Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Turn the microscope: using machine learning and...

Turn the microscope: using machine learning and data science to optimize code quality

Code quality is an abstract concept that fails to get traction at the business level. Consequently, software companies keep trading code quality for new features. The resulting technical debt is estimated to waste up to 42% of developers' time, causing stress, uncertainty, as well as making our job less satisfactory than it should be. Without clear and quantifiable benefits, it's hard to build a business case for code quality. At the same time, the rise of machine learning and data science has taught us how to find patterns in complex phenomenons.
In this keynote, Adam takes on the challenge by turning the data analysis microscope the other way around to study how software evolves. We do that by combining novel quality metrics with analyses of how the engineering organization interacts with the code you are building. It's people + code. This combination lets you prioritize the parts of your system that benefit the most from improvements, communicate quantifiable costs of technical debt to the business side, and even use ML to suggest specific refactorings. All techniques are available and actionable today, and the case studies are from well-known open source Java codebases. This new perspective on software development will change how you view code.

Adam Tornhill

June 08, 2022
Tweet

More Decks by Adam Tornhill

Other Decks in Programming

Transcript

  1. @AdamTornhill “Technical debt is code that’s more expensive to maintain

    than it should be.” Software Design X-Rays, 2018 What is Technical Debt?
  2. What we actually know: Research on Technical Debt Waste 


    Software developers spend 23-42% of their work week dealing with technical debt and bad code.1, 2, 3 1 Besker, T., Martini, A., Bosch, J. (2019) “Software Developer Productivity Loss Due to Technical Debt” 2 Stripe, (2018), “The Developer Coef fi cient: Software engineering ef fi ciency and its $3 trillion impact on global GDP” 3 https://codescene.com/technical-debt/whitepaper/calculate-business-costs-of-technical-debt.pdf 4 Sultana, K. Z., Codabux, Z., & Williams, B. (2020, December). Examining the relationship of code and architectural smells with software vulnerabilities. Vulnerabilities 
 There is a statistically signi fi cant correlation between software vulnerabilities and code smells like Brain Classes, complex implementations, and large classes.4
  3. Technical Debt: where we are as an industry Research finds

    that developers are frequently forced to introduce new Technical Debt as companies keep trading code quality for sho r t-term gains like new features.1 1 T Besker, A Ma r tini, and J Bosch. 2019. “Software developer productivity loss due to 
 technical debt—a replication and extension study examining 1207 developers’ development work”
  4. “There's never enough time to do something right, but there's

    always enough time to do it over.”* Melvin E. Conway (1968). “How Do Committees Invent?” @AdamTornhill * Thanks, Kevlin Henney
  5. Code Health: beyond a single metric Examples on Code Health

    Issues Module Level: Low Cohesion, many responsibilities Brain Class, low cohesion, large class, at least 
 one Brain Method Function Level: Brain Methods, complex functions that centralize 
 the behavior of the module Copy-pasted logic, missing abstractions, DRY violations Implementation Level: Deeply Nested Logic, if-statements inside if-statements Primitive Obsession, missing a domain language Code health as a proxy for code quality: 1. Detect prope r ties of the code that are known to correlate with increased maintenance costs and with higher risks of defects. 2. Aggregate the metrics via a network calibrated from a large baseline library of code. 3. Categorise (Red/Green/Yellow), and visualize. Learn More: https://codescene.com/blog/measure-code-health-of-your-codebase/
  6. @AdamTornhill Selenium: a project for web browser automation 450k lines

    of code https:/ /github.com/SeleniumHQ/selenium Visualizing code health
  7. @AdamTornhill Visualizing code health Selenium: a project for web browser

    automation 450k lines of code https:/ /github.com/SeleniumHQ/selenium
  8. @AdamTornhill Selenium: a project for web browser automation 450k lines

    of code https:/ /github.com/SeleniumHQ/selenium Visualizing code health
  9. Examples: a gallery of code @AdamTornhill CoreCLR: the runtime for

    .Net 8.5 million lines of code https:/ /github.com/dotnet/coreclr Tomcat: web server and Servlet container 500k lines of code https:/ /github.com/apache/tomcat
  10. Research to quantify the impact of code quality: scope &

    data @AdamTornhill ▶ A quantitive large-scale study of code quality impact. ▶ Data from 39 commercial codebases. ▶ Analysed more than 40 000 software modules. ▶ Many different industry segments. ▶ Tested across 14 programming languages. ▶ Using the CodeScene tool to automated the analyses. ▶ Our research findings are statistical significant and peer reviewed for the International Conference on Technical Debt 20221 1 Research publication: https://arxiv.org/abs/2203.04374
  11. The costs of low code quality: why is it so

    hard to measure? ▶ Organizations don’t know the development costs of individual modules. 1 ▶ Hence, related numbers (i.e. on technical debt impact) come from surveys and self-repo r ted estimates. 2 1. Tracking detailed time in development would be a significant overhead. A few organisations enforce “Time Spent” to be repo r ted in Jira, but that time is per task level, not per code module 2. Ga r tner (2021): , McKinsey (2020), Stripe (2018) We know the staffing costs.. ..and we could (in theory) get the costs per ticket… ..but we have no way of knowing how those costs are distributed across code of various quality! source code
  12. Time-In-Development: how do we measure it? File 1 File 2

    Jira Issue X moved to “In Progress”: sta r ts the sub-cycle time #1 commit #1 cycle time #1 sub-cycle times #1 + #3 sub-cycle times #2 + #3 Time-In-Development: Data source: Jira commit #N cycle time #3 cycle time #3 commit #2 cycle time #2 Data source: Jira + Git
  13. Green Code: Implementing a feature is twice as fast Healthy

    Warning Ale r t Code Health category Mean time for implementing a ticket Relative scale Development time for code changes 0.05 0.10 0.15 additional time spent compared to healthy code @AdamTornhill
  14. Red Code: A feature can take up to 9 times

    longer Healthy Warning Ale r t Code Health category Unce r tainty: maximum time for implementing a ticket Relative scale Development time for code changes 0.20 0.40 0.60 0.80 1.00 additional unce r tainty compared to healthy code @AdamTornhill
  15. Red Code: 15 times more defects Healthy Warning Ale r

    t Defects by Code Health category Defects Relative scale Number of Defects 0.20 0.40 0.60 0.80 additional defects/rework compared to healthy code @AdamTornhill
  16. The programmer perspective: how low quality code impacts development teams

    @AdamTornhill The most frequent causes of unhappiness: 1. Stuck in problem-solving 2. Time pressure 3. Work with bad code “[Developers] suffer tremendously when they meet bad code that code have been avoided in the fi rst place” Grazitotin, D., & Fagerholm, F. (2019). “Happiness and the Productivity of Software Engineers"
  17. Theory into practice: how would we use this data? Code

    quality constraints a business ▶ Give all stakeholders — devs, product, management — the same situational awareness of where the strong and weak pa r ts are. Fight hyperbolic discounting: ▶ Discussing future risks primes you for sta r ting to address them. Build a business case for improvements: ▶ Refactoring and larger improvements can come with a business expectation. @AdamTornhill
  18. @AdamTornhill Red Code: Where do we sta r t? Tomcat:

    web server and Servlet container 500k lines of code https:/ /github.com/apache/tomcat
  19. @AdamTornhill Hotspots: Prioritize based on developer behaviour Most code is

    stable: low interest technical debt Most development activity is in a small pa r t of the codebase: high interest technical debt Interest rate: Code Change Frequency
  20. Function Level Hotspots Parse Recommended functions to improve. Hotspots: X-Ray:

    StandardContext.java From https://pragprog.com/book/atevol/software-design-x-rays
  21. @AdamTornhill Automated refactoring recommendations: how it works Detect code that

    degrades in health so that we can act: …but we can just as easily fi nd code that improves its health:
  22. @AdamTornhill Git Commits Read more: https://codescene.com/engineering-blog/refactoring-recommendations Filter: improving code health?

    Automated refactoring recommendations: how it works Is the Git diff useful to a human? Trained on classi fi ed samples. Social proximity? That is, the refactoring is done by “your” team? Architectural proximity? That is, the refactoring is in “your” domain and pa r t of the code? Ranked refactoring recommendations
  23. @AdamTornhill A personalised refactoring catalogue example on Complex Method Refactoring

    from keycloak Refactoring: 1. Identify commonalities. 2. Encapsulate the commonalities. 3. Use the higher level abstraction to simplify the code.
  24. Speed + Quality: you can have it all “Our results

    indicate that improving code quality could free existing capacity; with 15 times fewer bugs, twice the development speed, and 9 times lower unce r tainty in completion time, the business advantage of code quality should be unmistakably clear.” A. Tornhill & M. Borg (2022) @AdamTornhill Healthy Warning Ale r t 0.20 0.40 0.60 0.80 1.00 Quality dimension: where are the risks and oppo r tunities? Hotspot dimension: what’s the impact and priorities?
  25. Tools + examples: https://codescene.com/ Blogs on Software Evolution & Technical

    Debt: • https://www.codescene.com/blog/ • https://adamtornhill.com/ behavioral code analysis techniques, tech debt, teams, microservice analyses Adam Tornhill https://twitter.com/AdamTornhill https://se.linkedin.com/company/codescene