Slashdot Mirror
Facts and Fallacies of Software Engineering
The Layout
Facts and Fallacies is not a technically demanding book; it's a very easy and compelling read. There are 55 Facts (and 5+5 fallacies) grouped into logical sections such as Management, Life Cycle, and Quality.
First, each Fact is stated succinctly. (For instance, Fact 1: The most important factor in software work is not the tools or techniques used by the programmers, but rather the quality of the programmers themselves.) Then the point is fleshed out more fully -- in this case, that even with all the periodic hype for some hot new methodology that promises orders of magnitude greater productivity, the quality of your programmers matters far more than anything else (and even the best new methods only offer 5-35% increases).
Next, the level of controversy about this Fact is discussed. For Fact 1, it's that even though everyone pays lip service to the idea of people being more important than processes, we all still act like it's not true. Maybe this new hot methodology can turn all your lousy programmers into great ones! Perhaps it's because people are a harder problem to address than tools, techniques, and process. And, of course, hot new methodologies sell a lot of books.
Finally comes a list of sources and references, which can lead you to more in-depth great reading like Peopleware and Software Runaways. This all works out to about one to two pages per item.
The Facts and FallaciesThe Facts and Fallacies fall into several groups. Some are not well known (or just met with stunned disbelief) such as Fact 31: Error removal is the most time-consuming phase of the life cycle. Some that are pretty well accepted, but are mostly ignored, like Fact 1 above. Some that are accepted, but nobody can agree on what to do about (if anything), like Fact 9 (paraphrased) #150: Project estimates are done at the beginning of the project when you have insufficient understanding of the requirements and scope, which makes it a very bad time to do an estimate for the entire project.
Some Facts Glass acknowledges many people will flat out disagree with (and for a few people, very loudly), like Fact 30: COBOL is a very bad language, but all the others (for business data processing) are so much worse. These are the Facts where he really has an axe to grind, and make for amusing reading. In this case what he's really saying is that there is a use for domain-specific languages intended to do one specific thing and do it well, rather than languages like C and Java which attempt to be "good enough" for any use under the sun. But everyone hates COBOL, including me, so it's controversial.
What's Good?
Again, this is a good (and fast) Read. Even if you don't agree with everything, Glass is a skilled writer with strong opinions and a sense of humor. And you might end up agreeing more than you expected. I was pretty skeptical when I started reading. After all, I'm a long time software engineer with strong opinions too, and how often do you get opinionated geeks to agree on even what soda or text editor to use? But most of the Facts resonated with my experience, and of course for most of them Glass has substantial research reference for. The best Facts are those that you knew but might never have expressed explicitly, like Fact 41: Maintenance typically consumes 40 to 80 percent (average, 60 percent) of software costs. Therefore, it is probably the most important life cycle phase of software.
Or consider Fact 18: There are two 'rules of three' in reuse: (a) it is three times as difficult to build reusable components as single use components, and (b) a reusable component should be tried out in three different applications before it will be sufficiently general to accept into a reuse library. I knew this generally, and you probably did too, but I didn't know the specific reference for "Biggerstaff's Rules of Three," which give you a ballpark figure.
The book was written in 2002, when eXtreme Programming was hot, and it's very interesting that the predictions Glass made in this book about the strengths and weaknesses of XP were, in retrospect, pretty much on target, and this sort of predictive success helps confirm more viscerally that he knows his subject.
What's Bad?
There are a few Facts in here that Glass included just because he feels strongly about them (or even about specific people) and he doesn't really back them up very strongly except with "well golly, this is so obvious." Like Fallacy 5: Programming can and should be egoless. Note that this is a Fallacy, so he opposes it. I happen to agree with him, but his arguments are mostly personal ox-goring even if they're based on his extensive experience. Still, it's an interesting read.
A few of the Fallacies he feels are so obvious that he doesn't even really bother providing sources or references for them, and this somewhat diminishes the overall feel of rigor.
Really, the worst thing about this book is that it doesn't come with a poster of just a bullet-pointed list of facts and fallacies that you can nail to your office wall (or your boss's).
A Few More Facts
Just to whet your appetite:
Fact 21: For every 25% increase in problem complexity, there is a 100% increase in solution complexity.
Fact 37: Rigorous inspections [code reviews] can remove up to 90% of errors before the first test case is run. [But are so mentally and emotionally exhausting that we rarely do them.]
