Upload
hakiet
View
221
Download
1
Embed Size (px)
Citation preview
GETTING SOFTWARE RIGHT
Developing future-proof software starts today The QSD Qualification: Maintainability Foundation Level
Yiannis Kanellopoulos, Gijs Wijnholds
8th of March 2016
Software Improvement Group | PEOPLECERT / PUBLIC
About SIG Getting Software Right
We are an international consultancy firm with HQs in Amsterdam, and we aim at improving software. Started in 2000 as a spin-off of CWI.
We operate as an independent, impartial mediator between IT customers and suppliers.
We actively support scientific research in the field of software engineering.
We deliver insight to management on IT projects and systems. We do this based on validated facts and measurements.
Page 2 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Our Analysis Lab in numbers Sole "Trusted Lab” in Europe being accredited with the ISO 17025 standard
185 supported technologies
22,000
inspections 50 sourcecode-
snapshots per week
>7,400,000,000 lines of code in software analysis
warehouse
227
clients
1,800 systems
monitored
Page 3 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
25010
How do we help our clients? The SIG Capabilities
Cost Estimation
Function point analysis
Architecture Review QSD
Benchmarking Transferability
Early Effort Estimation
Reliability
Portability
> SIG ISO IEC 25010 Certified Capabilities
Functional Suitability
Security
Compatibility
Usability
Maintainability
Performance Efficiency
> SIG Capabilities
Development Process
Assessment
Page 4 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
About PEOPLECERT
ü 4,000,000+ exams delivered to date
ü Web & Paper based exams in 25 languages
ü Award-winning assessment technology –
Online Proctoring & Instant Scan and Mark
ü e-Certificates –
Speedy hard copy and e-certificate delivery
ü 10,000 exam locations worldwide
ü Any time, any place
exams and customer service, 24/7/365
ü 150 countries every year of exam delivery
Global leader in assessment & certification of professional skills.
Page 5 of 25
peoplecert.org [email protected]
Software Improvement Group | PEOPLECERT / PUBLIC
About PEOPLECERT
ü Certification Scheme & Test creation – test testing & test validation
ü Internet-Based / Computer-Based / Paper-Based Exams
ü 30 types of Questions - Multiple Choice, Essay, Audio, Video etc.
ü Award-winning marking solutions - Automated, Remote, Manual
ü Certificate Printing and Delivery - e-certificate, hard copy certificate
ü Certificate Validation - online on PEOPLECERT website
ü Maintenance of Candidates’ Records and Database - All Data, Reports
State-of-the-art, A-to-Z assessment solutions
Page 6 of 25
peoplecert.org [email protected]
Software Improvement Group | PEOPLECERT / PUBLIC
About PEOPLECERT
ü Accredited by the National Hellenic Accreditation System (NHAS) as Certification Body according to:
ü ISO 17024 for Certification of Persons (2006)
ü ISO 17065 for Certification of Products, Processes & Services (2015)
ü Certified by Lloyds Register (UK) according to:
ü ISO 9001 Quality Management (2003)
ü ISO 10002 Customer Satisfaction and Complaints Handling (2006)
ü ISO 14001 Environmental Management (2006)
ü ISO 27001 Information & Data Security (2008)
ü ISO 23988 Use of IT in the delivery of assessments (2013)
ü ISO 22301 Business Continuity (2015)
Commitment to Quality
Page 7 of 25
peoplecert.org [email protected]
Software Improvement Group | PEOPLECERT / PUBLIC
The global challenge
Global IT debt is $500 Billion and rapidly growing*
The amount of change requires more developers than are available
52% of debugging effort is spent on 8% of the defects**
High-risk parts of software systems consume developers’ time, no room left for innovation
Better code is cheaper 66% of debugging time can be saved with software of high quality
*Source: Andy Kyte, “Measure and manage your IT debt,” Gartner, Inc., August 9, 2010 (last reviewed June 19, 2013) **Source: Deloitte University Press, Tech Trends 2014 – Inspiring Disruption ***Source: Dennis Bijlsma, Miguel Alexandre Ferreira, Bart Luijten, Joost Visser: Faster issue resolution with higher technical quality of software. Software Quality Journal, 2012
Page 8 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
The QSD approach
1) Distilled metrics-based standard
A small number of guidelines that are clear, easy-to-follow, meaningful, high-impact
2) Training material for developers to use these standards effectively (Foundation)
Thorough explanation, examples, exercises, immediately applicable in daily programming practice
3) Training material for teams to organize around these standards (Advanced)
Tools, techniques, practices to be shared by a team to produce quality code consistently
Page 9 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
The QSD Stack
SIG Vanilla training material
Exam items
Body of Knowledge and videos
Examination and certification
Education
Online content
Page 10 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Body of Knowledge – Response of developers who reviewed our book
“Just finished reading the book this morning. I got a lot more out of the book than I had expected and would recommend it to others.”
- Vincent O’Sullivan, VHI Ireland
“It contains many good ideas about how to write better code. I must say that my first reaction to some of the ideas is, ‘No way! That's
unnecessarily restrictive.’ But, I often find myself mellowing towards such ideas as I continue reading.”
- Roger House, Sebastopol CA
“These guidelines are spot on. They provide a crisp and actionable explanation of what the working programmer needs to know to
deliver quality code in a consistent manner.”
