Code Review

Tools and Process

@rantav

Formal Code Review Meetings

• A sit down meeting • Everyone looks at the code• Need to get prepared in advance• People bring up issues that need

to be fixed before you can go ahead with commit

Formal Code Review - The Pain

• Needs preparation• Time consuming• Hard to concentrate• No time to dig in and be

thorough• Difficult to schedule the right

ppl, especially at decentralized companies or projects

• Synergy - Yes• Cost effective - No• Fun - well...

Code Review in Apache

1.Every change has a jira issue2.A patch is uploaded3.A committer reviews and writes comments per the

patch4.When LGTM, the committer commits

Email Code Review

Offline Code Review Tools

• Jupiter - Eclipse prehistorical plugin• Mondrian - Google• Rietveld - Free and very limited Mondrian• ReviewBoard - The leading open source• Crubicle - from Atlassian ($$)• Code Collaborator - the leading $$ from SmartBear• Gerrit - git goodness

Mondrian

 

Rietveld

http://code.google.com/p/rietveld/ 

Code Collaborator

http://smartbear.com/codecollab.php

reviewboard

 

http://www.reviewboard.org/

Gerrithttp://code.google.com/p/gerrit/

Motivation

• Teach• Learn• Maintain coding conventions • Find defects early• Get more ppl familiar with the code (no job security)

Motivation - by the numbers

Average defect detection rate:25% for unit testing35% for functional testing45% for integration testing

Design and code reviews 55% at design review60% at code review

Motivation - by the numbers

Average defect detection rate:25% for unit testing35% for functional testing45% for integration testing

Design and code reviews 55% at design review60% at code review

When?

• Before commit?

• After commit?

• During commit (?)

Who?

• Manager• Tech lead• Architect• Peers

o Any peer from the teamo The one most likely to have

valuable input

Checklist (?) 

• Does the code build correctly?• Does the code execute as expected?• Is all new code tested? Altered code tests up to date?• Is the code readable?• Do you understand the code you are reviewing?• Has the developer tested the code?• coding conventions?• Are all functions, methods and classes documented?• Are complex algorithms and code optimizations adequately commented?• Error Handling• Resource Leaks• Thread Safeness• Is the code free of unintended infinite loops?• Are function parameters explicitly verified in the code?• Pending/TODO• assertions• abnormal terminations• Database Transactions• Correct synchronization• no deadlocks/livelocks• Bug Fix Side Effects• All the occurrences of the bug are fixed

Different Techniques - recap

• email• jira patch process a la apache• over the shoulder• formal review at a meeting room• pasetbin• web tools - reviewboard and such• GitHub - fork-review-pull process

Tips for Effective Code Review

• Psychology - Let's face it, there's a lot of psychology in it, so play nice. 

• Be professional, nothing is personal• Strive to understand, not criticize.• Get prepared 

o understand the technology in useo know the coding conventionso read related code (classes/method

being used)• Read Slow• Short

What's Short?

• No more than 60 minutes• No more than 200 LOC (C code)

Challenges ( לא (למה

• Ego

• The Hassle

The Book

Related

• Pair Programming• Code Reading (Doug Crockford)• Static Analysis tools

Extra slides

Eye tracking01 void main(void){ 02  int i, num, isPrime = 0; 03   04  printf("Input Number:"); 05  scanf("%d", &num); 06   07  i = 2; 08  while(i < num){ 09    if(num%i == 0) 10      isPrime = 1; 11    i = i + 1; 12  } 13   14  if(isPrime == 1) 15    printf("%d is prime number.¥n", num); 16  else 17    printf("%d is NOT prime number.¥n", num); 18 } 

Eye tracking (2)

Eye tracking (3)

=> Now there's a physiological reason to write short method.

=> People who spend more time on the first scan find more issues and find them faster

Defect density vs LOC

http://smartbear.com/white-paper.php?content=docs/articles/Case-Study.html

Conclusion: Don't review too much code at once (<200-400 LOC)

Defect density vs LOC/hour

Conclusion: Take your time (<500 LOC/hour)http://smartbear.com/white-paper.php?content=docs/articles/Case-Study.html

Author preperation

Conclusion: Author preparation results in more efficient reviewshttp://smartbear.com/white-paper.php?content=docs/articles/Case-Study.html