Fallacy 10: You teach people how to program by showing them how to write programs. Why don't we teach them to read programs first? Good question (and he has a few possible answers).
In Conclusion
I wouldn't say this Facts and Fallacies of Software Engineering is quite as powerful as The Mythical Man Month, Peopleware or Death March on their own, but if you program (or manage programmers) and want to be more than just a code pig, this will give you the condensed version of 40 years of research in a very readable package. Even if you don't agree with everything he says, it's well worth considering it.
You can purchase Facts and Fallacies of Software Engineering from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
Dear Veteran: I Salute thee for resisting the pressures of becoming another me-too manager and instead staying in trenches to fight with poor soldiers.
"Doing what i can, with what i have." ~ Burt Gummer
...this one by Mike Cohn of Mountain Goat Software.
Mike's review is from the "agile software" point of view, so he comments favorably on (among others) Fact 22 - "Eighty percent of software work is intellectual. A fair amount of it is creative. Little of it is clerical".
The Army reading list
It's like the 80/20 rule...it's a ROM (Rough Order of Magnitude).
No, it's not an exact figure, but it sure got his point across as to
an approximation of the relationship, didn't it?
Could someone please point out to me where in the Constitution, exactly, is the "Right To Not Be Offended"?
If he was in management, wouldn't he have more influence which he could use to change things for the better? Just because you have a management position doesn't automatically mean that you believe in the PHB management style.
Remember the days when Republicans were the party of fiscal responsibility?
The most important factor in software work is not the tools or techniques used by the programmers, but rather the quality of the programmers themselves.
Another important factor is the amount of time that they are given to accomplish the task. Certain programmers, including many who are otherwise excellent, procrastinate and cannot meet deadlines. And, as we're aware, even good programmers often take shortcuts once fatigue begins to set in.
Do you like German cars?
COBOL is an old language, not necessarily a bad language. Like anything else, you get out of it what you put into it. If you like programming in COBOL then you'll probably be good at it. If you like programming in Java, then you'll probably be able to code any business data processing functionality you need in it too. I think it's best to use the tool you're most comfortable with.
In fact, I've generally held that the complexity of implementation is generally an exponential function of the general complexity of the problem. Allowing additional degrees of freedom in a design is typically very expensive. You aren't just adding that additional degree of freedom to the design, you have to make the rest of the design aware of that new dimension and put it into implementation.
Hear hear!
This is the big problem with management. Pre-boom managers were PHBs, and thus promote PHBs. New skilled IT people look at PHBs and think, I don't want to be like that, so I won't become a manager.
So its a self-feeding cycle.
WE NEED MORE GEEKS IN MANAGEMENT.
Right now, I should be writing my MBA assignment, worth 25% of the subject, due in at midnight tommorrow, but instead I'm procrastinating on SlashDot. If that doesn't qualify me to be a geek manager, I don't know what does.
Norman Cook's Ode to Sl
If a code review, which takes several hours of my time and the time of my fellow developers, can catch 90% of the errors before the first test case is run, or I can catch 90% of the errors (not necessarily the same ones) using the test cases, it's a better use of resources to let the computer point the errors out to me.
A code review on "90% debugged" software that finds an error strikes me as more useful than a code review that finds several errors in 0% debugged software.
As for fact #1, good process or tools may not be able to make all programmers gods, but bad process or tools can make a mortal out of anyone.
> Fact 41: Maintenance typically consumes
> 40 to 80 percent (average, 60 percent)
> of software costs. Therefore, it is probably
> the most important life cycle phase of software.
Hm. This is a tricky one. Does maintenance take that big a chunk because of the way we write v1.0? Maybe we can improve our initial code to make subsequent changes easier. And build in a safety net of units tests to make those changes less painful.
A lot of maintenance may be a good sign - it may mean that the program is being evolved and improved and is actually useful to someone. Dead programs and cancelled projects don't get maintained, but that's not a point in their favor.
The Army reading list
Fallacy 5: Programming can and should be egoless
I have worked with somebody who turned himself into a great programmer by being egoless. He could solve any problem by the simple expedient of not trying to do it all himself and being very good at accepting ideas from other people. In most circumstances programming is done within a team and ego just gets in the way.
Who wants to work with somebody who rejects an idea just because they didn't think of it!!.
