Refactoring: How do DevOps and Agile Processes Affect Software Quality?

by

DevOps and Agile adoption continues to accelerate and scale across organizations, yet the question many executives and researchers are asking is:

Are DevOps and Agile Practices Improving Software Quality?

To offer deeper insight, Carmine Vassallo, Fabio Palomba, and Harald C. Gall of the Department of Informatics at the University of Zurich, have released several studies that look at DevOps and Agile outcomes by examining the impact of continuous refactoring on software quality.

Their paper, An Exploratory Study on the Relationship between Changes and Refactoring, analyzes refactoring during the evolution of a software system to help understand which code components are likely to be refactored. While in their follow-on paper, Continuous Refactoring in CI: A Preliminary Study on the Perceived Advantages and Barriers, the authors seek to understand how developers perform refactoring and the pros and cons of adopting Continuous Refactoring. Specifically, they dig into the common perception that developers understand the value of refactoring but are reluctant to do so.

The authors further enhanced their findings by adding a qualitative research component that analyzed source code extracted from an open source repository, identifying projects that employed both a Continuous Integration and a Continuous Code Quality platform, specifically Travis CI and SonarQube.

Why Developers Do and Don’t Refactor

The Zurich team identified that removing duplicated code, improving readability and addressing technical debt were the most popular reasons why developers refactored.

  • 74% of cases were open because developers were re-organizing and de-duplicating code.
  • In 96% of cases, the overall readability of refactored classes was improved by 48%.
  • 46% of the refactored classes were affected by technical debt previous versions. Therefore, most of the time refactoring is a form of compensation for pre-existing debts.

The authors go on to classify refactoring motivations into three areas: software quality improvement, better code comprehension and avoidance of quality gate failures.

Developer Perceptions on Refactoring

Zurich_Research_Table 1

 

  • 29% of developers were less convinced about the need to continuously refactor code.
  • 16% said that Continuous Refactoring might be needed at some point, while 13% reported they don’t believe it’s a crucial activity at all.

These results align with previous findings regarding developers’ “refactoring to understand” attitude.  Essentially, developers tend to focus on documenting and re-organizing code to improve readability and comprehension, versus addressing software quality issues or concerns.

The team identified two major motivations behind developer attitudes toward refactoring: (1) risks associated with the re-structuring of a portion of source code and (2) effort required to apply the transformation, since “continuous program transformations can decrease the understandability of the overall architecture of the system.”

Refactoring, Automation and Understandability

While refactoring technique varies based on the language and context developers are working in, the fundamental definition of code refactoring is the process of restructuring existing computer code without changing its external behavior. Refactoring is intended to improve non-functional attributes of the software, make code more readable and reduce complexity all in the name of creating more maintainable software and establishing a more expressive internal architecture or object model. As Martin Fowler explains, “Refactoring isn’t another word for cleaning up code - it specifically defines one technique for improving the health of a code-base.”

While there are many refactoring techniques, such as allowing for more abstraction and breaking code apart into more logical pieces, the Zurich team’s research illustrates that most refactoring in practice focuses on techniques to improve the names and location of code. They propose one reason for this is that developers lack proper automated tools while refactoring, i.e. tools that help overcome their fear of breaking the code or introduce bugs while refactoring.

One of the more promising DevOps trends is the increasing practice of Continuous Integration (CI), a development practice aiming at continuously building new software, which can make the identification of bugs and the improvement of software quality easier. CI is promising because, through tooling, developers can define and automate software quality gates as part of their delivery pipeline.

A software quality gate is simply a set of constraints, determined by the organization, on the quality of the software that are expressed through thresholds on certain metrics. Software quality gates are a well-known way to control software degradation; if a newly committed change fails a software quality gate, the developer can take action to resolve the issue quickly.

Should the Pipeline Stop for Bad Software?

While the Zurich team suggests that there is a lack of effective refactoring tools that prevent the wider adoption of Continuous Refactoring, my experience is that there is organizational resistance against ‘breaking’ the DevOps pipeline or slowing down release cycles. This mindset is driven by the current thinking about DevOps key metrics, specifically deployment frequency and lead time for changes.

As Mr. Fowler points out, these are IT delivery-centric measures. While they have value to an organization, the inclusion of product-specific measures would create the opportunity for a decision regarding when to ‘break’ the pipeline, especially if the software built does not meet the organization’s stated security, reliability and overall quality goals.

High-performing organizations are quickly embracing the idea of including product-based measures and instituting software quality gates within DevOps pipelines. In IEEE Software Magazine, Fannie Mae demonstrates how an automated structural quality analysis within their DevOps-Agile methodology resulted in 21 times (+19,000) more builds per month with half the previous staffing, while experiencing an 30-48% improvement in overall software quality and 28% improvement in team productivity.

Fannie_Mae_Waterfall_DevOps_Agile_IEEE

While DevOps and Agile have certainly revolutionized how software is developed and delivered, there is much room for improvement to establish: Are we actually getting better and improving software quality?

As we near the next phase of maturity across the industry, more organizations and business leaders will be looking for this answer, and of course asking the next question: How can we get even better?

The Zurich team has started an investigation into how to answer this question, but more work is to be done. In my next post, I will continue to share how the Zurich team evolved their investigation into DevOps and Agile processes and their impact on Continuous Code Quality.

In the meantime, I look forward to hearing about your experience with refactoring: Are teams doing it? What is working best? What obstacles have you overcome? What obstacles remain?

Filed in: DevOps
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Pete Pizzutillo
Pete Pizzutillo Vice President
Pete Pizzutillo is Vice President at CAST and has spent the last 15 years working in the software industry. He passionately believes Software Intelligence is the cornerstone to successful digital transformation, and he actively helps customers realize the benefits of CAST's software analytics to ensure their IT systems are secure, resilient and efficient to support the next wave of modern business.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|