Code Review
-
Upload
lukas-rypl -
Category
Technology
-
view
297 -
download
2
description
Transcript of Code Review
Code Review
Lukas RyplTwitter: @LukasRypl
01/2014
What is code review?
● Systematic examination of source code ● Goals
– Identification of defects
– Better code quality
– Sharing of knowledge
● Also known as code inspection
How does it fit in our process
● After implementation, before testing● Dedicated task state in issue tracker● Author assigns it to different person
– We do not have any hierarchy, CR should be evenly shared among all team members
How should I do it?
● Notification from issue tracker● Check related svn commits
– (linked via refs #1234)
● See changes context in IDE
● Change reviewed code● Add @TODO CR● Add comments in issue tracker
● Assign it back to the author
Why we do it?
Software testing alone has limited effectiveness - the average defect detection rate is only 25 percent for unit testing, 35 percent for function testing, and 45 percent for integration testing. In contrast, the average effectiveness of design and code inspections are 55 and 60 percent.
(S. McConnell: Code Complete)
I believe that peer code reviews are the single biggest thing you can do to improve your code.
(J. Atwood: http://www.codinghorror.com/blog/2006/01/code-reviews-just-do-it.html)
Quality
Less Bugs
http://eugenedvorkin.com/engineering-culture-and-why-it-is-matter-for-business/
Better “Bus Factor”
● More people know the code
http://www.amazon.com/Tomorrow-Heres-Replace-Toilet-Paper/dp/1607552647
Code Review Types
● Formal● Tool-assisted● Email/VCS● Informal● Pair programming
Formal Code Review
● M. E. Fagan (IBM)● Code preparation → code review acceptance
criteria → committee with moderator → individual preparation for CR → review meeting → report with list of defects
● Group review finds only about 4% more defects than individual reviews [Cohen 2006]
● See http://en.wikipedia.org/wiki/Fagan_inspection
Tool-assisted review
● Github pull requests, Gerrit, Crucible, Review Board, SmartBear Code Collaborator …
● Comments attached to code, history
Email / VCS
● Please review the attached patch ….
● Better than nothing :)
Over-the-shoulder review
● Informal method● Suitable for small snippets
Pair programming
● Is it 100% code review?● Both are authors (inside the box)● Third pair of eyes should do CR
Any drawbacks?
Watch out! Feeling too safe?
http://www.bonkersworld.net/code-reviews/
Tips
Tip 1: Find the right person
http://www.jasonawesome.com/2010/06/01/executing-a-php-code-review/
Tip 2: Right amount of code
● max 200 lines of code, 60-90 minutes
http://smartbear.com/SmartBear/media/pdfs/best-kept-secrets-of-peer-code-review.pdf p.50
Tip 2: Right amount of code (cont.)
● Tradeoff – Smaller fragments hide systemic failures
– Very hard to detect defective details in larger pieces
Tip 3: Build your checklist
● Know your weak spots●
Tip 4: Be positive
● Review is about code● It is not about people who wrote it● Goal is overall improvement● No blame
http://vunvulearadu.blogspot.cz/2013/06/code-review-and-under-stress.html
Tip 5: Accepting Code Review
● Do not worry, everyone makes mistakes● Do not take it personally, it is only about code● Say Thank you :)
– maybe it saved you some unpleasant fixing of production code
More tips:
● If you don't understand the code, ask the author (and then write a comment/rename)
● Finding things that are missing is the hardest part (e.g. race condition)
● The sooner CR is done the better● Explain why something is bad (provide
reference)● Use FindBugs, Sonar
References
● Jason Cohen (2006). Best Kept Secrets of Peer Code Review (Modern Approach. Practical Advice.).
Available at Smartbearsoftware.com