Just as an example off the top of my head, it's common to write
which in some languages could be caught by the compiler, but not always. The author of that line can read it over and over but something in his brain will replace the mistaken '=' with '=='. The code reviewer has no such preconceptions and will (might) see it immediately.One good example of open review is the Mozilla project, where all commits must be reviewed by at least two people, at least one of whom must be the owner of the relevant subtree of the project. (sorry if this is not quite right, i'm going from memory here). As a result the quality of the code making it into the Mozilla tree is pretty high, with minimum "paper bag" errors.
They're meaningless. The complexity of the solution is the complexity of the problem.
No, unit testing and code reviews are orthogonal. Unit tests verify correctness for certain types of input, but often fail to catch subtle bugs or identify poor solutions (bad algorithms or whatever), and of course they are only as good as the person who wrote them - most often, the person who wrote the code being tested in the first place. So the input to the unit test is often just the sort of thing the code was written to manage, not edge cases and so forth.
Nothing compares to a code review done by a super-anal type who nitpicks over everything. It is amazing what such a person can catch in terms of weird edge cases, inefficiencies, and so forth, simply by making you sit there and justify what you've done. Like the reviewer said, they are emotionally draining, but are truly worth it.
The hard part about getting geeks into management is that they need to be around one place long enough. PHB's get where they are by riding out the clock and becoming the one with the most knowledge. This happens through attrition in many organizations. We geeks aren't often patient enough to ride the pendulum long enough for it to swing the other way.
Our management here has been propogated through golf buddies and drinking buddies. Those with the experience to make good decisions for the organization and proven experience are not considered for promotions. How do you propose a geek go about staging a coup de corp?
It is the presumption on your part that you will or can catch the 90% that is the so what.
It is emperical that people tend to overlook errors in their own work. Hence, the reviewing by others.
I don't think he's talking about compilation errors, so the computer can't always find the (business logic) errors.
I think a book like this is what is wholly necessary. I am not saying this book does a good job of it (I haven't read it). There just needs to be a book that tells people how much of the software engineering information is false and unnecessary. This is so we don't have to either sift through all of it or even worse waste countless hours trying to follow a faulty discipline.
Yea I have an agenda because writing software is hard enough in itself. It is 10 times worse when cluttered with overhead. I remember my very first programming class in high school (it was at a community college) where I was told for a FACT that I should flowchart every function and include a separate box for every line of code. It is ridiculous and they are feeding this stuff into students heads as fact.
> a super-anal type who nitpicks over everything
Hm. Maybe that super-anal person could fill the missing test cases for all those edge conditions. Then his analness will be preserved for posterity, because everyone can run those test cases to catch possible bugs in future code changes.
The Army reading list
And you wouldnt want THAT. It would spoil the cool "old soldier" metaphor...
Some are poorly organized in everything but their code (*ahem*.) A few grew up believing that an employee / employer relationship should be antagonistic; that a manager must rule their team with an iron fist. That may come from looking around at a bunch of us slacker programmers thinking "hey, why aren't they working as hard as I? If I were their manager, I'd be busting their asses 24 by 7." Many are extremely introverted and have trouble speaking up among their peers; they simply would not be capable of dressing down an employee who desperately needs it.
In most of these cases it seems that the programmers have spent their time learning machine management skills. Those skills are completely unhelpful when it comes to working with people. The lessons you learn (for example, "the machine only does exactly what I tell it") don't work with human employees, no matter how hard you try to apply them.
Yes, management is a skill that can be learned, but I don't know any geeks that would want to spend the time, let alone actually manage. Not even for the money. Almost all the people I know who have become successful managers have never been real programmers. They were business analysts or came from completely outside the IT field.
John
And should the people who drive locomotives quit calling themselves engineers as well? Pompous of you to try to corner that title.
Webster's:
1 en-gi-neer n
3 c: a person who carries through an enterprise by skillful or artful contrivance.
So basically, according to Webster's, bite me.
After writing out a couple hundred lines of code, print it out. Then come in the next day and read it. I mean, truly read it, line by line.
Some may argue that this is not as good other programmers reading the code. Undoubtedly true, but you will still catch many errors. The fact that you've waited a day means you are, in a sense, a different programmer than the one that wrote the code. And the fact that it's printed rather than on the screen gives you a different perspective.
I suggest that running tests is not sufficient to ensure a reasonable level of quality. There are certain errors that are unlikely to be caught by testing, and yet are quite obvious in a read through.
In other word, testing is not a replacement for read throughs. In finding problems, a multi-faceted approach is needed.
How do you propose a geek go about staging a coup de corp?
