standards

Conference Presentations

Prefactoring: Extreme Abstraction, Extreme Separation, and Extreme Readability

Developers often run into the same issues on every project. As the software is created, design problems start to creep in-causing maintenance releases with no new features, project delays, and worse. While some of these problems can be resolved by simple refactoring, others can be fixed only by a complex code restructuring effort. But you can avoid most these issues in the first place with prefactoring-using your experiences in previous projects and the experiences of others to help in early detection of common design errors and problems.

Ken Pugh, Net Objectives
Coding for Keeps: How to Write a Function

Functions are the basic building blocks of computer systems. Object-oriented classes are a way of packaging functions with shared data. Inheritance and polymorphism essentially are all about finding the right function. It’s all about functions! Get the picture? Chuck Allison explains that functions come in many varieties: static functions, polymorphic functions, generic functions, nested functions, higher-order functions, generator (aka stream) functions, coroutines, function closures, delegates, etc. Functions can handle arguments in different ways: by value, by result, by reference, by sharing, and by need, to name a few. Do you know how and when to use which? Functions should also be resource-friendly and robust should something hit the proverbial fan. Are your functions error-safe? Reusable? Maintainable? Do you know-really know-how to write a function? Come join Chuck and find out.

Chuck Allison, Utah Valley University
Refactoring: What You Need to Do It Right

As certain as evolving requirements lead to code changes, code changes lead to code degradation. Therefore, code refactoring is critical to the long-term viability of all software products. Kevin Sawicki shares tips and tricks for refactoring to help developers identify code that needs refactoring, preserve the correct code history during refactoring sessions, and ensure that appropriate unit tests cover the refactored code. Kevin demonstrates the Eclipse open-source frameworks and Java-based tools, including EMMA for code coverage analysis and JUnit for unit testing. These tools not only make code refactoring less painful, they also empower developers to constantly improve their code through relentless refactoring. Kevin outlines a step-by-step process to find refactoring candidates, perform the refactorings in an isolated code branch, and collaborate with other developers to review the refactored code.

Kevin Sawicki, Perforce Software
The Joy of Legacy Code

Even though the code may have been written only five years ago, there it is-a sprawling unintelligible mess that nobody wants to touch. For most people and teams, this reality is a cause for fear and loathing-something we want to sweep under the rug. We can, however, choose to see “bad” code as a challenge to restructure and refactor into a maintainable design that serves the business for years to come. Although legacy code presents many constraints on design choices, it offers the opportunity for incremental improvement. Michael Feathers shows you how to practice design within the boundaries of what some see as unintelligible code and explains ways to make the improvement process manageable. See how you can escape the fear that holds you back from productive action. Find out how to start with what you have now and progress toward a structure that supports the work at hand and immediately adds value.

Michael Feathers, Object Mentor
Even Cavemen Can Do It: Find 1,000 Defects in 1,000,000 Lines of Code in 30 Days

Due to the increased emphasis on computer security, great advances have been made in static analyzer tools that can detect many code errors that often elude programmers, compilers, test suites, and visual reviews. Traditional tools such as "lint" detectors are plagued with high false positive rates. Gregory Pope discusses the steps his organization used to evaluate and select a static analyzer tool and pilot its implementation. He describes how they rolled out the tool to developers and how it is being used today. Greg shares the results they achieved on real code (C, C++, and Java) and the valuable code metrics they obtained as a byproduct of its use. Greg discusses the skills needed to use the tools, ways to interpret the results, and techniques they used for winning over developers.

  • The features of static code analyzers
  • Defects that can be found with these tools
Gregory Pope, William Oliver and Kimberly Ferrari, Lawrence Livermore National Laboratory
Improving Code Quality with Eclipse and its Java Plug-ins

One of the features that makes Eclipse so popular within the Java community is the abundance of easy to use plug-ins. Many of these are freely available open-source tools. Plug-ins are available for virtually anything from implementing database connectivity to instant messaging. Because code quality is a critical aspect of production software applications, Eclipse has built-in tools that help developers write and deliver high quality code. Levent Gurses has employed a number of external plug-ins, including PMD, CheckStyle, JDepend, FindBugs, Cobertura, CPD, Metrics, and others to transform Eclipse into a powerhouse for writing, testing, and releasing high quality Java code. Levent shows you how to use Eclipse to improve your team's coding habits, enforce organizational standards, and zap bugs before they reach the client.

  • The standard quality check tools available in Eclipse
Levent Gurses, Stelligent
Code Coverage Myths and Realities

You've made a commitment to automate unit testing as part of your development process or you are spending precious resources for automated functional testing at higher levels. You may be asking yourself: How good are those tests anyway? Are many tests checking the same thing while large parts of the code go completely untested? Are your tests triggering the exceptions that normally show up only in production? Are your automated tests adequately covering the code, the requirements-both, neither? Andrew discusses the truths and untruths about code coverage and looks at the tools available to gather and report coverage metrics in both the opensource and commercial worlds. He describes the different types of code coverage, their advantages and disadvantages, and how to interpret the results of coverage reports.

  • The concept of mutation testing and how it fits into a code coverage strategy
Andrew Glover, Vanward Technologies
Patterns, Influence Strategies, and Stone Age Legacies

Struggling to help your team or organization become more innovative? Have great ideas but can't seem to get them off the ground? We all try to influence others, whether we want to move our department to a better development method or suggest a Friday night movie for the family. We discover new ideas to take back to our workplace but then struggle to make something happen. How can we successfully influence change? From her latest book Fearless Change:

Linda Rising, Specialist
Testing and the Flow of Value in Software Development

High quality software should be measured by the value it delivers to customers, and high quality software process should be measured by the continual flow of customer value. Modern processes have taught us that managing flow is all about the constraints restricting that flow. Testing, rather than being thought of as a conduit in that flow, is often perceived as an obstacle. It doesn't help that most testers struggle to answer the questions that their managers ask: What has and hasn't been tested? What do we need to test next? Where do we need to shift resources? If it works in the lab, why isn’t it working on those production machines? Where do we need to fix the performance or security? The ability-or inability- to answer these questions can determine the success and budget of a test team as well as how it is valued by its organization.

Sam Guckenheimer, Microsoft
Security Testing: Are You a Deer in the Headlights?

With frequent reports in the news of successful hacker attacks on Web sites, application security is no longer an afterthought. More than ever, organizations realize that security has to be a priority while applications are being developed-not after. Developers and QA professionals are learning that Web application security vulnerabilities must be treated like any other software defect. Organizations can save time and money by identifying and correcting these security defects early in the development process. Ryan English helps you overcome the “deer in the headlights” look when you are asked to begin testing applications for security issues. See real world examples of company Web sites that have been hacked because of vulnerable applications and see how the attacks could have been avoided.

  • Security defect categories and responsibility areas
Ryan English, SPI Dynamics Inc

Pages

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.