software defect prevention via continuous inspection
DESCRIPTION
Research and guidance for educing software development risk and cost while improving speed, quality and maintainability by applying review at all levels.TRANSCRIPT
![Page 1: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/1.jpg)
Avoid the Zone of Chaos: Economics of Quality and
Productivity via Code ReviewReducing software development risk and cost while improving speed, quality and maintainability by applying review at all levels
Presented by: Joshua GoughAtlanta ALT.NET Meetuphttp://www.meetup/com/AtlAltDotNet6/19/2012
![Page 2: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/2.jpg)
● Avoiding the Ultimate Risk● Software Development Processes● Risks associated with poor code-review
and lack of defect prevention● Automated .NET tools to support
"continuous inspection", code-review, and defect prevention
● Demo of static source-code analysis with Visual Studio and NDepend
Topic Outline
![Page 3: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/3.jpg)
● How to validate that you're building the product your customers or users want and need?
● What untested assumptions and risks can lurk in requirements and design docs?
● What kinds of reviews can happen before or in parallel with coding to test assumptions and mitigate risks?
Avoiding The Ultimate Risk
![Page 4: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/4.jpg)
Danger! Don't Go There!
Say What?
![Page 5: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/5.jpg)
Royce Strawman Waterfall Model
![Page 6: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/6.jpg)
Royce's Observations
![Page 7: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/7.jpg)
Final Royce Model (Shame on our industry for not reading his whole paper)
![Page 8: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/8.jpg)
Generic Iterative and Incremental Model
![Page 9: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/9.jpg)
Boehm Spiral Model
![Page 10: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/10.jpg)
Generic Agile
![Page 11: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/11.jpg)
Extreme Programming (XP) Feedback Loops
![Page 12: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/12.jpg)
Scrum Agile Process Framework
![Page 13: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/13.jpg)
Whirlpool Model(A "violent water metaphor" we can live with and enjoy)
![Page 14: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/14.jpg)
Scrum Agile Process Framework
![Page 15: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/15.jpg)
![Page 16: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/16.jpg)
Let's Review...
![Page 17: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/17.jpg)
Traditional: Known | Known
![Page 18: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/18.jpg)
Agile: Known | Unknown
![Page 19: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/19.jpg)
Lean Startup: Unknown| Unknown
![Page 20: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/20.jpg)
And Now: Code Review...
![Page 21: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/21.jpg)
● Formal code review: involves a careful and detailed process with multiple participants and multiple phases: Example: Fagan Inspection
● Over-the-shoulder : One developer looks over the author's shoulder as the latter walks through the code.
● Email pass-around – Source code management system emails code to reviewers automatically after checkin is made.
● Pair Programming – Two authors develop code together at the same workstation, such is common in Extreme Programming.
● Tool-assisted code review – Authors and reviewers use specialized tools designed for peer code review.
Types of Code Review
![Page 22: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/22.jpg)
Economic Reasons : Defect Cost Increase
![Page 23: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/23.jpg)
Productivity Reasons: Faster Schedule
Relationship between defect rate and development time. As a rule, the projects that achieve the lowest defect rates also achieve the shortest schedules. -- Capers Jones
Sweet Spot!
![Page 24: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/24.jpg)
Cisco Case Study Data : Defect Counts
![Page 25: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/25.jpg)
Formal Code Review
![Page 26: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/26.jpg)
Hope This Guy Gets Lost in Elevator
![Page 27: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/27.jpg)
Email Pass-Around Pre Check-In
![Page 28: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/28.jpg)
Email Pass-Around Post Check-In
![Page 29: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/29.jpg)
Email Pass-Around Code Review(Pray Uncle Bob Doesn't Get The Email, Unless You Crave Discipline!)
![Page 30: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/30.jpg)
Over-The-Shoulder Walkthrough
![Page 31: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/31.jpg)
Don't Be This Guy (Either of Them!)
![Page 32: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/32.jpg)
Pair Programming● Agile software development technique wherein two
programmers work together at one workstation● One drives and writes codes while the other observes
(or navigates) and reviews each line of code● The two programmers switch roles frequently● While reviewing, the observer also considers the
strategic direction of the work in order to:○ Devise ideas for improvements and likely future
problems to address○ Free the driver to focus all of his or her attention on
the "tactical" aspects of completing the current task, using the observer as a safety net and guide
![Page 33: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/33.jpg)
In Other Words...
![Page 34: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/34.jpg)
But, What Does the Science Say?● Isolated studies of pair-programming reveal
results ranging all across the map
● Some meta-analyses also reveal wide-ranging results
● I suspect the answer to be "It depends", therefore proceed without dogma and use pragmatism
![Page 35: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/35.jpg)
Example Study
![Page 36: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/36.jpg)
Study Summary● 48% increase in correctness for complex systems
○ No significant time difference
● Simple systems had 20% time decrease○ No significant correctness difference
● Overall no general time reduction or correctness increase○ But an overall 84% effort increase
● Limitations: this was a one day experiment with 99 individuals and 98 pairs
How would working together longer affect results?
![Page 37: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/37.jpg)
Tool-Assisted Code Review!
![Page 38: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/38.jpg)
Demo: Visual Studio Code Analysis
![Page 39: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/39.jpg)
Demo: NDepend Critical Warnings
![Page 40: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/40.jpg)
11 Lessons from SmartBear Cisco Case Study
![Page 41: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/41.jpg)
1. Review fewer than 200-400 lines of code at a time.
![Page 42: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/42.jpg)
2. Aim for an inspection rate of less than 300-500 LOC/hour
![Page 43: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/43.jpg)
3. Take enough time for a proper, slow review, but not more than 60-90 minutes
Key
![Page 44: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/44.jpg)
4. Authors should annotate source code before the review
![Page 45: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/45.jpg)
Additional Tactical Tips...● 5. Establish quantifiable goals for code
review and capture metrics so you can improve your processes
● 6. Checklists substantially improve results for both authors and reviewers
● 7. Verify that defects are actually fixed!
![Page 46: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/46.jpg)
And Managerial Tips...● 8. Managers must foster a good code review
culture in which finding defects is viewed positively
● 9. Beware the “Big Brother” effect
● 10. The Ego Effect: Do at least some code review, even if you don't have time to review it all
![Page 47: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/47.jpg)
11.Lightweight-style code reviews are efficient, practical, and effective at finding bugs
![Page 48: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/48.jpg)
Many Thanks to SmartBear Software!(See CodeCollaborator Free Trial and Jason Cohen's Free Book)
F r e e !
![Page 49: Software Defect Prevention via Continuous Inspection](https://reader033.vdocuments.net/reader033/viewer/2022042714/5538d4ab550346f53d8b486f/html5/thumbnails/49.jpg)
Contact● Meetup: http://www.meetup.com/AtlAltDotNet● Email: [email protected]● Web: http://agilefromthegroundup.blogspot.com