… is co-founder and managing partner of the CQSE GmbH. He studied computer science at the Technische Universität München and the Asian Institute of Technology, Bangkok. He holds a PhD in software engineering.
In our code audits we primarily focus on issues that affect the maintainability of the code, e.g., code duplication caused by copy&paste programming. When presenting the audit results, a common reaction by the development team is: »Yes, you’re right. This is ugly. However, it is not a problem for us because we will never change this code!« My reaction: »Great. Compile the code to a binary library and delete the source.« This always provokes second thoughts. Not only because source code also serves as documentation that would be lost but also because the team suddenly doubts its own assessment of the stability of the code. So far, not a single development team followed my suggestion.
With examples of real-world systems this post discusses the multitude of reasons for code to change and explains why the assumption that code won’t change can be dangerous.
C/C++ programs often use conditional compilation to implement variations of a program. While conditional compilation is extremely flexible and easy to use, it leads to code that is hard to maintain. Using examples from open-source systems, this post demonstrates why such code is often referred to as the »#ifdef Hell« and what can be done to keep conditional compilation in check.
While there are numerous excellent articles, blog posts and books about the correct handling of character encodings in software systems, many systems still get it wrong because their architects and developers never understood what this is all about. I suspect that is due to the fact that many systems work more or less correctly even if you don’t care about character encodings. Moreover, character encodings in general and Unicode in particular is a topic of overwhelming complexity (if you want to fully understand it). The combination of these two facts—it mostly works even if I don’t care and really understanding the thing is hard—allows laziness to set in; resulting in software systems that handle text correctly under the most trivial circumstances only. This blog post aims to remedy this by focusing on the single most important rule for developers while abstracting away everything that is not required to understand this rule.
Posted on 10/22/2014 by Dr. Florian Deißenböck
Almost everybody agrees that having a consistent setup for compiler errors, warnings and the code formatter across all team members is crucial. However, many development projects still fail to achieve this. Surprisingly, the main reason for this seems to be that most developers are not aware that this can be easily enforced with Eclipse and use cumbersome »How to setup your workspace« descriptions in the developer wiki instead. In most cases these descriptions are outdated or generally ignored. As this is an issue that I have repeatedly discussed with our customers (and recently at the BITKOM Workshop in Frankfurt) I explain how enforcing a consistent setup for compiler errors, warnings and the code formatter works with Eclipse.
Posted on 02/24/2014 by Dr. Florian Deißenböck
On Friday, February 21st Apple published an update for iOS that fixed a serious security issue. What makes this issue interesting, is not only its severity but also the fact that the issue can be nicely pinned down two a single line of code. Conveniently, this code is open-source and available for analysis! In this post I’ll explain why this major security issue is, after all, the result of a number of quality issues, which are often undervalued as minor flaws.
TODO (EJ) Ohne den Finger genau drauflegen zu können, finde ich die Sprache an vielen Stellen noch nicht knackig genug. Einge Formulierungen erscheinen mir komplizierter als notwendig. Bspw: - “den von uns durchgeführten” -> “unseren” - Unterschied zwischen Autor oder Code-Leser hier wichtig, oder reicht “Entwickler”? - “zur Ablage von” -> “für”
Bei den von uns durchgeführten Code-Analysen gilt ein besonderes Augenmerk den sog. Task-Tags. Bei Task-Tags handelt es sich um vom Team mehr oder minder einheitlich verwendeten Zeichenkenketten wie “TODO”, “FIXME” oder “HACK”. Diese werden verwendet, um Stellen zu markieren, an denen aus Sicht des Autors oder eines Code- Lesers noch Handlungsbedarf besteht. Dies ist eine sinnvolle, leichtgewichtige Technik, die wir selbst z.B. auch gerne zur Ablage von Review- Kommentaren verwenden. Problematisch werden die Task-Tags erst, wenn es bei der Markierung bleibt und niemals eine Handlung erfolgt. Da dies leider
For almost as long as we develop software, we have tried to measure various aspects of it. Among them: size, complexity and quality. According to some counts, more than 1,000 software metrics have been proposed since the 1960ies. Hence, one could hope that we developed a sound understanding about how to use them effectively and efficiently in practice. Nevertheless, I almost daily encounter organizations that fail to employ software metrics to their benefit. In many cases, the inappropriate use of metrics actually does more harm then good in these organizations.
This article summarizes the pitfalls that I observed in practice (and academia) over the course of ten years and emphasizes the best practices that are required to sucessfully employ software metrics. TODO: Mention talks.
Metrics are not exclusive to software engineering. On the contrary, they are prevalent in almost all discplines. Conciously or not, we
Talk at Versicherungskammer Bayern, 2017.
Talk at VKSI Sneak Preview, 2014.
Talk at Bitkom Arbeitskreis Software Engineering, 2014.
Talk at the OOP, 2013.
Talk at Bitkom Arbeitskreis Qualitätsmanagement, 2013.
Talk at msg systems ag, 2013.
