Formal Technical Reviews

Document Sample
Formal Technical Reviews Powered By Docstoc
					Formal Technical Reviews

     Annette Tetmeyer
         Fall 2009

•   Overview of FTR and relationship to software
    quality improvement
•   History of software quality improvement
•   Impact of quality on software products
•   The FTR process
•   Beyond FTR
•   Discussion and questions

        Formal Technical Review
What is Formal Technical Review (FTR)?

Definition (Philip Johnson)
      quality of the structured encounter
A method involving aoriginal work productin
which a group of technical personnel analyzes or
              quality of the method
improves the quality of the original work product
as well as the quality of the method.

        Software Quality Improvement
•   Improve the quality of the original work
    –   Find defects early (less costly)
    –   Reduce defects
•   Leads to improved productivity
    –   Benefits by reducing rework build throughout the
        requirements design coding  testing

Software Quality Improvement (2/4)
•   Survey regarding when reviews are conducted
    –   Design or Requirements: 40%
    –   Code review: 30%
•   Code reviews pay off even if the code is being
    tested later (Fagan)

Software Quality Improvement (3/4)
Improve the quality of the method
• Improve team communication
• Enhance team learning

Software Quality Improvement (4/4)
•   Which impacts overall quality the most?
    –   To raise the quality of the finished product
    –   To improve developer skills



             Key Process Areas of CMMI
Maturity Level                      Key Process Area
1: Initial       None
                 Requirements Management, Software Project Planning,
                 Software Project Tracking and Oversight, Software
2: Repeatable
                 Subcontract Management, Software Quality Assurance,
                 Software Configuration Management
                 Organization Process Focus, Organization Process
                 Definition, Training Program, Integrated Software
3: Defined
                 Management, Software Product Engineering, Intergroup
                 Coordination, Peer Reviews
                 Quantitative Process Management, Software Quality
4: Managed
                 Defect Prevention, Technology Change Management,
5: Optimizing
                 Process Change Management

           Peer Reviews and CMMI
•   Does not dictate specific techniques, but
    instead requires that:
    – A written policy about peer reviews is required
    – Resources, funding, and training must be provided
    – Peer reviews must be planned
    – The peer review procedures to be used must be

    SEI-CMMI Checklist for Peer Reviews
•   Are peer reviews planned?
•   Are actions associated with defects that are identified
    during peer reviews tracked until they are resolved?
•   Does the project follow a written organizational policy
    for performing peer reviews?
•   Do participants of peer reviews receive the training
    required to perform their roles?
•   Are measurements used to determine the status of peer
    review activities?
•   Are peer review activities and work products subjected
    to Software Quality Assurance review and audit?

•   Overview of FTR and relationship to software
    quality improvement
•   History of software quality improvement
•   Impact of quality on software products
•   The FTR process
•   Beyond FTR
•   Discussion and questions

       Researchers and Influencers
•   Fagan
•   Johnson
•   Ackermann
•   Gilb and Graham
•   Weinberg
•   Weigers

 Inspection, Walkthrough or Review?
An inspection is „a visual examination of a
software product to detect and identify software
anomalies, including errors and deviations from
standards and specifications‟

Inspection, Walkthrough or Review? (2/2)
A walkthrough is „a static analysis technique in which a
designer or programmer leads members of the
development team and other interested parties through a
software product, and the participants ask questions and
make comments about possible errors, violation of
development standards, and other problems’
A review is „a process or meeting during which a software
product is presented to project personnel, managers,
users, customers, user representatives, or other
interested parties for comment or approval’

Source: IEEE Std. 1028-1997

         Families of Review Methods
Method Family      Typical Goals                   Typical Attributes
Walkthroughs       Minimal overhead                Little/no preparation
                   Developer training              Informal process
                   Quick turnaround                No measurement
                                                   Not FTR!
Technical          Requirements elicitation        Formal process
Reviews            Ambiguity resolution            Author presentation
                   Training                        Wide range of discussion
Inspections        Detect and remove all           Formal process
                   defects efficiently and         Checklists
                   effectively                     Measurements
                                                   Verify phase
Source: Johnson, P. M. (1996). Introduction to formal technical reviews.

