Avoid the Zone of Chaos: Economics of Quality and Productivity via Code Review Reducing software development risk and cost while improving speed, quality and maintainability by applying review at all levels Presented by: Joshua Gough Atlanta ALT.NET Meetup http://www.meetup/com/AtlAltDotNet 6/19/2012
49
Embed
Software Defect Prevention via Continuous Inspection
Research and guidance for educing software development risk and cost while improving speed, quality and maintainability by applying review at all levels.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Avoid the Zone of Chaos: Economics of Quality and
Productivity via Code ReviewReducing software development risk and cost while improving speed, quality and maintainability by applying review at all levels
Relationship between defect rate and development time. As a rule, the projects that achieve the lowest defect rates also achieve the shortest schedules. -- Capers Jones
Sweet Spot!
Cisco Case Study Data : Defect Counts
Formal Code Review
Hope This Guy Gets Lost in Elevator
Email Pass-Around Pre Check-In
Email Pass-Around Post Check-In
Email Pass-Around Code Review(Pray Uncle Bob Doesn't Get The Email, Unless You Crave Discipline!)
Over-The-Shoulder Walkthrough
Don't Be This Guy (Either of Them!)
Pair Programming● Agile software development technique wherein two
programmers work together at one workstation● One drives and writes codes while the other observes
(or navigates) and reviews each line of code● The two programmers switch roles frequently● While reviewing, the observer also considers the
strategic direction of the work in order to:○ Devise ideas for improvements and likely future
problems to address○ Free the driver to focus all of his or her attention on
the "tactical" aspects of completing the current task, using the observer as a safety net and guide
In Other Words...
But, What Does the Science Say?● Isolated studies of pair-programming reveal
results ranging all across the map
● Some meta-analyses also reveal wide-ranging results
● I suspect the answer to be "It depends", therefore proceed without dogma and use pragmatism
Example Study
Study Summary● 48% increase in correctness for complex systems
○ No significant time difference
● Simple systems had 20% time decrease○ No significant correctness difference
● Overall no general time reduction or correctness increase○ But an overall 84% effort increase
● Limitations: this was a one day experiment with 99 individuals and 98 pairs
How would working together longer affect results?
Tool-Assisted Code Review!
Demo: Visual Studio Code Analysis
Demo: NDepend Critical Warnings
11 Lessons from SmartBear Cisco Case Study
1. Review fewer than 200-400 lines of code at a time.
2. Aim for an inspection rate of less than 300-500 LOC/hour
3. Take enough time for a proper, slow review, but not more than 60-90 minutes
Key
4. Authors should annotate source code before the review
Additional Tactical Tips...● 5. Establish quantifiable goals for code
review and capture metrics so you can improve your processes
● 6. Checklists substantially improve results for both authors and reviewers
● 7. Verify that defects are actually fixed!
And Managerial Tips...● 8. Managers must foster a good code review
culture in which finding defects is viewed positively
● 9. Beware the “Big Brother” effect
● 10. The Ego Effect: Do at least some code review, even if you don't have time to review it all
11.Lightweight-style code reviews are efficient, practical, and effective at finding bugs
Many Thanks to SmartBear Software!(See CodeCollaborator Free Trial and Jason Cohen's Free Book)