Post on 13-Apr-2017
1© 2017 Rogue Wave Software, Inc. All Rights Reserved.
1
Confronting the mission-critical software testing challengeEpisode 3:
What if you could eliminate the hidden costs of development?
Alan McKellarV.P. software development
Walter CapitaniProduct manager, Klocwork
2© 2017 Rogue Wave Software, Inc. All Rights Reserved.
2
Presenter
Alan McKellarV.P. software developmentRogue Wave Softwarealan.mckellar@roguewave.comTwitter: @AlanMcKellar
Walter CapitaniProduct manager, KlocworkRogue Wave Softwarewalter.capitani@roguewave.comTwitter: @walter_capitani
3© 2017 Rogue Wave Software, Inc. All Rights Reserved.
3
1. What are “hidden costs”?2. Code reviews3. A bug’s life4. Issue crowdsourcing5. Wait times6. Klocwork static code analysis7. Q&A
Agenda
4© 2017 Rogue Wave Software, Inc. All Rights Reserved.
4
What are “hidden costs”?
5© 2017 Rogue Wave Software, Inc. All Rights Reserved.
5
What everyone else says
6© 2017 Rogue Wave Software, Inc. All Rights Reserved.
6
What we’re talking about today
A different perspective on things that we know happen every day
Time/resources consumed but not identified, tracked, or acted upon
7© 2017 Rogue Wave Software, Inc. All Rights Reserved.
7
Poll #1Which of the following hidden costs has the largest impact on your organization?
• Open source software costs• Server downtime• Support issues / customer escalations• Lack of skills• Delayed or rushed releases
8© 2017 Rogue Wave Software, Inc. All Rights Reserved.
8
Code reviews
9© 2017 Rogue Wave Software, Inc. All Rights Reserved.
9
Not enough code reviews
“Further analysis revealed that individual inspection performance varied by a factor of 10 in terms of faults found per unit time and individuals
found on average about 53% of the faults.”
1. DZone / Agile Zone, August 22, 20142. “Testing the value of checklists in code inspections,” Hatton, 2007
1
2
10© 2017 Rogue Wave Software, Inc. All Rights Reserved.
10
Why the reluctance?
• Expensive– Multiple people working on the same module
• Developers would rather create than review– Find other ways of “reviewing”
Yet we all know early detection is cheaper to fix
11© 2017 Rogue Wave Software, Inc. All Rights Reserved.
11
Static code analysis
if(i = j) j++;
if(i == j) j++;
Defect: Assignment operator used in
conditional statement
Assignment operator replaced with intended comparison operator
Vulnerable Code
Fixed Code
12© 2017 Rogue Wave Software, Inc. All Rights Reserved.
12
• 80% of defects are introduced in development• Each defect found in test costs 50x to fix
Why the reluctance?
13© 2017 Rogue Wave Software, Inc. All Rights Reserved.
13
A bug’s life
14© 2017 Rogue Wave Software, Inc. All Rights Reserved.
14
Much more than fixing code
Impact on stakeholdersSales
Forced to avoid selling the feature
Sales
Spending time on the phone
Development
Fixing issues rather than creating new features
Marketing
Can’t talk about it
Support
Another brick in the wall
Marketing
Impact to brand image
C-suite
Applying pressure!
15© 2017 Rogue Wave Software, Inc. All Rights Reserved.
15
Tools like Klocwork shorten cycle times, making it easier to meet delivery times.
16© 2017 Rogue Wave Software, Inc. All Rights Reserved.
16
Issue crowdsourcing
17© 2017 Rogue Wave Software, Inc. All Rights Reserved.
17
How many people does it take to fix a bug?“I found a
bug!”
“Now, how do I fix it?”
“I can help.”
“Have you tried this?”
“I’ve seen this before.”
“Is it fixed yet?”
MANAGER
18© 2017 Rogue Wave Software, Inc. All Rights Reserved.
18
Be faster than Googling it
• Takes time to understand and translate results to your specific situation
• No validation that the “answer” is best for you
“Using Klocwork is WAY FASTER than Googling it!”- Walter Capitani, Feb. 2017
19© 2017 Rogue Wave Software, Inc. All Rights Reserved.
19
Test environment vs. real world
20© 2017 Rogue Wave Software, Inc. All Rights Reserved.
20
Wait times
21© 2017 Rogue Wave Software, Inc. All Rights Reserved.
21
“The silent killer”*
30 days (53%) spent waiting between phases
“Define a software delivery strategy for business innovation,” Forrester Research, Inc., July 2014
22© 2017 Rogue Wave Software, Inc. All Rights Reserved.
22
Shull et al estimate that non-severe defects take approximately 14 hours of debugging effort after
release, but only 7.4 hours before release.
* “What we have learned about fighting defects,” Shull et al, 2002
23© 2017 Rogue Wave Software, Inc. All Rights Reserved.
23
Poll #2For your last major customer escalation incident, how did you feel about the effort to resolve the problem?
• Less than I was willing to put in• About what I expected• More than I was willing to put in
24© 2017 Rogue Wave Software, Inc. All Rights Reserved.
24
What could you have done instead of working on that problem we just polled?
25© 2017 Rogue Wave Software, Inc. All Rights Reserved.
25
Klocwork static code analysis
26© 2017 Rogue Wave Software, Inc. All Rights Reserved.
26
Check code earlier & faster• Issues identified at your desktop
– Correct code before check-in• Issues identified through Continuous
Integration– Instant feedback at scale
• SmartRank recommendation engine helps prioritize work
• Create custom checkers to meet specific needs
• Debugger-like call-stack highlights the cause of the issues
27© 2017 Rogue Wave Software, Inc. All Rights Reserved.
27
Summary
• Ineffective code reviews• Impact of bugs on the organization• How many people does it take to fix a bug?• “The silent killer”
28© 2017 Rogue Wave Software, Inc. All Rights Reserved.
28
Q & A
29© 2017 Rogue Wave Software, Inc. All Rights Reserved.
29
Try Klocwork nowwww.klocwork.com/free-trial
30© 2017 Rogue Wave Software, Inc. All Rights Reserved.
30
Available for binge watching
www.roguewave.com/scaEpisode 1: How to achieve security, reliability, and productivity in less timeEpisode 2: Static analysis works for mission-critical systems, why not yours?Episode 3: What if you could eliminate the hidden costs of development?
www.roguewave.com/webinarsCar cybersecurity: What do the automakers really think? Five ways to create more secure codeStatic analysis’ role in automotive functional safety (ISO 26262)
31© 2017 Rogue Wave Software, Inc. All Rights Reserved.
31