Software Measurement Pitfalls & Best...

Software Measurement Pitfalls & Best Practices

@EricBouwers @avandeursen

@jstvssr

Introductions

It takes a village …

Tiago Alves Jose Pedro Correira Christiaan Ypma Miguel Ferreira

Ilja Heitlager

Tobias Kuipers

Bart Luijten

Dennis Bijlsma

And what about you?

Why talk about software measurement?

‘You can’t control what you can't measure.’

DeMarco, Tom. Controlling Software Projects: Management, Measurement and Estimation. ISBN 0-13-171711-1.

Why talk about software measurement?

‘You can’t improve what you can't measure.’

Software measurement is used for:

•  Cost and effort estimation •  Productivity measures and models •  Data collection •  Reliability models •  Performance evaluation and models •  Structural and complexity metrics •  Capability-maturity assessments •  Management by metrics •  Evaluation of methods and tools •  Quality models and measures

Fenton et. al., Software Metrics: a rigorous and practical approach. ISBN 0534954251

Which software measures do you use?

(Software) Measurement

What is measurement?

‘Formally, we define measurement as a

mapping from the empirical world to the formal, relational world. ’

‘A measure is the number or symbol assigned to an entity by this mapping in order to

characterize an attribute’


Entity

Attribute

Mapping

Measure

Entities

Product: •  Specifications, Architecture diagrams, Designs, Code,

Test Data, …

Process: •  Constructing specification, Detailed design, Testing, ….

Resources: •  Personnel, Teams, Software, Hardware, Offices, …


Attributes

External

Internal Size, Structuredness,

Functionality

Usability, Reliability

Mapping

Park, Rober E., Software Size Measurement: A Framework for Counting Source Statements, Technical Report CMU/SEI-92-TR-020

Representation Condition Attribute: Size

Foo

Bar

500 LOC

100 LOC

1 File

5 Files

Large

Small

Measure Measure Measure

Measure - scale types

Scale type Allowed operations

Example

Nominal = , ≠ A, B, C, D, E Ordinal = , ≠, < , > Small, large Interval = , ≠, < , > , + , - Start date Ratio All LOC Absolute All -

Concept summary

Entity (Child)

Attribute (Length)

Measure (cm)

Mapping (feet on ground)

Why does this matter?

It determines what you want …

Alves. Categories of Source Code in Industrial Systems, ESEM 2011: 335-338

It determines who wants it …

System

Component

Module

Unit

Aggregation exercise From Unit to System

Unit measurement: T. McCabe, IEEE Transactions on Software Engineering, 1976

•  Academic: number of independent paths per method •  Intuitive: number of decisions made in a method •  Reality: the number of if statements (and while, for, ...)

McCabe: 4

Method

Available data

For four projects, per unit: •  Lines of Code •  McCabe complexity

In which system is unit testing a given method the most challenging?

Option 1: Summing

Crawljax GOAL Checkstyle Springframework Total McCabe 1814 6560 4611 22937

Total LOC 6972 25312 15994 79474

Ratio 0,260 0,259 0,288 0,288

Option 2: Average

Crawljax GOAL Checkstyle Springframework Average McCabe 1,87 2,45 2,46 1,99

0"

200"

400"

600"

800"

1000"

1200"

1400"

1600"

1800"

1" 2" 3" 4" 5" 6" 7" 8" 9" 10" 11" 12" 13" 14" 15" 17" 18" 19" 20" 21" 22" 23" 24" 25" 27" 29" 32"

Cyclomatic complexity

Risk category

1 - 5 Low

6 - 10 Moderate

11 - 25 High

> 25 Very high

Sum lines of code"per category"

Lines of code per risk category

Low Moderate High Very high

70 % 12 % 13 % 5 %

Option 3: Quality profile

0%# 10%# 20%# 30%# 40%# 50%# 60%# 70%# 80%# 90%# 100%#

Crawljax#

Goal#

Checkstyle#

Springframework#

Always take into account

Volume

Explanation

Distribution

Pitfalls in using measurements What are they and how to counter them?

One-track metric

When only looking at size …

Combination shows problems on different levels

Equals

HashCode

Metrics Galore

So what should we measure?

GQM

Goal Question

Question

Metric

Metric

Metric

Basili, Et. Al. , The Goal Question Metric Approach, Chapter in Encyclopedia of Software Engineering, Wiley, 1994.

