Getting Started with Software Reviews
- The purpose of the design and code reviews is to find defects.
- The factor that most influences the length of a design or code review is the amount of work product that has to be reviewed. This may be pages of design or lines of code of source.
- Checklist-directed reviews are the most effective at finding defects specific to the project and product. The checklist has to be built from past defects that the person or team had problems with most recently.
Starting a Review Practice in a Team
Checklist-directed reviews have a 70% to 90% yield in finding defects. The yield is defined as the percentage of defects found by the review that existed in the work product on entry into the review. When a team starts a review practice, there is no checklist yet. How can a Team get started? Here are some tips to get the reviews going.
What parts of the system to target for a review?
- Create on a large piece of paper, or on a whiteboard, a map of the system that the team is working on.
- This map must include at least all the physical modules of the system, but going to a finer level of detail is better.
- Each system part drawn should represent around 2 KLOC of NCSS (KLOC=thousand lines of code, NCSS=Non Comment Source Statement).
- Review the defect log.
- From the defect log select the most recent list of 100 defects (or whatever you have in the last month).
- Place a mark by each system part for each defect that can be traced to that part.
The system part with the most marks gets to be the target of the investigation.
If after a cursory assessment it seems that finding and fixing all the defects in the part would take longer then rewriting it, then the team should choose the rewrite route.
How much code can you review?
The speed of the review seems to be constant on all projects. Ranges from about 200 to 300 NCSS per hour. Reviewing at higher speeds will make the reviewers miss what they are looking for.
What is the difference between a review and defect finding?
During the review the reviewer is looking at the source code, and when he/she notices a defect he is looking at it right then and there. There is no more detection needed. On the other hand, when the developer has to investigate a defect that is reported by a Customer, then first the reason for the defect must be established. This is a time consuming activity because it contains a great deal of uncertainty.
What to look for in a review?
It is best to look for defects that had been observed already. Chances are that the defects that were noted in some part of the system, are present in some other part of the system as well (especially if they both have just been worked on).
Types of Reviews
- Personal Review
- Peer Review
- Inspection
- Walkthrough
Review Principles
Personal reviews follow a process with
- entry and exit criteria
- a defined review structure
- guidelines, checklists, and standards
The personal review goal is to find every defect before the first unit test. To address this goal:
- use coding standards
- use design completeness criteria
- measure and improve your review process
Design Review Principles
- Produce designs that can be reviewed.
- Follow an explicit review strategy.
- Review the design in stages.
- Verify that the logic correctly implements the requirements.
What is a Reviewable Design?
A reviewable design has:
- defined context
- precise representation
- consistent and clear structure
This suggests that:
- the design’s purpose and function is explicitly stated
- you have criteria for design completeness
- the design is explicitly structured in logical elements
Checklists
Checklists: The Theory
- When performing precise tasks, it is difficult to do more than one thing well at a time.
- The checklist defines the review steps in the suggested order for performing them.
- By checking off each item, you are more likely to perform it properly.
- Establish a personal checklist that is customized to your defect experience.
- Process yield is the percentage of defects found before the first unit test execution. (70%+)
Checklists: HOWTO
- Use your review strategy.
- Review one product component at a time.
- Check for one type of defect at a time.
Checklists: The Key Point
Treat each check as a personal certification that the product is free of this defect.
For Extra Credit: Estimating Remaining Defects After a Peer Review
Use the Capture-Recapture Method:
- A: The number of defects found by the first reviewer.
- B: The number of defects found by the second reviewer.
- C: The number of defect found by both the first and the second reviewer.
Estimated total number of defects in the product:
Total defects found so far:
Estimated remaining defects in the product:
Inspection Yield:
HOWTO Quick Summary
- Pick a piece of code that you are uneasy about.
- Review it for defects that you had recently. KEEP A LIST!
- Keep your review speed at 200 LOC/hr. Plan ahead!
- Only look for one defect at a time.
- Treat each check as a personal certification that the product is free of this defect.
See Also
Guiding Principles for Reviews from Wiegers
- Check your egos at the door (Weinberg)
- Keep the review team small.
- Find problems during reviews, but don't try to solve them.
- Limit review meetings to about two hours.
- Review only about 200 to 400 NCSS per hour.
- Start the reviews where the perceived pain is the greatest.
- "It is only a mistake if it gets out of the review."
- "Avoid using technical reviewers who are themselves 'above' review."
References
- Peer Reviews in Software, by Karl Wiegers
- Introduction to the Team Software Process, by Watts Humphrey
- When two eyes aren't enough, by Karl Wiegers
- Seven Thruths About Peer Reviews, by Karl Wiegers
- Seven Deadly Sins of Software Reviews, by Karl Wiegers
- Handbook of Walkthroughs, Inspections and Technical Reviews, by Freedman and Weinberg