                Informal vs. Formal
•   Informal
    – Spontaneous
    – Ad-hoc
    – No artifacts produced
•   Formal
    –   Carefully planned and executed
    –   Reports are produced

In reality, there is also a middle ground between
  informal and formal techniques

•   Overview of FTR and relationship to software
    quality improvement
•   History of software quality improvement
•   Impact of quality on software products
•   The FTR process
•   Beyond FTR
•   Discussion and questions

          Cost-Benefit Analysis
• Fagan reported that IBM inspections found 90%
  of all defects for a 9% reduction in average
  project cost
• Johnson estimates that rework accounts for 44%
  of development cost
• Finding defects, finding defects early and
  reducing rework can impact the overall cost of
  a project

                      Cost of Defects
    What is the impact of the annual cost of software
    defects in the US?

                            $59 billion

•   Estimated that $22 billion could be avoided by
    introducing a best-practice defect detection

Source: NIST, The Economic Impact of Inadequate Infrastructure for Software
        Testing, May 2002

                   Cost of Defects
• Gilb project with jet manufacturer
• Initial analysis estimated that 41,000 hours of
  effort would be lost through faulty
• Manufacturer concurred because:
    –   10 people on the project using 2,000 hours/year
    –   Project is already one year late (20,000 hours)
    –   Project is estimated to take one more year (another
        20,000 hours)

        Jet Propulsion Laboratory Study
• Average two hour inspection exposed four
  major and fourteen minor faults
• Savings estimated at $25,000 per inspection
• Additional studies showed the number of faults
  detected decreases exponentially by phase
    –   Detecting early saves time and money

       Software Inspections
Why are software inspections not widely used?
• Lack of time
• Not seen as a priority
• Not seen as value added (measured by loc)
• Lack of understanding of formalized
• Improper tools used to collect data
• Lack of training of participants
• Pits programmer against reviewers

       Twelve Reasons Conventional
         Reviews are Ineffective
1.   The reviewers are swamped with information.
2.   Most reviewers are not familiar with the
     product design goals.
3.   There are no clear individual responsibilities.
4.   Reviewers can avoid potential embarrassment
     by saying nothing.
5.   The review is a large meeting; detailed
     discussions are difficult.
6.   Presence of managers silences criticism.

       Twelve Reasons Conventional
         Reviews are Ineffective
7.  Presence of uninformed reviewers may turn
    the review into a tutorial.
8. Specialists are asked general questions.
9. Generalists are expected to know specifics.
10. The review procedure reviews code without
    respect to structure.
11. Unstated assumptions are not questioned.
12. Inadequate time is allowed.

From class website: sw-inspections.pdf (Parnas)

          Fagan’s Contributions
• Design and code inspections to reduce errors in
  program development (1976)
• A systematic and efficient approach to
  improving programming quality
• Continuous improvement: reduce initial errors
  and follow-up with additional improvements
• Beginnings of formalized software inspections

            Fagan’s Six Major Steps
1.    Planning
2.    Overview
3.    Preparation
4.    Examination
5.    Rework
6.    Follow-up

     Can steps be skipped or combined?
     How many people hours are typically involved?

       Fagan’s Six Major Steps (2/2)
1.   Planning: Form team, assign roles
2.   Overview: Inform team about product
3.   Preparation: Independent review of materials
4.   Examination: Inspection meeting
5.   Rework: Author verify defects and correct
6.   Follow-up: Moderator checks and verifies

                Fagan’s Team Roles
• Fagan recommends that a good size team
  consists of four people
• Moderator: the key person, manages team and
  offers leadership
• Readers, reviewers and authors
    –   Designer: programmer responsible for producing the
        program design
    –   Coder/ Implementer: translates the design to code
    –   Tester: write, execute test cases

Common Inspection Processes

                       Active Design
•   Parnas and Weiss (1985)
•   Rationale
    –   Reviewers may be overloaded during preparation phase
    –   Reviewers lack of familiarity with goals
    –   Large team meetings can have drawbacks
• Several brief reviews rather than one large review
• Focus on a certain part of the project
• Used this approach for the design of a military flight
  navigation system

           Two Person Inspection
•   Bisant and Lyle (1989)
•   One author, one reviewer (eliminate
•   Ad-hoc preparation
•   Noted immediate benefits in program quality
    and productivity
•   May be more useful in small organizations or
    small projects

                     N-fold Inspection
•   Martin and Tsai (1990)
•   Rationale
    –   A single team finds only a fraction of defects
    –   Different teams do not duplicate efforts
•   Follows Fagan inspection steps
•   N-teams inspect in parallel with results
•   Results from teams are merged
•   After merging results, only one team continues on
•   Team size 3-4 people (author, moderator, reviewers)