Attain some social skills, go out and play some golf and buy the boss a beer.
Noone wants to work with arrogant anti-social types, management included.
I don't need no instructions to know how to rock!!!!
Counterexamples: brainfuck, intercal. The lesson is that at least at some level, programming language does really make a difference.
No weapon in the arsenals of the world is so formidable as the will and moral courage of free men.-Ronald Reagan
Since when does a "fact" include a value judgment, like COBOL being a bad language? That's an opinion.
One could say that this is one of the situations that pair programming solves. In real-time, too, not with a CVS commit message or code review delay.
Simpy
When I was 20, with an electronics Associates degree, we set up a software configuration management program for a shop writing C software that became FDA approved for robotic orthopedic devices.
We based the configuration mgmt program on IEEE standard 828-1990. As part of the program we modeled our Software Requirements Specification process off of IEEE standard 830-1984. Our design practices off of IEEE 1016-1987. Our testing practices off of IEEE 1012-1986.
We demonstrated adherence to these standards of practice in order to gain FDA approval for our robotic device. Our software development cycle flowed as specified in our carefully engineered plans.
We engineered software. But we didn't have engineering degrees. Did we dilute your title?
It may work for trivial problems, or you may like Visual Basic so plug-ins help you to make code. The visual tools let you skip errors on UI. But the real code, the 'what does it do to make me money' code. That is what you need real good programmers for.
If the manager imposes an impossible deadline to the programmer, hes just a bad boss, PHB style. Of course, there are always real world time constraints to be met, but in this case the manager should define a possible goal along with the programmer, alternative solutions, scope agreements, etc.
On the other hand, if the programmer is incapable of defining a deadline himself to a well defined amount of work, than you just cant blame the manager.
What you're reading here is a review, not a full restatement of each thesis in the book. Have you RTFB? If not, then you do not know what data he provides to buttress his statements as Facts and Fallacies.
OTOH, what data can you provide to contradict him? Your own personal perceptions? Or can you actually show verifiable numbers?
Sure, when he finds the bugs in your code through a peer review, you can add the test cases to first expose the problem then prove that you've corrected it.
The other major advantage of code reviews is that you know someone else is going to look at your code soon. You're less likely to try to slip something trashy that works through.
The thing that every seems to forget about the code inspection school of thought is that it was developed at a time when running tests and debugging actually did cost real money back in the 1970's when Fagan came up with his inspection process. Your department was charged everytime you compiled and ran your program on the mainframe computer because the mainframe was expensive to buy/rent, power and maintain.
Now it doesn't cost real money but has an implied cost that bugs found later in the development process cost more money to fix than if you found then in the coding phase at a code review. Never mind the fact that the recommended rates of code inspects in lines of code per hour are near glacial and costs more money now to have 4 highly paid people to sit in a room and read code out loud. One project I worked on was all brand new code and would have taken three full months of code reviews to review every single piece of code at the speed the QA people were insisting was required for a proper code inspection.
The process also insisted that we code inspect before we began any testing. So instead of running a suite of tests that could test 90% of the code in a matter of minutes, the QA insisted that we go through a code inspection before test just because the QA people's definitive texts on software quality still use the same data that Fagan used from his research back in the 1970s. They can quote the facts but they don't understand what assumptions were in the original research.
Code inspections do have their place. I would say those places are to enforce coding standards and knowledge transfer which both help with maintainability in the long term. In reality however, most of the code I inspect today has been pounded on for a month or so before we review it. I can't remember the last time I actually found an error through inspection that would have resulted in a bug report. Most of the stuff we find are missing documentation and typos in that documentation. *yawn*
Two reasons (there are more, but these are the best ones that come to mind immediately):
(1) The next time you park yourself on a commercial airliner you can be thankful that the software controlling the engines, the autopilot and the cabin pressure controls, to name just a few subsystems, was reviewed exhaustively at every step in the life cycle. They do this for a reason: It finds errors that testing alone cannot detect. [DO-178B, Section 6, available here]
(2) If fixing an error during implemention costs, say, 1 unit of resources (the baseline), then fixing that same error during requirements generation will only cost 0.2, and fixing it after deployment will cost upwards of 20 times the baseline. [from Software Requirements, by Alan M. Davis]
People who don't do reviews during the requirements, design and implementation phases are destined to spend their time poking their buggers and trying to explain to annoyed customers why the software doesn't work. Putting the effort up-front into good requirements design and code reviews makes the final testing and verification so much easier.
