Verifying a Cleanroom procedure

In order to get the full benefits of Cleanroom technology, all code should be subject to verification by group review, preferably by a group of three or four peers trained in the methodology.

Unlike walkthroughs, the check-off requirement for cleanroom code is more stringent:

Unless every member of the review panel agrees that the intended functions of the primes correctly implement the whole, and that each prime's code correctly implements its intended function, the procedure is sent back for rework.

Trivial fixes may be done during review, but if the panel finds any problems that cannot be fixed on the spot, it is the author's responsibility to rework the procedure offline and present it for another review attempt later.

The next section discusses how the proof rules work for the different control structures.

John W. Shipman,
Last updated: 1996/03/09 22:37:20