
It's almost impossible to detect these problems just on the basis of static analysis because, in most cases, they are due to timing issues. Tush they only emerge at run-time.
Our experience in programming applications with a high level of parallelism allows us to detect synchronization issues through dynamic analysis of the application, thanks to the use of appropriate debugging and monitoring tools.
Security is a fundamental requirement for the management of both resources and privileges associated with an application and its users. An application with vulnerabilities can expose users to security hazards, jeopardizing the integrity or confidentiality of their data.
We are experts in the implementation of authentication and encryption schemes for web applications and in the analysis and implementation of anti-tampering solutions for standalone applications for desktop environments and server-side middleware.
As designers and developers we acquired specific skills in the use of various programming languages. We also have a thorough understanding of the semantic rules and idioms of many high-level languages.
The languages in which we are particularly fluent are:
Design patterns, frameworks and libraries
Sometimes, code review implies an architectural analysis of the application in its entirety, including the additional modules it relies on. Our expertise includes the use of various frameworks and libraries, as well as the in-depth knowledge of the design patterns on which they are based:
- Application framework: Qt / C ++ and QML, Microsoft .NET, Node.js, Angular
- Web back-end: Node.js, Express, Laravel
- 3D: OpenGL, DirectX
- Geospatial: GDAL/OGR, proj4, PostGIS