As for myself, I detest debugging at the tail-end of the life cycle; I'd much rather be moving on to the next fun project. Wouldn't you?
i will give you the shortest possible summary of the difference between code reviews and test cases: code reviews are done by humans, test cases by computers.
who's smarter?
test cases are a great way to ensure that your code continues to do what it's intended to do. code reviews can catch design errors [though the ego factor is problematic here], can lead to new ideas, can dramatically simplify algorithms, etc.
ITS GOOD WHEN THE PROGRAMMERS TALK ABOUT THE CODE EVERY ONE IN A WHILE!
a free side benefit of reviews is that you have two people who know the code. invaluable in case one of your programmers gets hit by a bus.
Project estimates are done at the beginning of the project when you have insufficient understanding of the requirements and scope, which makes it a very bad time to do an estimate for the entire project.
This is what separates the men from the boys. Estimation of project requirements are not perfect until the project is complete, so you have no choice but to work with educated guesses.
Modern project management is an exercise in managing uncertainty.
It is easy to say how long it would take you to write a script, anyone can do that in their head: guess base on experience, multiply by x2 and have a reasonable estimate.
Now try estimating a thousands scripts (or circuits) done by hundreds of engineers of varying aptitudes that will result in a capital cost of several billion dollars over (hopefully) a few years! All of which is directly reflected in your retirement investments!
That kind of planning is real nuts-and-guts stuff that most of us well never have to wrestle with, and a "fact" like this grossly understates and misrepresents.
Programming is easy.
Planning is orders of magnitude harder by comparison.
I prefer programming, the latter makes my brainpan throb.
https://www.accountkiller.com/removal-requested
Merriam Webster Online Dictionary
What, you've presented, sir, is an opinion
So prof makes a claim, student asks for proof, prof says student is too dumb to understand the proof? Shouldn't the prof have then gone on to show examples of a 25% increase in complexity, and how it explains his original statment?
" Almost all the people I know who have become successful managers have never been real programmers"...well,meet one more. I have been a coder for many years in embedded systems work, and also in the web area. And I have (and do) manage teams of programmers and analysts. The reason most geeks don't want to manage is simple..It is HARDER than coding. No debuggers, no error messages, no recomplies, it has to be right the first time. And Senior Management expects it!! Plus the skills are mostly people skills, something IMNSHO a lot of "geeks" have trouble with. People solutions are generally not right/wrong they are somewhere in the middle, they are kinda "fuzzy" which bothers the logical programmers mind. But those "soft" management skills CAN be learned if you try. In my 22 yrs in IT I've been up the Management chain to mid-level and back down and over to Sr. Technical Staff. I prefer the Technical work, but it is getting HARD to find, so I have my PM skills to fall back on. Versatility in roles, as well as in programming skills is valuable! Oh,and don't get me started on my soapbox about how Leadership is MUCH more valuable than management, but it is in every scarcer supply in the tech world. Set reasonable expectations but hold them to it, give people room to work, help them with problems, keep the customer informed and off the programmers backs and you'll do OK in Managment.
Read some of the work by Capers Jones he did in the 1980's for the DOD. The cost of finding and correcting a bug grows exponentially by project phase, thus a $10 fix bug in requirements is $1,000 in Coding, $10,000 in Systems Test and so on. Plus some bugs can cost customers money, and in the software I used to write they can cost LIVES. I can't stress enough to do a design review, code walkthrus, unit test, integration test, have an independant system level test and then it's getting pretty darn close. Bad code is produced more by getting in a hurry or by a lazy programmer, not from a lack of skill.
I have a Software Engineering degree, 4.0 GPA, and it is a worthless rag.
FACT: The fact of Software Engineering is that it is a horrible, worthless career due to:
- INsourcing mass foreigners, H1B visas, just HORRIBLE!
- OUTsourcing tech jobs, TERRIBLE!
1) GOTO Massive Foreigners2) CLICK ON Advanced Search button
3) SELECT your State and Company
4) CRY when you see the massive number of foreigners who have replaced your job!
Remember, you can NOT compete with mass foreigners & H1B visas. Why? Because you both follow a different set of laws. Foreigners have enormous legal advantage over you. Sucks huh! There is NO legitimate career future in Software Engineering or Computer Science.
