Software Inspection Techniques PDF
Document Details
Uploaded by Deleted User
Eulogio "Amang" Rodriguez Institute of Science and Technology
Tags
Summary
This document details different software inspection techniques, including peer reviews, code reviews, and inspections. It describes the steps involved in each technique and their advantages. The document is likely a learning resource for students studying software engineering or a similar field.
Full Transcript
GROUP GROUP## 6 MEMBERS: MEMBERS: CHARLES ANDREI DOMETITA KREIZHA KALAINE LAYUGAN CED MATRO JAN MATTHEW MANACOP SOFTWARE TITLE HERE INSPECTION TECHNIQUES SOFTWARE REVIEW In software engineering, the term software review is to review any work done by trained people, th...
GROUP GROUP## 6 MEMBERS: MEMBERS: CHARLES ANDREI DOMETITA KREIZHA KALAINE LAYUGAN CED MATRO JAN MATTHEW MANACOP SOFTWARE TITLE HERE INSPECTION TECHNIQUES SOFTWARE REVIEW In software engineering, the term software review is to review any work done by trained people, they inspect the software to find out the positive and negative aspects of a program. It is a complete process that results in carefully examining a software product in a meeting or at any event. Software review is an important part of SDLC that assists software engineers in validating the quality, functionality, and other vital features and components of the software. As mentioned above, it is a complete process that involves testing the software product and ensuring that it meets the requirements stated by the client. It is systematic examination of a document by one or more individuals, who work together to find & resolve errors and defects in the software during the early stages of Software Development Life Cycle (SDLC). Usually performed manually, software review is used to verify various documents like requirements, system designs, codes, "test plans", & "test cases". TYPES OF SOFTWARE REVIEWS: 1. Software Peer Review Peer review is the process of assessing the technical content and quality of the product and it is usually conducted by the author of the work product along with some other developers. Peer review is performed in order to examine or resolve the defects in the software, whose quality is also checked by other members of the team. TYPES OF SOFTWARE REVIEWS: Peer Review has following types: Code Review: Computer source code is examined in a systematic way. Pair Programming: It is a code review where two developers develop code together at the same platform. Walkthrough: Members of the development team is guided by author and other interested parties and the participants ask questions and make comments about defects. TYPES OF SOFTWARE REVIEWS: Technical Review: A team of highly qualified individuals examines the software product for its client’s use and identifies technical defects from specifications and standards. Inspection: In inspection the reviewers follow a well-defined process to find defects. TYPES OF SOFTWARE REVIEWS: 2. Software Management Review Software Management Review evaluates the work status. In this section decisions regarding downstream activities are taken. 3. Software Audit Review Software Audit Review is a type of external review in which one or more critics, who are not a part of the development team, organize an independent inspection of the software product and its processes to assess their compliance with stated specifications and standards. This is done by managerial level people. TYPES OF SOFTWARE REVIEWS: Advantages of Software Review: Defects can be identified earlier stage of development (especially in formal review). Earlier inspection also reduces the maintenance cost of software. It can be used to train technical authors. It can be used to remove process inadequacies that encourage defects. SOFTWARE INSPECTION The term software inspection was developed by IBM in the early 1970s, when it was noticed that the testing was not enough sufficient to attain high quality software for large applications. Inspection is used to determine the defects in the code and remove it efficiently. This prevents defects and enhances the quality of testing to remove defects. This software inspection method achieved the highest level for efficiently removing defects and improving software quality. SOFTWARE INSPECTION PROCESS The inspection process was developed in the mid- 1970s, later extended and revised. The process must have an entry criterion that determines whether the inspection process is ready to begin. this prevents incomplete products from entering the inspection process. Entry criteria can be interstitial with items such as “The Spell- Document Check”. There are some of the stages in the software inspection process such as- 1. Planning – The moderator plans the inspection. 2. Overview Meeting – The background of the work product is described by the author. 3. Preparation – The examination of the work product is done by inspector to identify the possible defects. 4. Inspection Meeting – The reader reads the work product part by part during this meeting and the inspectors the faults of each part. 5. Rework – after the inspection meeting, the writer changes the work product according to the work plans. 