вход по аккаунту

код для вставкиСкачать
Article: Source Code Review Systems
Author: Jason Remillard
Presenter: Joe Borosky
Class: Principles and Applications of
Software Design
Date: 11/2/2005
Inspections: A Well Established Cost
Effective Way to Find Defects
• Yet they are not universally used, WHY?
– Lack of Training on how to do Inspections well
– The need for Project Managers to move
resources Away From Testing into Inspections
– Large amount of paperwork required by Formal
Soluris and Inspections
• Because of the Previously stated problems
the software inspections program at Soluris
had faded away
• When Soluris wanted to reestablish the
inspection process they did 2 things
– First they purchased “Peer Reviews in
Software” by Karl Wiegers
– Second they selected a software tool to
automate the inspection process and thus
eliminate the paper forms that would be needed
Tools Compared
• Open Source
– Bugzilla
– Codestriker
• Commercial
– CodeReview add-on for Visual Studio .NET
– CodeReviewer
– ReviewPro
Bugzilla (1)
• Open Source Bug Tracking System
• Originally built to support Netscape
• It spun off in 1998 as part of the Mozilla
Web Browser
• CGI-based Web Application
• Written in Perl
• Runs under Unix and Windows
Bugzilla (2)
• The Database Backend uses the open source
• It requires Reviews to occur within an open
Bug Report
– Developers enter all Enhancements as Bugs so
each task performed has an associated Bug
• When an Enhancement is made or a Bug is
fixed a Unified Difference Text File (or
Patch File) is created
Bugzilla (3)
• The Patch File only contains the changes
made and is uploaded as a Bug Attachment.
• Using the existing Bug Commenting
Systems you can state questions, concerns,
or suggestions.
• The Bugzilla Patch Viewer is integrated
with CVS (Concurrent Versions System) so
you can view unchanged parts of files.
Bugzilla (4)
• It does NOT support other revision control
• It Cannot collect Metrics on the Review or
Track the state of each comment, which are
disadvantages when considering its use for
Formal Inspections.
• Its support for Formal Inspections is
minimal and it focuses on Spot Check-ins
Codestriker (1)
• Written by David Sitsky in 2001
• It started out as a simple Web-based Review
System for patches.
• It has evolved into a tool with good support
for Formal Inspections with Metrics and for
Inspection Meetings.
• CGI-Application written in Perl
• The Web server runs on Windows and Unix
Codestriker (2)
• Advantages over Bugzilla
– It can store data in Oracle, MySQL,
PostgresSQL or Microsoft SQL Server
– It can integrate with many source code control
systems, including CVS, Subversion,
Clearcase, Visual Source Safe, Perforce, and
Codestriker (3)
• Installation
– 1. Unpack the Codestriker tar or zip file contents into a
directory on your web server
– 2. Create a new database in your RDB of choice
– 3. Configure the Web server to call the Codestriker
CGI Perl Scripts
– 4. Configure the Codestriker site-specific option in the
codestriker.conf file with a text editor
– If needed the manual gives detailed instructions
Codestriker (4)
• To use Codestriker for a Review you must
set up a Topic which includes a description,
a reviewer list, and the document to review.
• 2 ways to Create a Topic
– 1. Generate it from the Revision Control
– 2. Upload a File
Codestriker (5)
• Uploading a file (using patch Files)
– This is usually a single command in most
Revision Control Systems. For example,
cvs diff -u > my_diff.txt (similar to Bugzilla)
– Patch files do not need to be formatted as a
Unified diff file like in Bugzilla
– You can upload a Text File but you cannot
upload complex files like Word documents or
PDF files
Codestriker (6)
• Generating Topics from the Revision
Control System
– First check in the files being reviewed
– Next Enter the baseline revision’s name in the
start tag
– Then enter the end tag field of the new version
of the files to compare
– Finally the topic author lists the reviewer’s
email addresses and enters a comment and title.
Codestriker (7)
• Codestriker sends email to the reviewers
with a link pointing to a dynamically
created web page that shows the topic under
• Reviewers can make comments and
Codestriker sends email to the topic author
for each commit submitted. Comments are
tracked in a separate comment page.
Codestriker (8)
• When the author makes the appropriate
changes he/she closes the topic.
• Soluris uses Codestriker for both Spot
Checking and for Formal Inspections.
• Spot Checks are not as rigorous as Formal
Inspections but they are useful for finding
obvious problems and style guide violations
• For the same amount of work Soluris now
gets a review of all check ins on the revision
control system using Codestriker
Codestriker (9)
• Metrics
– It automatically collects metrics on each review
– It knows how large each topic is, who participated, how
long they spent, and how many defects they found, all
without any extra data entry
– It can manage External Metrics (overview meeting time
and preparation time) & Inspection Metrics (monitor
effective ness of inspections)
– It showed finding defects during inspections is more cost
effective than finding them during integration testing or
after software release.
Codestriker (10)
• Problems
– It is limited to reviewing text files (can’t be
used for documents with formatting, tables, or
images). Thus high level documents require
manual review.
– Soluris uses it only for Code Reviews, Detailed
Design Reviews, and Check-in Spot Checks
– It sends a lot of emails (email is sent every time
a topic is created or a comment is made)
– It does not support checklists as the commercial
products do
Code Review Add-on for Visual Studio .NET
By Macadamian Technologies
Focuses on Pre-check in Spot Inspections
Commercial product
It has similar capabilities as Bugzilla (open
Code Reviewer
By SmartBear Software
Focuses on Pre-check in Spot Inspections
Commercial product
It has similar capabilities as Bugzilla (open
• By Software Development Technologies
• It offers Excellent support for Formal
Inspections (including: inspection metrics,
fine grained user security, and customizable
process flow).
• It assumes that the item being inspected is
printed or viewable in another application.
• It cannot be used for check-in spot checks
• Commercial Product
• Codestriker is the best product in terms of
support for BOTH Check-In Spot Checks
and for Formal Inspections.
• For your own needs evaluate available tools
and see what works best for the types of
inspections you need to do.
• No Current product is a complete solution
for all kinds of inspections
Table 1 the 5 Review Products
Пожаловаться на содержимое документа