I am using the following code to create risk scores for patients:

https://qrisk.org/three/src.php

The second to last variable listed after static is int surv
I do not know what this relates to. I have all the other variables.

Does anyone have any ideas? I do not usually use C++ but will instead be running this in stata.

Thanks

It is an index into the survivor array that is being created. The index is passed into the function as an argument.

You didn't give us any information about how these functions are called, so I am not able to speculate as to how the index is determined by the calling party.

These functions are static, so they are only accessible from other functions within the same file. Are there other functions within this file?

Thank you. Unfortunately that link is all the information I have to go on.

Well here are all 21 QRISK3 risk factors:

age, ethnicity, deprivation, systolic blood pressure, body-mass index, total-to-HDL cholesterol ratio, smoking, coronary heart disease in a first-degree relative younger than 60, presence of type 1 or type 2 diabetes, treated hypertension, rheumatoid arthritis, atrial fibrillation, and stage 4 or 5 chronic kidney disease) stage 3 chronic kidney disease, systolic blood pressure variability, migraine, corticosteroid use, systemic lupus, atypical antipsychotic use, severe mental illness, and erectile dysfunction.

Here are all the input parameters:

int age,int b_AF,int b_atypicalantipsy,int b_corticosteroids,int b_migraine,int b_ra,int b_renal,int b_semi,int b_sle,int b_treatedhyp,int b_type1,int b_type2,double bmi,int ethrisk,int fh_cvd,double rati,double sbp,double sbps5,int smoke_cat,int surv,double town

Once you eliminate all the parameters and risk factors that you can match up, what are you left with?

Ah, here's something. The files here:

https://svn.clinrisk.co.uk/opensource/qrisk2/c/

suggest in input validation functions that surv MUST be 10. I see that survivor[10] is the only non-zero value in the array.

And nothing else ever touches the array survivor.

So it looks like surv and the array survivor are just really bad code.

Like, atrociously bad. Comically bad. If this is all there is to it, this is some awful code.

Ha! Check the disclaimer! ...

However, the nature of the GNU Lesser General Public License is such that we cannot prevent, for example, someone accidentally altering the coefficients, getting the inputs wrong, or just poor programming.

Thank you that is helpful. When they are matched up I am just left with int surv. That is good to know surv must be 10 however that is for QRISK2 does it mean that its the same for QRISK3?

The code is identical in that respect.

Like, atrociously bad. Comically bad. If this is all there is to it, this is some awful code.

That's an understatement. A random number generator to set the risk would be more reliable. Don't go near any hospital using this rubbish.

Thank you for your help!

Oh wow! This is used throughout the NHS and is recommended by NICE guidelines: https://www.nice.org.uk/guidance/qs100/chapter/Quality-statement-1-Full-formal-risk-assessment-using-QRISK2

The actual calculation seems fine. They take a bunch of input values, apply multiplying factors, and add them together to get a final risk score of some sort.

The concerns I have involve the coding style and some weird features in it.

This array:


This array gets used once, to fetch the value 0.988876402378082 from it. This is why surv must be 10; to get this value, survivor[10].

So why bother making the user pass the surv value? Why bother having this array at all? It's purely an opportunity for something to go wrong. Removing this array and removing surv and just using the value 0.988876402378082 would be safer.

That said, look at all the numerical values in there. With no source given, no attribution. How can I check those values are correct? I can't. I appreciate that these values are probably arrived at empirically, but somewhere there is a document presenting these values that the original coder of this used as a source; I'd really expect to see some kind of reference to that document. Otherwise, how can anyone know these numbers are the right numbers?

This code may well be correct and may well return the right values; it's just that there's enough odd about it that an experienced software engineer's spidey-sense will tingle, so to speak. Enough bad signs that if this were presented for code review, I'd not just send it back - I'd want to see significant improvements made. Especially since this code is deliberately intended to be passed around and used by other people.

It's interesting to run their QRisk3 online form.

I did a couple of rough checks and something is intuitively wrong with it. If you run some cases where the form is showing no risk factors have been entered, it seems the 10 year heart is sometimes older than the current heart.

In short, it appears nobody in these cases can 'win'.

The 10 year heart label is almost unintelligible anyway but if this 'software' is really saying your heart is older than it is, then we have another reason for running for our life from anyone using it to diagnose, advise, operate or prescribe.

14 figure number precision is another dead giveaway that something is drastically wrong.