GQM - Example

http://www.cs.umd.edu/users/mvz/handouts/gqm.pdf

Treating the metric

Metric in a bubble

● ● ● ● ● ● ● ● ● ●

● ●

●

●

● ● ● ● ● ● ● ● ●

0.0

0.2

0.4

0.6

0.8

1.0

● ● ● ● ● ● ● ● ● ●

●

●

●● ●

●

● ● ● ● ●● ●

1.0 1.1 1.2 1.3 1.4 2.0 2.1 2.2 2.3 2.4 3.0 3.1 3.2 3.3 3.4 3.5 4.0 4.1 4.2 4.3 4.4 5.0 5.1

●

●

SBCSUCB

I II III IV

Software Quality as a goal

Software Quality waves

1970s •  Higher-order languages

1980s •  Design methods and tools (CASE)

1990s •  Process

2000s •  Product

2010s •  ?

“Focus on the product to improve quality” “The CMM [..] is not a quality standard” Bill Curtis ��co-author of the Capability Maturity Model (CMM), ��the People CMM, and the Business Process Maturity Model. In “CMMI: Good process doesn't always lead to good quality” Interview for TechTarget, June 2008 http://tinyurl.com/process-vs-quality

The Bermuda Triangle of Software Quality

Process (organizational)

Project (individual)

People (individual)

Product

CMMI (Scampi)

Prince2 J2EE (IBM)

MCP (Microsoft)

RUP (IBM)

ISO 25010 ISO 14598

ISO 25010

Software product quality standards

Previous: separate standards Currently: ISO 25000-series, a coherent family of standards

ISO/IEC 25010 Quality perspectives

Product quality

Quality in use effect of software product

software product

development (build and test)

deploy

phase Quality model

ISO/IEC 25010 Software product quality characteristics

Functional Suitability Performance Efficiency Compatibility

Reliability

Portability Maintainability Security

Usability ISO 25010

The sub-characteristics of maintainability in ISO 25010

Maintain

Analyze Modify Test Reuse

Modularity

A Practical Model for Measuring Maintainability

Some requirements

Simple to understand

Allow root-cause analyses

Technology independent

Heitlager, et. al. A Practical Model for Measuring Maintainability, QUATIC 2007

Easy to compute

Suggestions for metrics?

Measuring ISO 25010 maintainability using the SIG model

Volume

Duplication

Unit size

Unit complexity

Unit interfacing

Module coupling

Component balance

Component independence

Analysability X X X X

Modifiability X X X

Testability X X X

Modularity X X X

Reusability X X

From measurement to rating A benchmark based approach

Embedding A bechmark based approach

0.14

0.96

0.09

0.84

5% HHHHH

30% HHHHI

30% HHHII

30% HHIII

5% HIIII

0.09

0.14

0.84

0.96

…. ….

0.34

Note: example thresholds

HHIII

sort

From measurements to ratings

Volume

Duplication

Unit size

Unit complexity

Unit interfacing

Module coupling

Component balance



Modifiability X X X

Testability X X X

Modularity X X X

Reusability X X

Remember the quality profiles?

1.  Compute source code metrics

per method / file / module 2.  Summarize distribution of measurement

values in “Quality Profiles”


Risk category

1 - 5 Low

6 - 10 Moderate

11 - 25 High

> 26 Very high

Lines of code per risk category

Low Moderate High Very high

70 % 12 % 13 % 5 %

Sum of lines of code per category"

Heitlager, et. al. A Practical Model for Measuring Maintainability, QUATIC 2007

‘First level’ calibration

The formal six step proces

Alves, et. al., Deriving Metric Thresholds from Benchmark Data, ICSM 2010

Visualizing the calculated metrics


Choosing a weight metric


Calculate for a benchmark of systems


70% 80% 90%

SIG Maintainability Model Derivation metric thresholds

1.  Measure systems in benchmark 2.  Summarize all measurements

3.  Derive thresholds that bring out the metric’s variability

4.  Round the thresholds


Risk category

1 - 5 Low

6 - 10 Moderate

11 - 25 High

> 26 Very high

(a) Metric distribution (b) Box plot per risk category

Fig. 10: Unit size (method size in LOC)


Fig. 11: Unit interfacing (number of parameters)

computed thresholds. For instance, the existence of unit testcode, which contains very little complexity, will result in lowerthreshold values. On the other hand, the existence of generatedcode, which normally have very high complexity, will resultin higher threshold values. Hence, it is extremely important toknow which data is used for calibration. As previously stated,for deriving thresholds we removed both generated code andtest code from our analysis.

