Effective code reviews

Sebastian Marek

EFFECTIVE CODE REVIEWS

Sebas1an Marek, So8ware Architect

@proofek

•  a Pole living in Sheffield •  over 12 years in

development •  Pascal, C++, PHP, perl,

python, Java •  co-‐author of 2 PHP books •  big fan of process

automaBon •  TDD and CI •  occasionally contributes to

open source projects •  wants to be a knight

h?ps://joind.in/7056

Who does code reviews?

Disclaimer

All characters appearing in this presentation are fictitious. Any resemblance to real persons, living or dead, is purely coincidental.

The Team

Harry “Just Get It Done” – The Manager

Tom “I Need It Now” – The Owner

The Team

Adam “The Night Coder” – developer

Kris “Hackety Hack” – master code reviewer

Bruno “It Will Work” – apprentice reviewer

Scenario 1

How much time do we need to get this project done?

Well, design, coding, code reviews, testing…

Do we really need to code review the code? You surely know how to code, and you have tested it and it works… Right?

Scenario 2

Hmmm… all the developers are busy, we have no one spare. Let's skip it and get it straight into QA…

We're nearly done, just need to get this code reviewed.

Scenario 3

Hello Harry, I need John to review my code.

John is busy, you can have Rob.

But Rob is a junior developer, and he doesn't know this system.

You want it code reviewed or not? Rob is all we've got!

Scenario 4

We do all these code review, spend a lot of time on this, but the code that hits production is still buggy. It's a waste of time!

Code review

Adam The Developer to Kris The Reviewer

9:31 PM (0 minutes ago)

Kris, I got this code I need you to review. Can you do it for me please? The code is in my repository on problem-fix branch. Thanks --- Adam

Click here to Reply or Forward

Raising a code review

No (e)mail!

Raising a code review

Bug tracking systems -‐  JIRA -‐  Bugtrak -‐  ManBs Code review tools -‐  Crucible/Fisheye -‐  Gerrit -‐  Github

Code review



Kris, I got this code I need you to review. Can you do it for me please? The code is in my repository on problem-fix branch. Thanks --- Adam

Click here to Reply or Forward

Kris The Reviewer to Adam The Developer


Adam, No problem at all, but where did you branch the code from? I can’t identify the change set without it. --- Kris

What to review

Version control •  Specific change sets •  avoid specific commits

•  Reviewing patches risky, unless automated

Code review

Adam The Developer 9:31 PM (25 minutes ago)

Kris, I got this code I need you to review. Can you do it for me please? …

Kris The Reviewer to Adam The Developer


Adam, No problem at all, but where did you branch the code from? I can’t identify the change set without it. --- Kris



Kris, Ah yes. Sorry. It’s branched from my master branch. --- Adam

The purpose of the review

What and Why?

One way of doing things…

Bruno “It will work”

•  Makes sense •  Works •  SyntacBcally correct •  Approved

Usual feedback produced:

Being smarter…

Kris “The Master Reviewer”

•  PHP linter •  PHP Code Sniffer •  PHPUnit •  phpDocumentor •  PHP Depend •  PHP Mess Detector •  Sonar

Tools used:

Speed up with automation

$ php -l Libraries/Action.class.php No syntax errors detected in Libraries/Action.class.php

$ php -l Libraries/Action.class.php Errors parsing Libraries/Action.class.php

$ phpcs –standard=Zend Libraries/Action.class.php FILE: /Volumes/git/modules/AccountChange/Libraries/Action.class.php --------------------------------------------------------------------------------

FOUND 2 ERROR(S) AND 1 WARNING(S) AFFECTING 3 LINE(S) -------------------------------------------------------------------------------- 44 | ERROR | Protected member variable "arrOptions" must contain a leading

| | underscore 66 | WARNING | Line exceeds 80 characters; contains 82 characters 97 | ERROR | Line exceeds maximum limit of 120 characters; contains 135 | | characters

-------------------------------------------------------------------------------- Time: 0 seconds, Memory: 5.75Mb

Verify whether the code works

$ phpunit PHPUnit 3.6.12 by Sebastian Bergmann. Configuration read from phpunit.xml.dist

..................IIII................IIIIIIIIIIIIIIIIIIIIIII.. 63 / 240 ( 26%) .............................................I.....I........... 126 / 240 ( 52%)

............................................................... 189 / 240 ( 78%)

................................................... Time: 02:01, Memory: 26.75Mb

OK, but incomplete or skipped tests! Tests: 240, Assertions: 514, Incomplete: 29.