6. Follow Up – The changes done by the author are checked to make sure that everything is correct. CODE REVIEWS AND INSPECTION Our objective with Inspections is to reduce the Cost of Quality by finding and removing defects earlier and at a lower cost. While some testing will always be necessary, we can reduce the costs of test by reducing the volume of defects propagated to test. - Ron Radice (2002) When you catch bugs early, you also get fewer compound bugs. Compound bugs are two separate bugs that interact: you trip going downstairs, and when you reach for the handrail it comes off in your hand. - Paul Graham (2001) The main objective in software development is to get a working program that meets all the requirements and has no defects. The code should be perfect and it has no errors when you deliver it. The software quality assurance is all about trying to get as close to perfection, within the given time and budget. Software quality is usually discussed from two different perspectives: the user’s and the developer’s. From the user’s perspective, quality has a number of characteristics, things that your program must do in order to be accepted by the user—among which are the following: Correctness: The software has to work, period. Usability: It has to be easy to learn and easy to use. Reliability: It has to stay up and be available when you need it. Security: The software has to prevent unauthorized access and protect your data. Adaptability: It should be easy to add new features. From the developer’s perspective, things are a bit different. The developer wants to see the following: Maintainability: It has to be easy to make changes to the software. Portability: It has to be easy to move the software to a different platform. Readability: Many developers won’t admit this, but you do need to be able to read the code. Understandability: The code needs to be designed in such a way that a new developer can understand how it all hangs together. Testability: Well, at least the testers think your code should be easy to test. Code that’s created in a modular fashion, with short functions that do only one thing, is much easier to understand and test than code that is all just one big main() function. Software Quality Assurance (SQA) has three legs to it: Testing: Finding the errors that surface while your program is executing, also known as dynamic analysis. Debugging: Getting all the obvious errors out of your code—the ones that are found by testing it. Reviews: Finding the errors that are inherently in your code as it sits there, also known as static analysis. Many developers think that testing is a way to quality, but testing is limited. It can’t explore every code path and test every possible data combination, and some of the test themselves are flawed. According to Edsger Dijkstra famously said, “... program testing can be a very effective way to show the presence of bugs, but it is hopelessly inadequate for showing their absence.” Reviewing your code, reading it and looking for errors on the page, provides another mechanism for making sure you’ve implemented the user’s requirements and the resulting design correctly. In fact, most development organizations that use a plan-driven methodology will not only review code, they’ll also review the requirements document, architecture, design specification, test plan, the tests themselves, and user documentation, in short, all the work products produced by the software development organization. WALKTHROUGHS, REVIEWS AND INSPECTIONS Testing alone is not effective, it will only find errors about 50% or so in the program. Adding some type of code review in testing regimen, to find errors in code, can bring the percentage up to 93-99%. Three types of reviews are typically done: walkthroughs, code reviews, and inspections. These three works their way up from very informal techniques to very formal methodologies. Walkthroughs Walkthroughs, also known as desk checks or code reads, are the least formal type of a review. Walkthroughs are normally used to confirm small changes to code, say a line or two, that you’ve just made to fix an error. If you’ve just added a new method to a class, or you’ve changed more than about 25 or 30 lines of code, don’t do a walkthrough. Do a code review instead. Walkthroughs involve two or at most three people: the author of the code and the reviewer. The author’s job in a walkthrough is to explain to the reviewer what the change is supposed to do and to point out where the change was made. The reviewer’s job is to understand the change and then read the code. Once the reviewer reads the code, they make one of two judgments: either they agree that the change is correct, or they don’t. If not, the author has to go back, fix the code again, and then do another walkthrough. If the reviewer thinks the change is correct, then the author can integrate the changed code back into the code base for integration testing. Code Reviews This is somewhat more formal than a walkthrough. Code reviews are what most software developers do. You should always do a code review if you’ve changed a substantial amount of code, or if you’ve added more than just a few lines of new code to an existing program. Code reviews are real meetings. There are usually between three and five attendees at a code review. The people who attend a code review should each bring a different perspective to the meeting. The moderator of the code review is usually the author. There should be one or more developers at the meeting, someone who’s working on the same project as the author There should be a tester at the code review. Finally, there should be an experienced developer present who’s not on the same project as the author. Managers are not allowed at code reviews. The presence of a manager changes the dynamics of the meeting and makes the code review less effective. People who might be willing to honestly critique a piece of code among peers will clam up in the presence of a manager; that doesn’t help find errors. No managers, please. Code Inspection Code inspections are the most formal type of review meeting. The sole purpose of an inspection