automating code reviews with codeit - submain...automating code reviews with codeit.right 3...
TRANSCRIPT
http://submain.com/codeit.right
Automating Code Reviews
with CodeIt.Right
Reasons to implement code reviews Most people – developers, team leaders, managers - agree that code reviews are important. But the
evidence from surveys and polls makes it clear that code reviews are one of the least popular tasks among
developers. It’s time consuming, repetitive and often seen as a rather boring task for the reviewers.
But you ignore this step at your peril because failure to implement a code review system of some kind is
highly likely to result in a potentially catastrophic failure of your code base sooner or later
We’ll look at ways of making the process easier, but first let’s consider the question of just what are the
benefits of code review. Here are some of them:
You find and eliminate bugs early in the process.
A review will find what’s actually there, not what the developer thinks is there.
The code review results can be used to create guidance documents and avoid common errors being
repeated by the same or other developers.
Code quality improves and is more maintainable.
Metrics can be extracted from the review process to identify trends and monitor progress.
The test and QA stages can be shortened.
Customers are happier, because the review discovers bugs before they do.
Types of code review In spite of these benefits, there is still resistance to code reviews. And because one of the main reasons for
this resistance is its repetitive and humdrum nature, it makes business sense to try and automate the process
as much as possible. If you can get an automated system such as CodeIt.Right to complete the drudge work,
this is good. But when you realize that an automated system:
Doesn’t suffer from human error.
Is consistent in its review, always applies the all the required checks and won’t forget or overlook a
single item, unlike humans who too often can be inconsistent.
Can use a rule set that represents industry best practices and not the standards of a single person’s
expertise
then you understand that automation has far more benefits beyond just taking the boredom out of a
necessary task.
Code reviews in the past were mostly a matter of a senior developer or team leader formally going through
the code manually, often on paper printout. In some cases, the developer who’s written the code sits in at
the review; in others, a meeting is held between developer and reviewer after the review.
This kind of heavyweight approach is time- and labor-intensive and, although it can be effective, it is costly.
The effectiveness of the review tends to fade, the longer they spend in one session. In much the same way
as the developer’s eye will skim over code and thinks it sees what it expects, so the concentration level of the
reviewer can drop and errors will slip by unnoticed.
Automating Code Reviews with CodeIt.Right 2
There are times when this heavyweight approach may still be the right one; for example when the code
review is part of the training process of new developers and face-to-face discussions help to set up good
working relationships. But many organizations now find that a more lightweight approach is preferable. This
may be, one that uses one of the code annotation or collaboration tools now on the market, such as
SmartBear’s Collaborator or the Code Review feature of Visual Studio’s TFS version.
Although these tools can help to facilitate the code review process to some extent, they still leave the burden
of analyzing, highlighting issues and fixing them to the team. , On the other hand, sophisticated tools such as
CodeIt.Right include many vital features, such as real time code review, a range of review profiles, and
multiple ways to correct violations.
Implementing code reviews It’s normal human behavior to resist change. This resistance applies to changes to an individual’s working
practices as much as anything else. The reasons are varied and some people are afraid that they’ll be made
to look incompetent. Others simply believe that their way is the best way. So one of the major problems
associated with implementing code reviews is to overcome this resistance.
In the case of experienced developers, having someone review their code will often be seen by them as
having their professional ability judged by another person, possibly someone who has different views on
what constitutes good and bad code. So if the bulk of the review is carried out by an automated process,
this will remove that potential stigma of criticism. Exactly the same rule set is applied to each developer’s
code. The developer is able to fix errors and omissions before the code is handed off to the team. The end
result is uniform, correct and maintainable code that all developers can read, understand, or update if
necessary. This automation of the time-consuming drudge work means that the manual code reviews can
focus on product business logic and proprietary algorithms - tasks that do require discussion and human
input.
The bottom line is that the result of an effective code review is that an improved overall product is created
for the company. And an automated code review eases and speeds up the process.
Code Review challenges and how Automation helps We ran a survey to gather data from developers and teams who had tried to implement team guidelines
using a manual code review
process.
The results showed that
only 40% had successfully
implemented guidelines
using manual code reviews.
It’s clear that this successful
minority faced very much
the same challenges as
those who failed and that
for both categories the use
of an automated process
would have increased their
level of success.