               Phased Inspection
• Knight and Myers (1993)
• Combines aspects of active design, Fagan, and
• Mini- inspections or “phases” with specific goals
    – Use checklists for inspection
    – Can have single-inspector or multiple-inspector
•   Team size 1-2 people

          Inspection without Meeting
•   Research by Votta (1993) and Johnson (1998)
    –   Does every inspection need a meeting?
• Builds on the fact that most defects are found
  in preparation for the meeting (90/10)
• Is synergy as important to finding defects as
  stated by others?
• Collection occurs after preparation
• Rework follows

             Gilb Inspections
• Gilb and Graham (1993)
• Similar to Fagan inspections
• Process brainstorming meeting immediately
  following the inspection meeting

             Other Inspections
• Structured Walkthough (Yourdon, 1989)
• Verification-Based Inspection (Dyer, 1992)

    Inspection, Walkthrough or Review?
• Some researchers interpret Fagan‟s work as a
  combination of all three
• Does present many of the elements associated
  with FTR
• FTR may be seen as a variant of Fagan
  inspections (Johnson, Tjahjono 1998)

•   Overview of FTR and relationship to software
    quality improvement
•   History of software quality improvement
•   Impact of quality on software products
•   The FTR process
•   Beyond FTR
•   Discussion and questions

        Formal Technical Review (FTR)
•   Process
    –   Phases and procedures
•   Roles
    –   Author, Moderator, Reader, Reviewer, Recorder
•   Objectives
    –   Defect removal, requirements elicitation, etc.
•   Measurements
    –   Forms, consistent data collection, etc.

                  FTR Process
•   How much to review
•   Review pacing
•   When to review
•   Pre-meeting preparation
•   Meeting pace

          How Much to Review?
• Tied into meeting time (hours)
• Should be manageable
• Break into chunks if needed

                    Review Pacing
• How long should the meeting last?
• Based on:
    –   Lines per hour?
    –   Pages?
    –   Specific time frame?

             When to Review?
• How much work should be completed before
  the review
• Set out review schedule with project planning
• Again, break into manageable chunks
• Prioritize based on impact of code module to
  overall project

          Pre-Meeting Preparation
•   Materials to be given to reviewers
•   Time expectations prior to the meeting
•   Understand the roles of participants
•   Training for team members on their various
•   Expected end product

        Pre-Meeting Preparation (2/2)
•   How is document examination conducted?
    –   Ad-hoc
    –   Checklist
    –   Specific reading techniques (scenarios or
        perspective-based reading)

    Preparation is crucial to effective reviews

              FTR Team Roles
• Select the correct participants for each role
• Understand team review psychology
• Choose the correct team size

            FTR Team Roles (2/2)
•   Author
•   Moderator
•   Reader
•   Reviewer
•   Recorder (optional?)

        Who should not be involved and why?

            Team Participants
• Must be actively engaged
• Must understand the “bigger picture”

             Team Psychology
• Stress
• Conflict resolution
• Perceived relationship to performance reviews

                          Team Size
•   What is the ideal size for a team?
    –   Less than 3?
    –   3-6?
    –   Greater than 6?
• What is the impact of large, complex projects?
• How to work with globally distributed teams?

                   FTR Objectives
• Review meetings can take place at various
  stages of the project lifecycle
• Understand the purpose of the review
    – Requirements elicitation
    – Defect removal
    – Other

•   Goal of the review is not to provide solutions
    –   Raise issues, don’t resolve them

           FTR Measurements
• Documentation and use
• Sample forms
• Inspection metrics

• Forms used to facilitate the process
• Documenting the meeting
• Use of standards
• How is documentation used by:
    –   Managers
    –   Developers
    –   Team members

                   Sample Forms
• NASA Software Formal Inspections Guidebook
• Sample checklists
    – Architecture design
    – Detailed design
    – Code inspection
    – Functional design
    – Software requirements

        Refer to sample forms distributed in class

                 Inspection Metrics
• How to gather and classify defects?
• How to collect?
• What to do with collected metrics?
• What metrics are important?
    –   Defects per reviewer?
    –   Inspection rate?
    –   Estimated defects remaining?
• Historical data
• Future use (or misuse) of data

