Tooling Ultimately tooling exists to make parts of the process easier - don't forget this. #QUICKBUILD MSTEST CODE#Our testing and release builds are done nightly, but only on code changes that gets through CI. I get near-instant feedback when I make a change (near-instant means <5 minutes). If it doesn't build or a single test fails, people get notified of the problem. Every change, a quick build is done and all unit tests are run. Once all that is done, our continuous integration server acts as a gatekeeper. Not just to get people to know different parts of the software, but also to educate on different things you all look for in reviews. Code reviews function, in-part, as a cross-training exercise as well. You can figure out how you want to execute it - there are tools to help or you can sit in a meeting and do it as a group. I have people on my team with varying life experiences - two have been writing code for over ten years in different languages, one speaks three languages fluently, another used to do embedded C++ - all this means they look for different things in reviews. There's nothing wrong with having everyone look at every review - more eyeballs means more input. Tell me why the code is doing something - I can read the code and see what its doing, but often the why is lost.Īnd then require a code review. This can be the triple-slash comments, or in-code comments. And then make sure that they all pass.Īlso require writing documentation. New feature, new tests new defect, new tests. Require that all developers write unit tests for code changes - any change should have a corresponding test. Just sitting down for ten minutes to think can save hours of coding time. Talk out possible approaches, possible behaviors, possible test cases and impacted areas. Make your developers think through a change before making it. Ultimately, the biggest change will be writing less code. Some do other work like run unit tests or the like, but at a minimum you should be building. The idea is to repeatedly build to look for compiler failures. You should have a continuous build server (or continuous integration server, whatever you want to call it). This is really important when you have to go back and spelunk to find out how long an issue has been in the code so you can alert your impacted customers. I can go into source control and find when a line of code was change and match it up with an issue in my bug tracker to find out why. Having the two says that years from now you can know why a line of code was changed. There should be no changes to the code without a corresponding issue. You need to be using a source control system and an issue/change/bug tracking system. Process I don't see it in your question, so I can't assume anything here. #QUICKBUILD MSTEST HOW TO#This includes how to do threat modeling, how to write tests, and so on. We have internal, mandatory training for all developers. We all code, we all write tests, we all do code reviews, we all do threat modeling, we all run code analysis - we all want to write a solid product so it's important we all do the requisite work. I've made sure that everyone on my team does all of this. I can give you all the tooling in the world to get this sort of thing done but if a developer doesn't want to use it, they won't. The pace of development is going to have to slow down to accommodate the extra work, so management will need to be willing to do this extra work (which it sounds like they are for you). If your developers don't care, then you're just going to have violations pile up. You can have static analysis tools, but someone has to run the analysis and someone has to fix violations. If they don't, any tools you have will be ignored and bypassed. People Your developers have to want to do this sort of work. It's all about people and process here - so I'll tell you the process and tools I use at work. Tooling will certainly help, but the best tool for this is between your ears, and not on the computer. Sadly, there is no Acme Mission Critical Analyzer 3000 to make everything ok. That said, this isn't really a case where tooling is going to give you the results you want. So I can appreciate what you are trying to do. It is used internationally, and subject to many different legal requirements, and currently available in about twenty different languages. #QUICKBUILD MSTEST SOFTWARE#Our software is mission critical for many of our customers - some financial, some medical, and so on. We've done the same sort of thing at my company as well.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |