Deeper BPM Solutions
Blog Archive
All Tags
algorithms
android
android_os
application_security
architecture
bpm
business
business_rules
coding
cognitive_corporation
confidentiality
data
data_masking
data_security
ea
education
efficient
efficient_coding
encryption
enterprise_applications
enterprise_architecture
enterprise_architecture_framework
enterprise_systems
full_disk_encryption
information
information_systems
integrity
internet
is_management
it_leadership
java
javaone
linkedin
managing_is_projects
marketing
media
microsoft_tags
neutrality
ontology
open
open_source
optimization
oracle
personally_identifiable_information
pii
privacy
process_automation
programming
qr_codes
quality
rules
security
security_in_depth
semantic_technology
semantic_web
semantics
services
soa
software
source
sql_injection
success
system_integration
systems
testing
truecrypt
tuning
upgrade
vulnerability
web
web_services
windows_7
workflow
Our people weigh in on the issues of the day.
Blue Slate's people think a lot about the challenges facing their industries today. In the process, they often come up with completely unexpected slants on current issues, or new ways of thinking about business problems. Bluespeak is where they share those thoughts. Feel free to read and reflect.
[Any views or opinion represented in this blog are personal and belong solely to the blogger and do not represent those of Blue Slate Solutions.]
Expanding on “Code Reviews Trumps Unit Testing, But They Are Better Together”
Michael Delaney, a senior consulting software engineer at Blue Slate, commented on my previous posting.
As I created a reply I realized that I was expanding on my reasoning
and it was becoming a bit long. So, here is my reply as a follow-up
posting. Also, thank you to Michael for helping me think more about
this topic.
I understand the desire to rely on unit testing and its ability to find issues and prevent regressions. For TDD, I’ll need to write separately. Fundamentally I’m a believer in white box testing. Black box approaches, like TDD, seem to be of relatively little value to the overall quality and reliability of the code. Meaning, I’d want to invest more effort in white box testing than in black box testing.
I’m somewhat jaded, being concerned with the code’s security, which to me is strongly correlated with its reliability. That said, I believe that unit testing is much more constrained as compared to formal reviews. I’m not suggesting that unit tests be skipped, rather that we understand that unit tests can catch certain types of flaws and that those types are narrow as compared to what formal reviews can identify.
[Read More]Tuesday October 18, 2011 | By David Read
Code Reviews Trump Unit Testing , But They Are Better Together
Last week I was participating in a formal code review (a.k.a. code inspection) with one of our clients. We have been working with this client, helping them strengthen their development practices. Holding formal code reviews is a key component for us. Part of the formal process we introduced includes reviewing the unit testing results, both the (successful) output report and the code coverage metrics.
At one point we were reviewing some code that had several error handling blocks that were not being covered in the unit tests. These blocks were, arguably, unlikely or impossible to reach (such as a Java StringReader throwing an IOException). There was some discussion by the team about the necessity of mocking enough functionality to cover these blocks.
Although we agreed that some of the more esoteric error conditions weren’t worth the programmer’s time to mock-up, it occurred to me later that we were missing an important point. What mattered was that we were holding a formal code review and looking at those blocks of code.
[Read More]