Tweet
Tweet

Slide 1

Slide 1 text

A presentation by @stuherbert
 for @GanbaroDigital A Quality Model For MVC Applications Introducing

Slide 2

Slide 2 text

@GanbaroDigital Today’s Talk

Slide 3

Slide 3 text

@GanbaroDigital 1. Quality Metrics

Slide 4

Slide 4 text

@GanbaroDigital 2. Quality Models

Slide 5

Slide 5 text

@GanbaroDigital 3. Measuring Quality

Slide 6

Slide 6 text

@GanbaroDigital You’ll leave this talk with a clear understanding of using a quality model and how to start building one for your MVC apps.

Slide 7

Slide 7 text

@GanbaroDigital How do you currently measure quality?

Slide 8

Slide 8 text

@GanbaroDigital You probably rely on quality metrics.

Slide 9

Slide 9 text

@GanbaroDigital • Code coverage • Pass / Fail Unit Tests • Pass / Fail Acceptance Tests • Open bug reports • Cyclomatic Complexity • CRAP • High / low coupling • Number of responsibilities • … and so on Quality Metrics

Slide 10

Slide 10 text

@GanbaroDigital Utilities for metrics: phpqatools.org

Slide 11

Slide 11 text

@GanbaroDigital What do quality metrics describe?

Slide 12

Slide 12 text

@GanbaroDigital A quality metric is an absolute count of one property of the source code.

Slide 13

Slide 13 text

@GanbaroDigital What is a ‘good’ value for a quality metric?

Slide 14

Slide 14 text

@GanbaroDigital The same quality metric cannot consistently be interpreted by different teams.

Slide 15

Slide 15 text

@GanbaroDigital The same quality metric cannot consistently be interpreted by different people on the same team.

Slide 16

Slide 16 text

@GanbaroDigital How do these different metrics relate to each other?

Slide 17

Slide 17 text

@GanbaroDigital Quality metrics are completely unrelated to each other.

Slide 18

Slide 18 text

@GanbaroDigital Quality metrics cannot be compared against each other.

Slide 19

Slide 19 text

@GanbaroDigital Which quality metrics do you use in your code reviews?

Slide 20

Slide 20 text

@GanbaroDigital Why don’t you use all your quality metrics in your code review checklists?

Slide 21

Slide 21 text

@GanbaroDigital We measure quality to prevent things going wrong and to detect the things that have already gone wrong.

Slide 22

Slide 22 text

@GanbaroDigital The most cost-effective place to resolve a problem is as close to the cause as possible.

Slide 23

Slide 23 text

@GanbaroDigital The earlier that you can detect problems the cheaper it is to resolve them.

Slide 24

Slide 24 text

@GanbaroDigital What if we could measure quality the same way across all code, all teams?

Slide 25

Slide 25 text

@GanbaroDigital What would that look like?

Slide 26

Slide 26 text

@GanbaroDigital

Slide 27

Slide 27 text

@GanbaroDigital QM-1.1 QM-1.2 QM-1.3 QM-1.4 QM-1.5 QM-2.5 QM-2.12 QM-2.6 QM-2.1 QM-3.1 QM-2.11 QM-2.16 QM-2.4 QM-1.7 QM-2.15 QM-2.7 QM-2.13 QM-2.10 QM-2.9 QM-1.6 QM-2.8 QM-2.2 QM-2.14 QM-2.3

Slide 28

Slide 28 text

@GanbaroDigital 0% 25% 50% 75% 100% QM-1.1 QM-1.2 QM-1.3 QM-1.4 QM-1.5 QM-2.5 QM-2.12 QM-2.6 QM-2.1 QM-3.1 QM-2.11 QM-2.16 QM-2.4 QM-1.7 QM-2.15 QM-2.7 QM-2.13 QM-2.10 QM-2.9 QM-1.6 QM-2.8 QM-2.2 QM-2.14 QM-2.3

Slide 29

Slide 29 text

@GanbaroDigital Quality metrics are useful but you can’t plot a single graph with them.

Slide 30

Slide 30 text

@GanbaroDigital SQuaRE Introducing

Slide 31

Slide 31 text

@GanbaroDigital SQuaRE = Software product Quality Requirements and Evaluation = ISO 25000 standards series

Slide 32

Slide 32 text

@GanbaroDigital Why ISO 25000?

Slide 33

Slide 33 text

@GanbaroDigital Most informal approaches to quality focus only on what is wrong.

Slide 34

Slide 34 text

@GanbaroDigital Most formal quality assessment frameworks measure the team not the product.

Slide 35

Slide 35 text

@GanbaroDigital Quality Model Division 2501n Quality Management Division 2500n Quality Requirements Division 2503n Quality Measurement Division 2502n Quality
 Evaluation Division 2504n

Slide 36

Slide 36 text

@GanbaroDigital ISO 25010:2011 Systems and software engineering - Systems and software Quality Requirements and Evaluation (SQuaRE) - Systems and software quality models

Slide 37

Slide 37 text

@GanbaroDigital Two Quality Models • Quality In Use Model • Product Quality Model

Slide 38

Slide 38 text

@GanbaroDigital Two Quality Models • Quality In Use Model • Product Quality Model

Slide 39

Slide 39 text

@GanbaroDigital Quality In Use Model measures what it is like to live with the code that has shipped.