VIII. THRESHOLDS FOR SIG’S QUALITY MODEL METRICS

Throughout the paper, the McCabe metric was used as casestudy. To investigate the applicability of our methodology toother metrics, we repeated the analysis for the SIG qualitymodel metrics. We found that our methodology can be suc-cessfully applied to derive thresholds for all these metrics.

Figures 10, 11, 12, and 13 depict the distribution and the boxplot per risk category for unit size (method size in LOC), unitinterfacing (number of parameters per method), module inwardcoupling (file fan-in), and module interface size (number ofmethods per file), respectively.

From the distribution plots, we can observe, as for McCabe,that for all metrics both the highest values and the variabilitybetween systems is concentrated in the last quantiles.

Table IV summarizes the quantiles used and the derivedthresholds for all the metrics from the SIG quality model.As for the McCabe metric, we derived quality profiles foreach metric using our benchmark in order to verify that thethresholds are representative of the chosen quantiles. The


Fig. 12: Module Inward Coupling (file fan-in)


Fig. 13: Module Interface Size (number of methods per file)

results are again similar. Except for the unit interfacing metric,the low risk category is centered around 70% of the code andall others are centered around 10%. For the unit interfacingmetric, since the variability is relative small until the 80%quantile we decided to use 80%, 90% and 95% quantiles toderive thresholds. For this metric, the low risk category is around 80%, the moderate risk is near 10% and the other twoaround 5%. Hence, from the box plots we can observe thatthe thresholds are indeed recognizing code around the definedquantiles.

IX. CONCLUSION

A. ContributionsWe proposed a novel methodology for deriving software

metric thresholds and a calibration of previously introducedmetrics. Our methodology improves over others by fulfillingthree fundamental requirements: i) it respects the statisticalproperties of the metric, such as metric scale and distribution;ii) it is based on data analysis from a representative set ofsystems (benchmark); iii) it is repeatable, transparent andstraightforward to carry out. These requirements were achievedby aggregating measurements from different systems usingrelative size weighting. Our methodology was applied to alarge set of systems and thresholds were derived by choosingspecific percentages of overall code of the benchmark.

B. DiscussionUsing a benchmark of 100 object-oriented systems (C#

and Java), both proprietary and open-source, we explained

Derive & Round"


‘Second level’ calibration

How to rank quality profiles? Unit Complexity profiles for 20 random systems

Alves, et. al., Benchmark-based Aggregation of Metrics to Ratings, IWSM / Mensura 2011

HIIII

HHIII

HHHII

HHHHI

HHHHH

?

Ordering by highest-category is not enough!


HIIII

HHIII

HHHII

HHHHI

HHHHH

?

A better ranking algorithm


Order categories

Define thresholds of given systems

Find smallest possible

thresholds

Which results in a more natural ordering


HIIII

HHIII

HHHII

HHHHI

HHHHH

Second level thresholds Unit size example


SIG Maintainability Model Mapping quality profiles to ratings

1.  Calculate quality profiles for the systems in the benchmark 2.  Sort quality profiles 3.  Select thresholds based on 5% / 30% / 30% / 30% / 5% distribution

Select thresholds" HHHHH

HHHHI

HHHII

HHIII

HIIII

Sort"


SIG measurement model Putting it all together

Quality Profiles

Property Ratings ΗΗΙΙΙ

ΗΙΙΙΙ

ΗΗΗΙΙ

ΗΗΗΗΙ

ΗΗΗΗΗ

ΗΗΗΗΙ

Quality Ratings ΗΗΙΙΙ

ΗΗΙΙΙ

ΗΗΗΙΙ

ΗΗΗΗΙ

Overall Rating

ΗΗΗΙΙ

Measure-ments

c. d.

Does it measure maintainability?

SIG Maintainability Model Empirical validation

•  The Influence of Software Maintainability on Issue Handling MSc thesis, Technical University Delft

•  Indicators of Issue Handling Efficiency and their Relation to Software Maintainability, MSc thesis, University of Amsterdam

•  Faster Defect Resolution with Higher Technical Quality of Software, SQM 2010

16 projects (2.5 MLOC)

150 versions

50K issues

Internal: maintainability

external: Issue handling

Empirical validation The life-cycle of an issue

Empirical validation Defect resolution time

Luijten et.al. Faster Defect Resolution with Higher Technical Quality of Software, SQM 2010

Empirical validation Quantification

Luijten et.al. Faster Defect Resolution with Higher Technical Quality of Software, SQM 2010

Empirical validation Quantification

Bijlsma. Indicators of Issue Handling Efficiency and their Relation to Software Maintainability, MSc thesis, University of Amsterdam

Does it measure maintainability?