Static analysis and code quality

PHP_Depend 0.10.6 by Manuel PichlerParsing source files:.................... 20Executing CyclomaticComplexity-Analyzer:............. 261Executing ClassLevel-Analyzer:............ 247Executing CodeRank-Analyzer:. 28Executing Coupling-Analyzer:............. 267Executing Hierarchy-Analyzer:............ 246Executing Inheritance-Analyzer:. 30Executing NPathComplexity-Analyzer:.............. 283Executing NodeCount-Analyzer:........ 174Executing NodeLoc-Analyzer:.......... 205Generating pdepend log files, this may take a moment.Time: 00:05; Memory: 25.50Mb

Static analysis and code quality

…by looking at things all important

Kris “The Master Reviewer”

Things checked: •  clarity •  performance •  excessive complexity •  impact on other systems •  does the soluBon solves the problem

•  duplicaBons •  code quality •  potenBal deployment issues •  design flaws

The benefits of a code review – they are for you!

•  Knowledge sharing •  Mentoring new starters •  Find bugs/design flaws early •  Improve overall code quality •  Fostering collecBve code

ownership

The soft side - developers

•  Understand and accept that you will make mistakes.

•  You are not your code.

•  No maZer how much "karate" you know, someone else will always know more.

•  Don't rewrite code without consultaBon. D

EVEL

OPE

RS

The soft side – code reviewers

•  The only true authority stems from knowledge, not from posiBon.

•  CriBque code instead of people

CO

DE

REV

IEW

ERS

Summary - what include in the code review

•  LocaBon of your changes –  Repository name, branch name, branch base

•  Subject of your changes –  What have you changed

•  Reason for the change –  Why have you change it

WH

AT?

Summary - who assign the code review to?

•  Seek the experts –  If you're not sure ask around

•  QuesBon the soluBon –  Make sure it fits the purpose

WH

O?

Summary – where to raise a code review?

•  Make it traceable –  Bug trucking system, ie. Jira, Trac, ManBs, etc –  Code review tool, ie. Fisheye/Crucible, gerrit

•  ConversaBon/Pair programming –  Just make sure outcome is captured

WH

ERE?

Summary - how to perform a good code review?

•  Use tools, don’t be a tool •  Check for duplicaBons/complexity •  Asses impact on other systems •  Make sure code is clear and self-‐descripBve

HO

W?

Credits…

hZp://www.flickr.com/photos/dawgbyte77/3058349367/ hZp://www.flickr.com/photos/zzpza/3269784239/ hZp://www.flickr.com/photos/toolmanBm/6170448143/ hZp://www.flickr.com/photos/coyau/7630782996/ hZp://www.flickr.com/photos/73885983@N02/6729908421/

hZp://www.atlassian.com/angrynerds/

…and references

The Ten Commandments of Egoless Programming: hZp://alturl.com/q4dpa The Code review: hZp://www.soulbroken.co.uk/blog/2010/07/the-‐code-‐review/ Fisheye/Crucible: hZp://www.atlassian.com/sokware/crucible/overview Gerrit: hZp://code.google.com/p/gerrit/ Github: hZps://github.com/ PHPUnit: hZp://phpunit.de PHP CodeSniffer: hZp://pear.php.net/PHP_CodeSniffer PHP Depend: hZp://pdepend.org/ PHP Mess Detector: hZp://phpmd.org/ Sonar: hZp://www.sonarsource.org/

Q&A

Ques1ons?

h?ps:// /7056

Effective code reviews

Technology

Transcript of Effective code reviews