Slide 40

Slide 40 text

@GanbaroDigital Product Quality Model measures the quality of the code that you want to ship.

Slide 41

Slide 41 text

@GanbaroDigital Other models (e.g. data quality) are covered elsewhere in ISO 25000

Slide 42

Slide 42 text

@GanbaroDigital What does the Product Quality Model look like?

Slide 43

Slide 43 text

@GanbaroDigital • Functional suitability • Performance efficiency • Compatibility • Usability • Reliability • Security • Maintainability • Portability Eight Main Categories

Slide 44

Slide 44 text

@GanbaroDigital Functional Suitability • Functional completeness • Functional correctness • Functional appropriateness

Slide 45

Slide 45 text

@GanbaroDigital Performance Efficiency • Time behaviour • Resource utilisation • Capacity

Slide 46

Slide 46 text

@GanbaroDigital Compatibility • Co-existence • Interoperability

Slide 47

Slide 47 text

@GanbaroDigital Usability • Appropriateness recognisability • Learnability • Operability • User error protection • User interface aesthetics • Accessibility

Slide 48

Slide 48 text

@GanbaroDigital Reliability • Maturity • Availability • Fault tolerance • Recoverability

Slide 49

Slide 49 text

@GanbaroDigital Security • Confidentiality • Integrity • Non-repudiation • Accountability • Authenticity

Slide 50

Slide 50 text

@GanbaroDigital Maintainability • Modularity • Reusability • Analysability • Modifiability • Testability

Slide 51

Slide 51 text

@GanbaroDigital Portability • Adaptability • Installability • Replaceability

Slide 52

Slide 52 text

@GanbaroDigital We can apply the Product Quality Model to MVC apps.

Slide 53

Slide 53 text

@GanbaroDigital How? We define quality measurements.

Slide 54

Slide 54 text

@GanbaroDigital What is a quality measurement?

Slide 55

Slide 55 text

@GanbaroDigital It is a mathematical function: X = A / B or X = 1 - ( A / B )

Slide 56

Slide 56 text

@GanbaroDigital X = A / B where A is the number of times that a quality criteria is satisfied B is the total number of opportunities to satisfy that quality criteria

Slide 57

Slide 57 text

@GanbaroDigital For example: A is the number of times that output is correctly escaped. B is the total number of times that output needs escaping.

Slide 58

Slide 58 text

@GanbaroDigital If we correctly escape output 25 times out of 30 X = 25 / 30 = 0.83

Slide 59

Slide 59 text

@GanbaroDigital If we correctly escape output 87 times out of 1237 X = 87 / 1237 = 0.07

Slide 60

Slide 60 text

@GanbaroDigital These measurements are comparable. We can compare 0.83 to 0.07.

Slide 61

Slide 61 text

@GanbaroDigital X = 1 - ( A / B ) where A is the number of times that a quality criteria is not satisfied B is the total number of opportunities to satisfy that quality criteria

Slide 62

Slide 62 text

@GanbaroDigital For example: A is the number of application routes where a GET modifies the database B is the total number of routes in the application that accept GETs

Slide 63

Slide 63 text

@GanbaroDigital If we modify the database during a GET request in 5 routes out of 400 X = 1 - ( 5 / 400 ) = 0.98

Slide 64

Slide 64 text

@GanbaroDigital If we modify the database during a GET request in 39 routes out of 258 X = 1 - ( 39 / 258 ) = 0.84

Slide 65

Slide 65 text

@GanbaroDigital These measurements are comparable. We can compare 0.98 to 0.84.

Slide 66

Slide 66 text

@GanbaroDigital Quality measurements: X = A / B or X = 1 - ( A / B )

Slide 67

Slide 67 text

@GanbaroDigital Use X = A / B when you want people to do A as much as possible

Slide 68

Slide 68 text

@GanbaroDigital Use X = 1 - ( A / B ) when you want people to do A as little as possible

Slide 69

Slide 69 text

@GanbaroDigital When we measure quality, a quality criteria is either: satisfied (a pass) or not (a fail).

Slide 70

Slide 70 text

@GanbaroDigital Every quality measurement has a value between 0 and 1. 0 is the worst score possible. 1 is the best score possible.

Slide 71

Slide 71 text

@GanbaroDigital One quality measurement function measures one quality criteria.

Slide 72

Slide 72 text

@GanbaroDigital ISO is working on some draft quality measurements. They’re not ready. They’re not specific enough.

Slide 73

Slide 73 text

@GanbaroDigital We have to define our own.

Slide 74

Slide 74 text

@GanbaroDigital Step 1: Define your quality criteria.

Slide 75

Slide 75 text

@GanbaroDigital Start by covering the basics. Cover what is important to you.