Of those who succeeded in
implementing team
Figure 1 Implementation Challenges
38%
21%
30%
6%
5%
D E V E L O P E R S K E P T F O R G E T T I N G T O A B I D E T H E G U I D E L I N E S
R E S I S T A N C E A M O N G T H E T E A M M E M B E R S
G E T T I N G C O N C E N S U S O N W H I C H S T A N D A R D T O F O L L O W
M A N A G E M E N T T H O U G H T I S W A S T O O E X P E N S I V E
O T H E R
IMPLEMENTATION CHALLENGES
Automating Code Reviews with CodeIt.Right 3
guidelines with a manual process, some of the key problem areas are shown on Figure 1. Agreeing on which
standard to follow and then getting developers to abide to the guidelines are clearly the major issues.
Interestingly, those who tried but failed to implement guidelines with a manual process had a very similar
ratio of problems. Inability to get a consensus and developers forgetting to keep to the guidelines were again
the two biggest issues.
Using a tool to implement
team guidelines overcomes
those major problem areas.
If developers keep
forgetting, a tool helps by
automatically fixing the
issue or reminding the
developer of what’s needed.
Acrimonious and sometimes
heated debates about which
standard to follow are
avoided because the tool
comes with a base standard
which can then be easily
customized and fine-tuned
to meet team requirements.
One of the main reasons for resistance among team members is that the manual process is extremely tedious
and is way down the list of tasks that most developers enjoy. A tool, of course, is a vast improvement here
because it lifts the majority of the boring tasks off the developer’s shoulders.
In those cases – both the successes and failures – where management believed that implementation was too
expensive, it is important to realize that automation drastically reduces the cost when compared to manual
review.
The bottom line is that automation helps to overcome all the specific problem areas highlighted by the poll.
How CodeIt.Right can speed up and smooth the process Given that code reviews can meet resistance and can be time consuming and repetitive, you should try to
make the process as painless as possible. Using a tool like CodeIt.Right to check the code automatically is a
major step in the right direction.
CodeIt.Right offers multiple ways to automate code reviews:
1. Instant Code Review
2. OnDemand Analysis
3. Check-In Policy Integration
4. Build Integration
In addition, CodeIt.Right offers Refactoring, Code Metrics, and Reporting tools that identify, analyze, highlight
and fix code issues.
Figure 2 Why code review implementation failed
35%
23%
26%
10%
6%
D E V E L O P E R S K E P T F O R G E T T I N G T O A B I D E T H E G U I D E L I N E S
R E S I S T A N C E A M O N G T H E T E A M M E M B E R S
C O U L D N ' T G E T A C O N C E N S U S O N W H I C H S T A N D A R D T O F O L L O W
M A N A G E M E N T H O U G H T I S W A S T O O E X P E N S I V E A N D N O T W O R T H
T H E I N V E S T M E N T
O T H E R
WHY FAILED
Automating Code Reviews with CodeIt.Right 4
Instant Code Review
This a real-time feature where violations are identified and highlighted in the code file while the developer is
writing or editing the code. The screenshot below shows a typical example:
The Violation Detail window
explains the nature of the
issue, offers auto-refactoring
choices and also allows the
option to ignore (exclude) the
violation when appropriate.
But identifying the problem is
only the first part of the task,
so CodeIt.Right completes the
job by suggesting ways to fix
the violations, often with
multiple options, and also
gives background information
and explanations. The developer can then instantly implement any of those fixes or get more guidance with
a click of a mouse button. There is also the option to ignore any highlighted violation, whenever this is
appropriate.
In addition to the highlighted code and the Violation Detail window, a
CodeIt.Right Violations Bar is displayed at the right hand side of the Visual Studio
IDE.
The items in the Violations Bar are all color coded, and the color indicates the
severity of each error. This gives an instant overview of the situation, and you
can then click on any item in the bar, see its detail and fix it.
Because different users of CodeIt.Right have different needs, the system allows
you to use profiles that precisely filter the issues you want to include or exclude
from a review. These can be one of the default profiles that ship with
CodeIt.Right, such as the Microsoft Guidelines profile, or you can of course
create your own. Naturally, you can switch between Instant Review profiles, so
that CodeIt.Right runs exactly the analysis you need.