Talk at Universität Stuttgart, 2012.
Talk at GI Regionalgruppe München, 2012.
Talk at GI Regionalgruppe Hamburg, 2012.
Talk at AE Kolloquium of the Versicherungskammer Bayern, 2011.
Talk at the Dagstuhl-Seminar GI-Dissertationspreis 2009, 2010.
Talk at the Google Developer Day 2010, 2010.
Talk at BITKOM AK SQM, 2009.
Talk at the International Workshop on the Role of Abstraction in Software Engineering, 2008.
Talk at BITKOM AK SQM and PG BE&QM, 2008.
Talk at Workshop zur Erhebung, Spezifikation und Analyse nichtfunktionaler Anforderungen in der Systementwicklung, 2008.
Talk at HSE-Workshop »Produktivität in der Software-Entwicklung«, 2008.
Talk at the International Conference on Software Maintenance, 2007.
Talk at Workshop Software-Qualität @ Euroforum-Konferenz »Software im Automobil«, 2007.
Talk at Workshop Software-Produktqualität @ Software & Systems Engineering Essentials (SEE), 2007.
Talk at ateM Workshop, 2006.
Talk at the Workshop on Software Quality, 2006.
Talk at the International Workshop on Program Comprehension, 2005.
Talk at Architekturworkshop @ Technische Universität München , 2005.
Proceedings of the 15th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM’15), 2015.
Softwaretechnik-Trends, Vol. 34, 2014.
2014 IEEE International Conference on Software Maintenance and Evolution (ICSME’14), 2014.
Proceedings of the 28th IEEE International Conference on Software Maintenance (ICSM’12), 2012.
Proceedings of the 16th European Conference on Software Maintenance and Reengineering (CSMR’12), 2012.
Softwaretechnik-Trends, Vol. 32, 2012.
The Quamoco Quality Meta-Model.
Report TUM-I128. Technische Universität München, 2012.
Proceedings of the 19th IEEE International Conference on Program Comprehension (ICPC’11), 2011.
OBJEKTSpektrum, Vol. 05, 2011.
Proceedings of the 12th International Conference on Software Reuse (ICSR’11), 2011.
Proceedings of the 15th European Conference on Software Maintenance and Reengineering (CSMR’11), 2011.
Proceedings of the 33rd ACM/IEEE International Conference on Software Engineering (ICSE’11), 2011.
Proceedings of the 16th European Conference on Software Maintenance and Reengineering (CSMR’11), 2011.
Proceedings of the 32nd International Conference on Software Engineering (ICSE’10), 2010.
Proceedings of the 14th European Conference on Software Maintenance and Reengineering (CSMR’10), 2010.
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering (ICSE’10), 2010.
Proceedings of the 4th International Workshop on Software Quality and Maintainability (WoSQ’10), 2010.
Ausgezeichnete Informatikdissertationen 2009. Gesellschaft für Informatik, 2010.
Proceedings of the 4th International Workshop on Software Clones (IWSC’10), 2010.
Proceedings of the 3rd International Workshop on Software Clones (IWSC’09), 2009.
Proceedings of the 31st International Conference on Software Engineering (ICSE’09), 2009.
Dissertation. Technische Universität München, 2009.
Proceedings of the 31st International Conference on Software Engineering (ICSE’09), 2009.
Proceedings of the 7th International Workshop on Software Quality (WoSQ’09), 2009.
Proceedings of the 2nd International Workshop on The Role of Abstraction in Software Engineering (ROA’08), 2008.
Proceedings of the International Conference on Software Engineering (ICSE’08), 2008.
Tagungsband der Software-Engineering-Konferenz, 2008.
Software Process: Improvement and Practice, Vol. 13, 2008.
Selected Topics in Software Quality.
Report TUM-I0824. Technische Universität München, 2008.
In Proceedings of Workshop Software-Qualitätsmodellierung und -bewertung (SQMB ’08), 2008.
Proceedings of SE’08, 2008.
IEEE Software, Vol. 25, 2008.
Proceedings of the International Workshop on Semantic Technologies in System Maintenance, 2008.
Workshop-Band Software-Qualitätsmodellierung und -bewertung (SQMB ’08).
Proceedings of the International Conference on Software Maintenance (ICSM’07), 2007.
Workshopband der Software-Engineering-Konferenz, 2007.
Proceedings of the International Conference on Software Process (ICSP’07), 2007.
Proceedings of the 3rd International Workshop on Metamodels, Schemas, Grammars and Ontologies for Reverse Engineering (ATEM’06), 2006.
Software Quality Journal, Vol. 14, 2006.
Proceedings of the Workshop on Software Quality (WOSQ’06), 2006.
Tagungsband der Informatik 2006, 2006.
Proceedings of the World Congress for Software Quality (WCSQ’05), 2005.
Proceedings of the International Workshop on Program Comprehension (IWPC’05), 2005.
Proceedings of the International Workshop on Software Technology and Engineering Practice, 2005.