Slide 76

Slide 76 text

@GanbaroDigital 3 Levels Of Importance • Essential - must not ship • Major - should not merge • Minor - housekeeping

Slide 77

Slide 77 text

@GanbaroDigital Examples: Security • Validate route parameters • Validate query string parameters • Validate form data • Check CSRF token • Escape output correctly

Slide 78

Slide 78 text

@GanbaroDigital 3 Levels Of Importance • Essential - must not ship • Major - should not merge • Minor - housekeeping

Slide 79

Slide 79 text

@GanbaroDigital Examples: HTTP • Do not modify database on GETs • Return HTTP 422 when request validation fails • Return HTTP 500 when an unexpected exception occurs

Slide 80

Slide 80 text

@GanbaroDigital 3 Levels Of Importance • Essential - must not ship • Major - should not ship • Minor - housekeeping

Slide 81

Slide 81 text

@GanbaroDigital Examples: Code Health • Follow SOLID • Follow DRY • Remove all unused code

Slide 82

Slide 82 text

@GanbaroDigital Step 2: Define one or more quality measurement function for each of your quality criteria.

Slide 83

Slide 83 text

@GanbaroDigital Route Parameter Verification • X = A / B, where • A = number of route parameters that are verified, and • B = total number of route parameters defined

Slide 84

Slide 84 text

@GanbaroDigital CSRF Token Publishing • X = A / B, where • A = number of HTML forms that publish a CSRF token • B = total number of HTML forms

Slide 85

Slide 85 text

@GanbaroDigital CSRF Token Verification • X = A / B, where • A = number of routes that validate the CSRF token of a HTML form • B = total number of routes that accept a HTML form as input

Slide 86

Slide 86 text

@GanbaroDigital Verification Failure Notification • X = A / B, where • A = number of routes that return HTTP 422 when request verification fails • B = total number of routes that accept any form of input

Slide 87

Slide 87 text

@GanbaroDigital Class Substitution • X = A / B, where • A = number of methods that accept an interface as the input type • B = total number of methods that accept objects as input

Slide 88

Slide 88 text

@GanbaroDigital … you get the idea.

Slide 89

Slide 89 text

@GanbaroDigital Start small. Don’t go overboard.

Slide 90

Slide 90 text

@GanbaroDigital No-one writes perfect code. No-one can afford to pay for perfect code.

Slide 91

Slide 91 text

@GanbaroDigital Design quality measurements for the things that are cheaper to get right first time.

Slide 92

Slide 92 text

@GanbaroDigital Design quality measurements for the things that need to become habits.

Slide 93

Slide 93 text

@GanbaroDigital How do we use the quality model in code reviews?

Slide 94

Slide 94 text

@GanbaroDigital Your quality criteria are your code review checklist.

Slide 95

Slide 95 text

@GanbaroDigital Train your developers to use the quality criteria when designing and writing software.

Slide 96

Slide 96 text

@GanbaroDigital How do we use the quality model in QA teams?

Slide 97

Slide 97 text

@GanbaroDigital The quality model forms the basis of your test strategy.

Slide 98

Slide 98 text

@GanbaroDigital Update your quality criteria and quality measurement functions when QA discovers new kinds of defects.

Slide 99

Slide 99 text

@GanbaroDigital How do we use the quality model with management?

Slide 100

Slide 100 text

@GanbaroDigital 0% 25% 50% 75% 100% QM-1.1 QM-1.2 QM-1.3 QM-1.4 QM-1.5 QM-2.5 QM-2.12 QM-2.6 QM-2.1 QM-3.1 QM-2.11 QM-2.16 QM-2.4 QM-1.7 QM-2.15 QM-2.7 QM-2.13 QM-2.10 QM-2.9 QM-1.6 QM-2.8 QM-2.2 QM-2.14 QM-2.3

Slide 101

Slide 101 text

@GanbaroDigital 0% 25% 50% 75% 100% Interoperability Accountability Authenticity Analysability Modifiability Confidentiality Modularity Non-repudiation Testability Integrity Fault Tolerance Resource Utilisation

Slide 102

Slide 102 text

@GanbaroDigital The quality measurements show where quality is good as well as where it needs improving.

Slide 103

Slide 103 text

@GanbaroDigital Ignoring problems is just as unhealthy as only reporting problems.

Slide 104

Slide 104 text

@GanbaroDigital Celebrate your successes. Fix your faults.

Slide 105

Slide 105 text

@GanbaroDigital In post-mortems, link the root cause to the relevant quality measurements or to any missing ones.

Slide 106

Slide 106 text

@GanbaroDigital Identify gaps in your quality criteria and plug them.

Slide 107

Slide 107 text

@GanbaroDigital How do we deal when the team changes?

Slide 108

Slide 108 text

@GanbaroDigital Quality has already been defined. That’s what your written quality criteria are. You just need to train new people in your quality criteria.

Slide 109

Slide 109 text

@GanbaroDigital Talk about your quality criteria when interviewing. Make it part of your engineering culture.

Slide 110

Slide 110 text

Stuart Herbert ~ @stuherbert Founder @GanbaroDigital