is to find defects in a work product. Inspections can be used to review planning documents, requirements, designs, or code, in short, any work product that a development team produces. Code inspections have specific rules regarding how many lines of code to review at once, how long the review meeting must be, and how much preparation each member of the review team should do, among other things. Inspections are typically used by larger organizations because they take more training, time, and effort than walkthroughs or code reviews. They’re also used for mission- and safety-critical software where defects can cause harm to users. Code inspections have several very important criteria, including the following: Inspections use checklists of common error types to focus the inspectors. The focus of the inspection meeting is solely on finding errors; no solutions are permitted. Reviewers are required to prepare beforehand; the inspection meeting will be canceled if everyone isn’t ready. Each participant in the inspection has a distinct role. All participants have had inspection training INSPECTION ROLES The following are the roles used in code inspections: Moderator: The moderator gets all the materials from the author, decides who the other participants in the inspection should be, and is responsible for sending out all the inspection materials and scheduling and coordinating the meeting. Author: The author distributes the inspection materials to the moderator. If an Overview meeting is required, the author chairs it and explains the overall design to the reviewers. Overview meetings are discouraged in code inspections, because they can “taint the evidence” by injecting the author’s opinions about the code and the design before the inspection meeting. INSPECTION ROLES Reader: The reader’s role is to read the code. Actually, the reader is supposed to paraphrase the code, not read it. Paraphrasing implies that the reader has a good understanding of the project, its design, and the code in question. Reviewers: The reviewers do the heavy lifting in the inspection. A reviewer can be anyone with an interest in the code who is not the author. Normally, reviewers are other developers from the same project. As in code reviews, it’s usually a good idea to have a senior person who’s not on the project also be a reviewer. INSPECTION ROLES Recorder: Every inspection meeting has a recorder. The recorder is one of the reviewers and is the one who takes notes at the inspection meeting. The recorder merges the defect lists of the reviewers and classifies and records errors found during the meeting. Managers: As with code reviews, managers aren’t invited to code inspections INSPECTION PHASE AND PROCEDURES Fagan inspections have seven phases that must be followed for each inspection: Planning In the Planning phase, the moderator organizes and schedules the meeting and picks the participants. The moderator and the author get together to discuss the scope of the inspection materials—for code inspections, typically 200–500 uncommented lines of code will be reviewed. The author then distributes the code to be inspected to the participants. The Overview Meeting An Overview meeting is necessary if several of the participants are unfamiliar with the project or its design and they need to come up to speed before they can effectively read the code. If an Overview meeting is necessary, the author will call it and run the meeting. The meeting itself is mostly a presentation by the author of the project architecture and design. As mentioned, Overview meetings are discouraged, because they have a tendency to taint the evidence. Like the Inspection meeting itself, Overview meetings should last no longer than two hours. Preparation In the Preparation phase, each reviewer reads the work to be inspected. Preparation should take no more than two or three hours. The amount of work to be inspected should be between 200–500 uncommented lines of code or 30–80 pages of text. A number of studies have shown that reviewers can typically review about 125–200 lines of code per hour. In Fagan inspections, the Preparation phase is required. The Inspection meeting can be canceled if the reviewers haven’t done their preparation. The amount of time each reviewer spent in preparation is one of the metrics gathered at the Inspection meeting. The Inspection Meeting The moderator is in charge of the Inspection meeting. Their job during the meeting is to keep the meeting on track and focused. The Inspection meeting should last no more than two hours. If there is any material that has not been inspected at the end of that time, a new meeting is scheduled. At the beginning of the meeting, the reviewers turn in their list of previously discovered errors to the recorder. The Inspection Report Within a day of the meeting, the recorder distributes the Inspection report to all participants. The central part of the report is the defects that were found in the code at the meeting. Rework and Follow-up The author fixes all the severity 1 through 3 defects found during the meeting. If enough defects were found, or if enough refactoring or code changes had to occur, then another Inspection is scheduled. How much is enough? Amounts vary. McConnell says 5% of the code, but this author has typically used 10% of the code inspected. So, if you inspected 200 lines of code and had to change 20 or more of them in the rework, then you should have another Inspection meeting. If it’s less than 10%, the author and the moderator can do a walkthrough. Regardless of how much code is changed, the moderator must check all the changes as part of the follow-up. THANK YOU FOR LISTENING!