Quality Assurance III

What are the types of code review activities?

Walkthrough (Informal): Small changes, 2-3 people, usually the author and reviewer. Naturally happens in pair programming.

Code Review (Formal): Substantial code changes, 3-5 attendees. Inspection (Most Formal): Detects defects in documents (requirements, design, code). Involves defined rules and procedures, used in safety-critical contexts.

Why perform software inspections?

Inspections catch ~60% of defects, and combined with design/code reviews remove up to 85%.

Reduces overall defects by 20-30%.

Participation increases productivity by 20%.

Costs about 10-15% of budget but saves cost later.

What’s the most widely known inspection methodology?

Fagan’s process (1976)

What are some rules to Inspection? and where is it usually used?

• how many lines of code to review at once,

• how long the review meeting must be,

• how much preparation each member of the review team should do.

Used for mission and safety-critical software where defects can cause harm to users

Who are the roles in an inspection?

- Moderator: Manages inspection, distributes material and checklists, schedules and reports.

- Author: Created the document/code, clarifies when needed

. - Reviewer: Stakeholders looking for defects.

- Scribe: Records issues.

- Management: Should not attend but can access inspection reports

What is the inspection procedure?

1. Planning: Author gives design/code to moderator. Moderator selects reviewers, schedules meeting, distributes material & checklist.

2. Overview: Author provides brief overview (optional/dangerous: design should be self-explanatory). .

3. Preparation: Reviewers study the material independently (125 LOC/hr), each with different perspectives (e.g., maintainer, customer, designer).

4. Meeting:

Moderator selects non-author to paraphrase code. Logic is explained. Errors recorded by scribe. No discussion of fixes. Limit: 2 hrs.

5. Report: Moderator writes report within 1 day listing defects, types, severity.

6. Rework: Moderator assigns defects to someone (usually the author) for repair

7. Follow-up: Moderator is responsible for seeing all rework is done

8. Third Hour: An informal meeting to discuss solutions to problems

What makes inspections effective?

- Use checklists focused on past issues.

- Focus on defect detection.

- Assign reviewer perspectives.

- Ensure reviewers prepare.

- Give everyone distinct roles.

- Limit meeting to 2 hrs.

- Collect defect and time data.

- Train participants.

- Follow up on fixes.

- Ensure management understands their non-attendance.

What are Inspection Metrics?

Required to qualify as an inspection.

Includes: - Defects found (with type/location) - Time spent - Size of code reviewed - Causes and triggers

- Suggested improvements - Use of techniques like checklists, paraphrasing, structured walkthroughs

What are code review checklist items?

General: Logic correct, readable, no duplicate/redundant code, conforms to standards, good naming, proper loops, modular. Performance: Optimize where possible, remove debug code, use built-ins.

Security: Validate inputs, catch errors, encode outputs. Documentation: Clear comments, edge cases explained, 3rd party use documented.

Testing: Code is testable, unit tests exist and are meaningful.

Discussion - Testing at Google, Facebook, Amazon, Spotify, Microsoft

Testing Responsibility Spectrum

testing importance spectrum

Testing tools

Do only the functional test cases here

Do the non functional test cases for performance tests

Do the non functional test cases for security tests