The corporate outlaws have won the battle. *sigh*
Score & Karma: SASA: Slashdot Approval Seekers Anonymous
No, what he's saying has nothing to do with MS vs. Unix. He's saying that the effort/time/money required to create the code in the first place is less than the effort required to keep it running:
- for the next decade or three
- on hardware that wasn't even on the drawing boards when the program was written
- for uses that, while within the program's theoretical capability, were never comprehended by the original creators.
Ever maintain a code base for a decade? It's painful - more painful than writing new code. That's his point.
In a hundred years we will have software that does what a manager does today. But man will always need geeks. Yes, what is complex today is simple tomarrow. But tomarrow there will new complex problems to solve!
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
"The reason most geeks don't want to manage is simple..It is HARDER than coding."
Management is not harder than coding per se. It is just harder for geeks whose talents and interests are more suited for coding. Most managers don't want to code, because for them it is HARDER than managing.
---------
There is inferior bacteria on the interior of your posterior.
They are exactly the sort of management that the industry needs, will likely encounter great success, and could serve as beneficial trend setters.
I agree with the first and last part of that sentence, but not the middle part. If you do your job well, no higher manager will ever notice. Only if you allow a big fuck-up to occur and then rescue the project, but that's not being very professional is it? Can you explain how you think these kind of managers will likely encounter great success?
I have been doing QA/Testing for 10 years, and it is pretty sad how all-important people think programmers are. The best ones may be, but they aren't all the best ones. When you foster an atmosphere where "develpment is always right" you run into major roadblocks in software development. Requirements analysts can't do their job properly or requirements are ignored. Documentation people are glared at for trying to make the system understandable. (yet we all love to bitch about bad online documentation) Test people are seen as people who are just blocking the inevitablility of shipping the code. If anyone tries to even analyze why things are F'd up, they are seen as "not being team players" and "finger pointers", even if you are trying to fix the process and not the people.
I will say that what he says about inspections is right on. Although, I think just focusing only on code reviews is wrong - rigorous reviews of requirements/code/test plans/process docs/user doc/etc will remove 90% of the defects. And defects in requirements are much more costly to fix later. The trick is balancing which of these are most important for your company to review, depending on the project. You can't just do it willy-nilly, you have to do a risk assessment on it and make a decision based on something.
I actually had a director of engineering say in a meeting "Since we implemented my new requirements management process, I *guarantee* that the code will work, first time, out of the box." I laughed out loud, and received a very dirty look from him, but agreement from everyone else. Needless to say, that release is the worst one we have had in 5 years, and it is at least 6 months over schedule. People have had to work a lot of OT to try and shine this turd, and they are getting burnt out. Most places do software development and not software engineering. Which is fine, as long as you are clear about it.
I just thought of a very good analogy that /.ers can understand. There is probably little doubt that Microsoft has a lot of good programmers. However, their culture and business model has lead the direction of their product. That alone should show you that software development is not all about the programmer. On the other hand, OSS is great but it can only get so far on "good code". Once it is managed, it can be pretty powerful.
My beliefs do not require that you agree with them.
That may be what your intuition tells you, but you're wrong. That is the most expensive way to debug software.
When you find a defect in code inspect, you have your finger on it. You know exactly which line of code is faulty, and you know how it is faulty. Fixing it is trivial.
When you find a defect in unit test, you know which subsystem is at fault, but you may have to spend some time digging around to find the acutal problem and fix it.
When you find a defect in system test, you may not know anything about it. Your problem could exist anywhere inside your system, and it may take considerable time to track it down.
This is born out by statistics. In my particular large-nameless-software-company, we spend, on average, about an hour to fix a defect found in code inspect, about 1-2 days to fix a defect found in unit test, and about 3-4 days to fix a defect found in system test.
If I have 100 defects to remove, I'd rather spend 100 hours fixing them, than 400 days.
It's also much faster and easier to find defects in code inspect than in unit test or system test. You spend less effort to find a defect in code inpsect than you do in unit test.
Ideally, though, you want to remove your defects long before code inspect, in design inpections and requirements inspections. They are an order of magnitude cheaper yet to find in these stages.
System test, by the way, should never be used as a tool to remove defects. It is a method for verifying the quality of a system. Verify is an important word there. If you test your system, and your rate of defect discovery (vs. effort) is high, it is because your system is of very poor quality. If it is low, it is because your system is of very high quality. Either way, any "reasonable" ammount of system test effort will find a small fraction of the defects in your system. You should still fix any defects you find, of course, but if you find a lot, you're in trouble, and extra testing won't get you out of it.