Software Quality: The Quest for the Holy Grail?
This afternoon, I attended a session on software quality by Jesper Pedersen at TSSJS. Jesper is a Core Developer at JBoss by Red Hat. He's the project lead of JBoss JCA, Tattletale, Papaki and JBoss Profiler 2. He's also currently the chairman of the Boston JBoss User Group. In this session, Jesper hopes to define basic requirements for a development environment and offer ideas on how to clean up a messy project.
Is software quality a friend or a foe? By implementing software quality processes, are you introducing unnecessary overhead? Development platforms are different today. We write a lot more business-specific code. We depend on standard frameworks for the core functionality. We depend on vendors to implement the standards correctly. We also depend on vendors to provide the necessary integration layer.
Since the platform is now a large slice of the pie, we must make sure we know where the issue is located. We must have proper integration tests; we must manage dependencies. Today, we must treat dependencies as if they are part of the application.
Defining the platform for your project helps narrow down the dependencies for your project. The platform is composed of corporate guidelines, standards, vendors and backend systems that you have to integrate with. Documentation is key for a successful project. Key documents types: User Guide, Developer Guide, API Guide, Architect Design, Implementation and Test.
It helps to define a project-wide configuration management system. Define a code-formatting guide will add consistency in your source tree. Also make sure you have separate build, test and execution environments. Use a Maven repository for your dependencies; both to support your project's artifacts as well as vendor artifacts.
"Maven today is an industry standard." -- Jesper Pederson
Define your tool chain as you would for your application. Back your Maven repository with SCM tools like Subversion or Git. For testing, use JUnit (unit testing), Corbertura (test coverage) and Hudson (continuous integration). Furthermore, you can add Checkstyle and Findbugs to verify coding conventions and find basic issues with code.
For the build environment, you need to make sure your dependency metadata is correct. Also, make sure you use the best practices for your given build tool. For example, with Maven and Ivy, it's a good idea to extract the version numbers into a common area of your pom.xml/build.xml so you can easily view all the versions in use. After you've done this, you can externalize the version information from the environment. Watch out for transitive dependencies as they can be tricky. Make sure you know what gets pulled in. Use enforcers to approve/ban dependencies or turn it off (Ivy). You can also vote for MNG-2315. Finally, snapshot dependencies are evil: define your release process so that releases are easy.
What can you do if your project is already a mess? Signs that your project is a mess: you look at your platform as a big black box, you use different dependencies than your deployment platform or you don't have integration tests for sub-systems or dependencies. To fix this, you can use a tool to get an overview of the entire project. Enter Tattletale.
Tattletale can give you an overview of your dependencies (Ant and Maven integration). It's a static analysis tool that doesn't depend on metadata, scanning your class files instead. Using Tattletale, you can produce a number of reports about your dependencies, what they're dependent on and what's dependent on you.
To maintain the lead in your project, make sure to define a checklist for each stage of your development cycle. Do reviews on documentation, architecture, component design and code. Enforce your rules of your project with your build system.
Jesper's final thoughts:
- Maintaining dependencies for a software project can be a tricky task.
- Using an Open Source platform as the foundation will ease the investigation of issues and increase trust.
- Defining a project-wide tool chain is key.
- Enforce all the rules on the project (better up-front than "fixing it" afterwards)
As Dusty mentioned, this session has a lot of good (basic) information, but there wasn't much new stuff. My team is using many of the technologies and practices that Jesper has mentioned. I guess that's validation that we're doing it right. I've heard of Tattletale, but never had a need for it since I haven't been on any "messy" projects recently.
I like all of the points that Jesper mentioned about using technology to support quality. Some of the best environments that I have worked in use the same tools to support quality.
IMHO quality starts with the developer. How can we build cultures that encourage quality? If the developer doesn't care or know how to create quality code and architecture then how can we get quality work?
Posted by Chris Love on March 17, 2010 at 09:18 PM MDT #
So if you are using Maven, which apparently is an industry standard according to Jesper, then why do I use tattletale? To manage dependencies without metadata. Ok, but you said that everything goes into a Maven repository. So everything has the metadata it needs to manage it's dependencies.
TattleTale looks like nothing more than static analysis to catch someone using unapproved apis or implementations. 99.99% of the info in that TattleTale web interface dump is useless. It almost promotes hand managing .jars. grrrrr.
If your team has not discovered the wonders of build tools like Maven and its standard processes, or if terms like Continuous Integration is a buzz word to your team, then you need to upgraydd. If you can't check out the trunk and build it from any machine, anywhere then you need to upgraydd.
Static analysis like CheckStyle or FindBugs or even the IDEA inspections are nice, but no where near as life changing as a working Maven build process. Break through the learning curve and make your life easier!
Posted by Dustin Pearce on March 17, 2010 at 09:37 PM MDT #