复审代码为C语言代码,过程式的实现了需求。
代码文件为共计620行的单文件,代码中使用多个函数封装了执行过程中的多种操作。
代码中也存在问题:
1.作为一个工程化项目,单文件的方式有欠考虑。
2.代码中的部分变量名,如son和mo,不便于理解。
3.没有模测试,仅能通过结果测试程序是否正确。
4.没有注释。
复审结果如下:(其中N/A代表无效项)
| General | ||
| Does the code work? Does it perform its intended function, the logic is correct etc. | Y | |
| Is all the code easily understood? | Y | |
| Does it conform to your agreed coding conventions? | N/A | |
| Is there any redundant or duplicate code? | N | |
| Is the code as modular as possible? | Y | |
| Can any global variables be replaced? | Y | |
| Is there any commented out code? | N | |
| Do loops have a set length and correct termination conditions? | N | |
| Can any of the code be replaced with library functions? | N | |
| Can any logging or debugging code be removed? | N | |
| Security | ||
| Are all data inputs checked (for the correct type, length, format, and range) and encoded? | N | |
| Where third-party utilities are used, are returning errors being caught? | N/A | |
| Are output values checked and encoded? | Y | |
| Are invalid parameter values handled? | N | |
| Documentation | ||
| Do comments exist and describe the intent of the code? | N | |
| Are all functions commented? | N | |
| Is any unusual behavior or edge-case handling described? | N | |
| Is the use and function of third-party libraries documented? | N/A | |
| Are data structures and units of measurement explained? | N/A | |
| Is there any incomplete code? If so, should it be removed or flagged with a suitable marker like ‘TODO’? | N | |
| Testing | ||
| Is the code testable? i.e. don’t add too many or hide dependencies, unable to initialize objects, test frameworks can use methods etc. | Y | |
| Do tests exist and are they comprehensive? i.e. has at least your agreed on code coverage. | N | |
| Do unit tests actually test that the code is performing the intended functionality? | N | |
| Are arrays checked for ‘out-of-bound’ errors? | N | |
| Could any test code be replaced with the use of an existing API? | N | |
细化分析:
概要:
代码可以正常工作,在正确的输入下可以得到预期的结果。但是由于没有进行错误处理,导致输入错误值(如n<0)程序崩溃。
代码可读性较好,函数名、变量名基本能体现所代表含义。但是变量名使用依然不是非常清晰,如全局变量可以考虑使用使用g_作为开头。又如,代码中的分子和分母取名为son和mo,可以考虑使用numerator和denominator。缩进、括号位置、Tab/空格均保持一致。
代码精炼,没有多余的内容。主要功能均使用函数进行封装,莫花花结构较好。
代码中使用大量的全局变量,大数组作为全局变量会占用很多不需要的空间,这种实现方式效果不好。建议使用局部数组+指针进行传参。
安全:
所有输入未进行检查,输入非法参数或非法文件会导致程序崩溃。
程序仅在正确输入情况下得到正确的结果。
文档:
单文件c代码紧凑,未出现任何文档类注释。
测试:
程序中不存在测试用代码。测试时手动构造测试。
经测试,合法情况的传参可以得到正确的结果,非法传参结果不正确或崩溃。
由于作者使用过程式编程,很容易就可以遍历所有分支。