- George Marinos, National Bank of Greece
Page 11 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Video Material – Maintainability Foundation
> Complementary material to the body of knowledge
> Including many practical examples of building future-proof code
> Available online at https://player.oreilly.com/videos/9781491950791
Page 12 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
The QSD Qualification – Maintainability Foundation
> Expected background: 2 years of working experience in object-oriented programming, or BSc in computer science or software engineering
> Exam currently available for Java and C#
> 75 questions, 2h duration
> Closed book
> Physical or web proctoring
> Certificate of perpetual validity
> To date, 170 certificates awarded since its launch early 2016
Page 13 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Quality Software Development – Trainer Prerequisites
> Hold the Quality Software Development Certification.
> At least 3 years of experience as a Software Engineer in Object Oriented programming.
> Good knowledge of the Object Oriented paradigm and knowledge on how to apply it.
> More than 10 hours of Training Experience.
Page 14 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Quality Software Development – Available vanilla material
> Trainer’s manual
> Syllabus
> Lesson plans
> Code snippets from open source systems
> Example exam questions
> Slide decks
1 Introduction slide deck
1 Code smells slide deck
8 Guideline slide decks
3 Refactoring slide decks
1 Automated testing slide deck
1 Code hygiene slide deck
1 Example exam questions slide deck
1 Next steps slide deck
Page 15 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Vanilla Material Samples
1. Slide decks in PDF, SIG style
Software Improvement Group
Chapter 2: Code Smells
A famous example: Apple’s SSL/TLS bug
Background details
• CVE ID: CVE-2014-1266
• Apple iOS 6.x (< 6.1.6)
• Apple iOS 7.x (< 7.0.6)
• Apple TV 6.x (< 6.0.2)
• Apple OS X 10.9.x (< 10.9.2)
• Impact: millions of devices?
Unit:
SSLVerifySignedServerKeyExchange(…)
LOC: 64
McCabe: 14
Nr. of parameters: 5
*Read more: https://www.imperialviolet.org/2014/02/22/applebug.html
Page 3 of 4
Chapter2:CodeSmellsAfamousexample:Apple’sSSL/TLSbug
Background details
• CVE ID: CVE-2014-1266
• Apple iOS 6.x (< 6.1.6)
• Apple iOS 7.x (< 7.0.6)
• Apple TV 6.x (< 6.0.2)
• Apple OS X 10.9.x (< 10.9.2)
• Impact: millions of devices?
Unit:
SSLVerifySignedServerKeyExchange(…)
LOC: 64
McCabe: 14
Nr. of parameters: 5
*Read more: https://www.imperialviolet.org/2014/02/22/applebug.html
Page 3 of 4
Two versions of the slide decks
1. Slide decks in PPTX, Vanilla style
Page 16 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 4: Write Simple Units of Code (Day 1, Part 3)
Do:
> Limit the number of branch points to 4
By:
> Splitting complex units into simpler ones
> Avoiding complex units
Because simple units are:
> Easy to test
> Easy to understand
> Easy to modify
The guideline
Positive effects on other guidelines:
> Unit Size
> Unit Interfacing
Page 17 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 4: Write Simple Units of Code (Day 1, Part 3)
Count the cyclomatic complexity:
> Every branch point (if, case, for, &&, ||) is counted, and we add 1 to the total
How you can measure it
2 branch points + 1 = cyclomatic complexity of 3
Page 18 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 4: Write Simple Units of Code (Day 1, Part 3) Examples from the Jenkins CI source code (https://github.com/jenkinsci/jenkins)
This unit has 3 branch points
This unit has 4 branch points
Page 19 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 4: Write Simple Units of Code (Day 1, Part 3) An example of non-compliant code
This unit has 5 branch points
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 11: Extract Method (Day 2, Part 2) Applying Extract Method (1/2): Apache Tomcat on 25-05-2015*
> The init() method contains 69 lines of code and has a McCabe complexity of 19
> The Extract Method has been applied to extract the configuration check to a separate method
*Source of snapshot: http://tomcat.apache.org/download-80.cgi
Page 21 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 11: Extract Method (Day 2, Part 2) Applying Extract Method (2/2): Apache Tomcat on 07-10-2015*
> After refactoring, the init() method now contains 50 lines of code and has a McCabe complexity of 15
*Source of snapshot: http://tomcat.apache.org/download-80.cgi
Page 22 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Chapter 16: Exam Preparation (Day 3, Part 2) Example questions 7 & 11
> Question: Which statement is true? The complexity of a unit of code is measured by…
A. The number of lines of code in the unit
B. The number of parameters
C. The number of branch points
D. The number of calls to other units
> Question: What is the unit complexity of this unit?
A. 13
B. 15
C. 17
D. 20
* Slice.intersects() method from Apache Cassandra on Jan. 18th 2016 Page 23 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Tips & Tricks
Focus of the training should be on the ‘Maintainability Mindset’:
• The guidelines; how to interpret them, how to apply them
• Refactoring techniques to turn non-compliant code into compliant code
Maintainable software is a matter of discipline and practice:
• Show real-time refactorings, or let students do so themselves
• Bring your/their own source code
Building maintainable software is technology-independent, training is language-specific
• The book and snippets are available in Java and C#
• Snippets in the slide decks and at https://github.com/oreillymedia/building_maintainable_software
Page 24 of 25
Software Improvement Group | PEOPLECERT / PUBLIC
Q & A
Page 25 of 25
GETTING SOFTWARE RIGHT
Contact
www.peoplecert.org/en/communication/Pages/contact.aspx
@PEOPLECERT
+30 6938 119424
[email protected], [email protected]
@sig_eu