OnDemand Analysis
CodeIt.Right offers an additional way of analyzing the code – OnDemand Analysis. Unlike Instant Code
Review that runs in the background, OnDemand Analysis is called whenever it’s needed. The current file,
project, or - if required - the whole solution, is then analyzed and a detailed report of violations is displayed:
Just as with Instant Code Review,
any or all the violations can then
be corrected at the push of a
button. The reviewer can filter
the number of violations that are
listed by setting the required
severity threshold level. These
levels range from simple
information messages to critical warnings.
Figure 3 Instant Code Review
Figure 4 Violations Bar
Figure 5 Severity Threshold
Automating Code Reviews with CodeIt.Right 5
Figure 6 OnDemand Analysis Violations Report
Check-In Policy Integration
The Enterprise edition of CodeIt.Right integrates seamlessly into your Source Control Check-In procedures.
First, you create the required profile that ensures developers will adhere to company guidelines and policy.
The code will be scanned
and any issues or
violations will be
highlighted and can then
be fixed before check-
in. Because you are
testing the code against
your chosen profile, you
can be sure that it
conforms to the team’s
requirements and only
clean code that’s been
checked against the
chosen profile is allowed
to be checked into source
control.
You can see a detailed
step by step guide to
implementing Check-In Policy Integration here – http://submain.com/fwlink/check-in-policy
Figure 7 Preventing source control check-in of non-conforming code
Automating Code Reviews with CodeIt.Right 6
Build Integration
You can use CodeItRight.Cmd, the command line companion to CodeIt.Right for continuous integration and
automated builds. You can select a solution or project you want to analyze, the profile of your choice,
define the severity threshold, control output, and use the list of exclusions and exceptions you’ve configured
in Visual Studio.
A wide range of command line parameters are supported. See the following link –
http://submain.com/fwlink/cir-cmd-line - for the full list of available commands.
You can set the criteria that will cause a build to fail.
The Enterprise Edition extends command line parameters even further to enable code metrics output and
report distribution over email.
CodeItRight.Cmd can be used as a stand-alone tool or can be added to the automated build
process. CodeIt.Right also comes with MSBuild and NAnt tasks included for your convenience.
Here is an example of integrating CodeIt.Right analysis into TeamCity:
Follow this link - http://submain.com/fwlink/TeamCity - for a step by step guide to integrating with
TeamCity and this link - http://submain.com/fwlink/CruiseControl - for an easy tutorial to integrating with
CruiseControl.NET.
Automating Code Reviews with CodeIt.Right 7
Try CodeIt.Right Free for 14 days! Download your free trial to see why users
choose CodeIt.Right for automated code
review – http://submain.com/codeit.right
Summary Effective code reviews will bring multiple positive results, including better, conformant, more maintainable
code, higher product quality and more satisfied customers. Once the hurdle of developer acceptance of the
process is overcome, the choice of the light or heavyweight approach can be made.
Where the lightweight approach is taken, the use of an
automated code review tool such as CodeIt.Right will
ease and speed up the process. It can also be an
effective time-saver when used for an initial review
when the heavyweight approach is used, effectively
pre-processing the code before the developers sit down
for the main analysis. The tool will find things that
humans will miss, whether through lack of
concentration, missing knowledge, misunderstandings or any other human failing. Then the heavyweight,
human interaction code review session can focus on the proprietary business logic and ensure that it is
implemented correctly.
Although there will always have to be some personal input into the code review, a tool that automatically
identifies problems and is able to fix them automatically will greatly reduce the effort and time needed.
Consequently, better code is created in less time and with reduced cost.
For information on SubMain’s CodeIt.Right automated code review product contact us at
About SubMain Thousands of customers use SubMain software quality and
developer productivity tools to ensure the high quality and
performance of their desktop, mobile, Web and cloud-based
applications. SubMain products are easy to use and deploy, are
affordable and available for trial at the website. Learn more about
SubMain, the company’s products or join the active user community
at http://submain.com
SubMain, 6513 132nd Ave NE, Suite 331 Kirkland, WA 98033
+1 (800) 936-2134 [email protected] http://submain.com
©2013 by SubMain. Specifications subject to change