Is it useful?

Software Risk Assessment

Analysis in SIG Laboratory

Finalpresentation

Kick-offsession

Strategysession

Technicalsession

Technicalvalidation

session

Riskvalidation

session

Final Report

Example Which system to use?

HHHII HHIII

HHHHI

Example Should we accept delay and cost overrun, or cancel the project?

User Interface

Business Layer

Data Layer

User Interface

Business Layer

Data Layer

Vendor framework

Custom

Software Monitoring

Source code

Automated analysis

Updated Website

Interpret Discuss Manage

Act!

Source code

Automated analysis

Updated Website


Act!

Source code

Automated analysis

Updated Website


Act!

Source code

Automated analysis

Updated Website


Act!

1 week 1 week 1 week

Software Product Certification

Summary

Measurement challenges

Entity

Attribute

Mapping

Measure

0%# 10%# 20%# 30%# 40%# 50%# 60%# 70%# 80%# 90%# 100%#

Crawljax#

Goal#

Checkstyle#

Springframework#

Metric in a bubble Treating the metric

One-track metric Metrics galore

Meaning

# metrics

Too little Too much

A benchmark based model

Volume

Duplication

Unit size

Unit complexity

Unit interfacing

Module coupling

Component balance



Modifiability X X X

Testability X X X

Modularity X X X

Reusability X X


Fig. 10: Unit size (method size in LOC)


Fig. 11: Unit interfacing (number of parameters)

computed thresholds. For instance, the existence of unit testcode, which contains very little complexity, will result in lowerthreshold values. On the other hand, the existence of generatedcode, which normally have very high complexity, will resultin higher threshold values. Hence, it is extremely important toknow which data is used for calibration. As previously stated,for deriving thresholds we removed both generated code andtest code from our analysis.

VIII. THRESHOLDS FOR SIG’S QUALITY MODEL METRICS

Throughout the paper, the McCabe metric was used as casestudy. To investigate the applicability of our methodology toother metrics, we repeated the analysis for the SIG qualitymodel metrics. We found that our methodology can be suc-cessfully applied to derive thresholds for all these metrics.

Figures 10, 11, 12, and 13 depict the distribution and the boxplot per risk category for unit size (method size in LOC), unitinterfacing (number of parameters per method), module inwardcoupling (file fan-in), and module interface size (number ofmethods per file), respectively.

From the distribution plots, we can observe, as for McCabe,that for all metrics both the highest values and the variabilitybetween systems is concentrated in the last quantiles.

Table IV summarizes the quantiles used and the derivedthresholds for all the metrics from the SIG quality model.As for the McCabe metric, we derived quality profiles foreach metric using our benchmark in order to verify that thethresholds are representative of the chosen quantiles. The


Fig. 12: Module Inward Coupling (file fan-in)


Fig. 13: Module Interface Size (number of methods per file)

results are again similar. Except for the unit interfacing metric,the low risk category is centered around 70% of the code andall others are centered around 10%. For the unit interfacingmetric, since the variability is relative small until the 80%quantile we decided to use 80%, 90% and 95% quantiles toderive thresholds. For this metric, the low risk category is around 80%, the moderate risk is near 10% and the other twoaround 5%. Hence, from the box plots we can observe thatthe thresholds are indeed recognizing code around the definedquantiles.

IX. CONCLUSION

A. ContributionsWe proposed a novel methodology for deriving software

metric thresholds and a calibration of previously introducedmetrics. Our methodology improves over others by fulfillingthree fundamental requirements: i) it respects the statisticalproperties of the metric, such as metric scale and distribution;ii) it is based on data analysis from a representative set ofsystems (benchmark); iii) it is repeatable, transparent andstraightforward to carry out. These requirements were achievedby aggregating measurements from different systems usingrelative size weighting. Our methodology was applied to alarge set of systems and thresholds were derived by choosingspecific percentages of overall code of the benchmark.

B. DiscussionUsing a benchmark of 100 object-oriented systems (C#

and Java), both proprietary and open-source, we explained

HHHHH

HHHHI

HHHII

HHIII

HIIII

Analysis in SIG Laboratory

Finalpresentation

Kick-offsession

Strategysession

Technicalsession

Technicalvalidation

session

Riskvalidation

session

Final Report

The most important things to remember

Goal

Entity – Attribute – Mapping

Context

Validate in theory and practice

Software Measurement Pitfalls & Best...

Documents

Transcript of Software Measurement Pitfalls & Best...