           Inspection Metrics (2/2)
• Tools for collecting metrics
• Move beyond spreadsheets and word processors
• Primary barriers to using:
    – Cost
    – Quality
    – Utility

•   Overview of FTR and relationship to software
    quality improvement
•   History of software quality improvement
•   Impact of quality on software products
•   The FTR process
•   Beyond FTR
•   Discussion and questions

          Beyond the FTR Process
•   Impact of reviews on the programmer
•   Post-meeting activities
•   Review challenges
•   Survey of reviews and comparisons
•   Future of FTR

      Impact on the Programmer
• Should reviews be used as a measure of
  performance during appraisal time?
• Can it help to improve commitment to their
• Will it make them a better reviewer when roles
  are reversed?
• Improve teamwork?

             Post-Meeting Activities
•   Defect correction
    –   How to ensure that identified defects are corrected?
    –   What metrics or communication tools are needed?
•   Follow-up
    – Feedback to team members
    – Additional phases of reviews

• Data collection for historical purposes
• Gauging review effectiveness

            Review Challenges
• Distributed, global teams
• Large teams
• Complex projects
• Virtual vs. face-to-face meetings

                    Survey of Reviews
•   Reviews were integrated into software
    development with a range of goals
    –   Early defect detection
    –   Better team communication
•   Review approaches vary widely
    –   Tending towards nonsystematic methods and

Source: Ciolkowski, M., Laitenberger, O., & Biffl, S. (2003). Software reviews,
        the state of the practice. Software, IEEE, 20(6), 46-51.

             Survey of Reviews (2/2)
•   What were common review goals?
    –   Quality improvement
    –   Project status evaluation
    –   Means to enforce standards
•   Common obstacles
    –   Time pressures
    –   Cost
    –   Lack of training (most train by participation)

        Do We Really Need a Meeting?
•   “Phantom Inspector” (Fagan)
    –   The “synergism” among the review team that can
        lead to the discovery of defects not found by any of
        the participants working individually
• Meetings are perceived as higher quality
• What about false positives and duplicates?

          A Study of Review Meetings
• The need for face-to-face meetings has never
  been questioned
• Meetings are expensive!
    –   Simultaneous attendance of all participants
    –   Preparation
    –   Readiness of work product under review
    –   High quality moderation
    –   Team personalities
•   Adds to project time and cost (15-20%

    A Study of Review Meetings (2/3)
•   Studied the impact of:
    –   Real (face-to-face) vs. nominal (individual) groups
    –   Detection effectiveness (number of defects
    –   Detection cost
•   Significant differences were expected

    A Study of Review Meetings (3/3)
•   Results
    –   Defect detection effectiveness was not significantly
        different for either group
    –   Cost was less for nominal than for real groups
        (average time to find defects was higher)
    –   Nominal groups generated more issues, but had
        higher false positives and more duplication

     Does Openness and Anonymity
           Impact Meetings?
• “Working in a group helped me find errors faster and
• “Working in a group helped me understand the code
• “You spent less time arguing the issue validity when
  working alone.”
• “I could get a lot more done in a given amount of time
  when working by myself.”

    Study on Successful Industry Uses
•   Lack of systematic execution during
    preparation and detection
    –   60% don‟t prepare at all, only 50% use checklist, less
        than 10% use advance reading techniques
•   Reviews are not part of an overall improvement
    –   Only 23% try to optimize the review process

     Study on Successful Industry Uses
•   Factors for sustained success
    –   Top-management support is required
    –   Need evidence (external, internal) to warrant using
    –   Process must be repeatable and measurable for
        continuous improvement
    –   Techniques need to be easily adaptable to changing

    Study on Successful Industry Uses
• Repeatable success tends to use well defined
• Reported success (NASA, Motorola, IBM)
    – 95% defect detection rates before testing
    – 50% overall cost reduction
    – 50% reduction in delivery time

                  Future of FTR
1.   Provide tighter integration between FTR and the
     development method
2.   Minimize meetings and maximize asynchronicity in
3.   Shift the focus from defect removal to improved
     developer quality
4.   Build organizational knowledge bases on review
5.   Outsource review and in-source review knowledge
6.   Investigate computer-mediated review technology
7.   Break the boundaries on review group size

•   Overview of FTR and relationship to software
    quality improvement
•   History of software quality improvement
•   Impact of quality on software products
•   The FTR process
•   Beyond FTR
•   Discussion and questions

• Testing is commonly outsourced, but what
  about reviews?
• What are the implications to outsourcing one
  over the other?
• What if code production is outsourced? What
  do you review and how?
• What is the relationship between reviews and

•   Relationship between inspections and testing
•   Do anonymous review tools impact the quality
    of the review process?
•   How often to review?
•   When to re-review?
•   How to estimate number of defects expected?

       Wieger’s Seven Deadly Sins of
            Software Reviews
1.   Participants don‟t understand the review
2.   Reviewers critique the producer, not the
3.   Reviews are not planned
4.   Review meetings drift into problem solving
5.   Reviewer are not prepared
6.   The wrong people participate
7.   Reviewers focus on style, not substance

•   1985-1995: a fair amount of interest and research
•   Terminology changes and appears to wane post 2000
•   Many sites are obsolete or have not been updated
•   Very few surveys on quantifiable results regarding
    reviews, cost and quality improvements
•   Those using quality methods tend to be enthusiastic,
    others have not joined in yet



Full references handout provided in class

          References and Resources
Ackerman, A. F., Buchwald, L. S., & Lewski, F. H. (1989). Software
   inspections: an effective verification process. Software, IEEE, 6(3),
Aurum, A., Petersson, H., & Wohlin, C. (2002). State-of-the-art:
   software inspections after 25 years. Software Testing, Verification
   and Reliability, 12(3), 133-154.
Boehm, B., & Basili, V. R. (2001). Top 10 list [software development].
   Computer, 34(1), 135-137.
Ciolkowski, M., Laitenberger, O., & Biffl, S. (2003). Software reviews,
   the state of the practice. Software, IEEE, 20(6), 46-51.
D'Astous, P., Détienne, F., Visser, W., & Robillard, P. N. (2004).
   Changing our view on design evaluation meetings methodology: a
   study of software technical review meetings. Design Studies,
   25(6), 625-655.

          References and Resources
Denger, C., & Shull, F. (2007). A Practical Approach for Quality-Driven
   Inspections. Software, IEEE, 24(2), 79-86.
Fagan, M. E. (1976). Design and code inspections to reduce errors in
   program development. IBM Systems Journal, 15(3), 182-211.
Freedman, D. P., & Weinberg, G. M. (2000). Handbook of
   Walkthroughs, Inspections, and Technical Reviews: Evaluating
   Programs, Projects, and Products: Dorset House Publishing Co.,
IEEE Standard for Software Reviews and Audits (2008). IEEE STD 1028-
   2008, 1-52.
Johnson, P. M. (1996). Introduction to formal technical reviews, from

          References and Resources
Johnson, P. M. (1998). Reengineering inspection. Commun. ACM,
   41(2), 49-52.
Johnson, P. M. (2001), You can‟t even ask them to push a button:
   Toward ubiquitous, developer-centric, empirical software
   engineering, Retrieved from
   rs/philip_johnson_you_cant_even_ask.pdf, Accessed on October 7,
Johnson, P. M., & Tjahjono, D. (1998). Does every inspection really
   need a meeting? Empirical Software Engineering, 3(1), 9-35.
Neville-Neil, G. V. (2009). Kode Vicious<br />Kode reviews 101.
   Commun. ACM, 52(10), 28-29.

          References and Resources
NIST (May 2002). The economic impact of inadequate infrastructure
   for software testing. Retrieved October 8, 2009. from
Parnas, D. L., & Weiss, D. M. (1987). Active design reviews: principles
   and practices. J. Syst. Softw., 7(4), 259-265.
Porter, A., Siy, H., & Votta, L. (1995). A review of software
   inspections: University of Maryland at College Park.
Porter, A. A., & Johnson, P. M. (1997). Assessing software review
   meetings: results of a comparative analysis of two experimental
   studies. Software Engineering, IEEE Transactions on, 23(3), 129-

          References and Resources
Rombach, D., Ciolkowski, M., Jeffery, R., Laitenberger, O., McGarry,
   F., & Shull, F. (2008). Impact of research on practice in the field
   of inspections, reviews and walkthroughs: learning from successful
   industrial uses. SIGSOFT Softw. Eng. Notes, 33(6), 26-35.
Votta, L. G. (1993). Does every inspection need a meeting? SIGSOFT
   Softw. Eng. Notes, 18(5), 107-114.

          Interesting Websites
Gilb: Extreme Inspection

Collaboration Tools
• http://www.result-