http://submain.com/codeit.right

Automating Code Reviews

with CodeIt.Right

Reasons to implement code reviews Most people – developers, team leaders, managers - agree that code reviews are important. But the

evidence from surveys and polls makes it clear that code reviews are one of the least popular tasks among

developers. It’s time consuming, repetitive and often seen as a rather boring task for the reviewers.

But you ignore this step at your peril because failure to implement a code review system of some kind is

highly likely to result in a potentially catastrophic failure of your code base sooner or later

We’ll look at ways of making the process easier, but first let’s consider the question of just what are the

benefits of code review. Here are some of them:

You find and eliminate bugs early in the process.

A review will find what’s actually there, not what the developer thinks is there.

The code review results can be used to create guidance documents and avoid common errors being

repeated by the same or other developers.

Code quality improves and is more maintainable.

Metrics can be extracted from the review process to identify trends and monitor progress.

The test and QA stages can be shortened.

Customers are happier, because the review discovers bugs before they do.

Types of code review In spite of these benefits, there is still resistance to code reviews. And because one of the main reasons for

this resistance is its repetitive and humdrum nature, it makes business sense to try and automate the process

as much as possible. If you can get an automated system such as CodeIt.Right to complete the drudge work,

this is good. But when you realize that an automated system:

Doesn’t suffer from human error.

Is consistent in its review, always applies the all the required checks and won’t forget or overlook a

single item, unlike humans who too often can be inconsistent.

Can use a rule set that represents industry best practices and not the standards of a single person’s

expertise

then you understand that automation has far more benefits beyond just taking the boredom out of a

necessary task.

Code reviews in the past were mostly a matter of a senior developer or team leader formally going through

the code manually, often on paper printout. In some cases, the developer who’s written the code sits in at

the review; in others, a meeting is held between developer and reviewer after the review.

This kind of heavyweight approach is time- and labor-intensive and, although it can be effective, it is costly.

The effectiveness of the review tends to fade, the longer they spend in one session. In much the same way

as the developer’s eye will skim over code and thinks it sees what it expects, so the concentration level of the

reviewer can drop and errors will slip by unnoticed.

Automating Code Reviews with CodeIt.Right 2

There are times when this heavyweight approach may still be the right one; for example when the code

review is part of the training process of new developers and face-to-face discussions help to set up good

working relationships. But many organizations now find that a more lightweight approach is preferable. This

may be, one that uses one of the code annotation or collaboration tools now on the market, such as

SmartBear’s Collaborator or the Code Review feature of Visual Studio’s TFS version.

Although these tools can help to facilitate the code review process to some extent, they still leave the burden

of analyzing, highlighting issues and fixing them to the team. , On the other hand, sophisticated tools such as

CodeIt.Right include many vital features, such as real time code review, a range of review profiles, and

multiple ways to correct violations.

Implementing code reviews It’s normal human behavior to resist change. This resistance applies to changes to an individual’s working

practices as much as anything else. The reasons are varied and some people are afraid that they’ll be made

to look incompetent. Others simply believe that their way is the best way. So one of the major problems

associated with implementing code reviews is to overcome this resistance.

In the case of experienced developers, having someone review their code will often be seen by them as

having their professional ability judged by another person, possibly someone who has different views on

what constitutes good and bad code. So if the bulk of the review is carried out by an automated process,

this will remove that potential stigma of criticism. Exactly the same rule set is applied to each developer’s

code. The developer is able to fix errors and omissions before the code is handed off to the team. The end

result is uniform, correct and maintainable code that all developers can read, understand, or update if

necessary. This automation of the time-consuming drudge work means that the manual code reviews can

focus on product business logic and proprietary algorithms - tasks that do require discussion and human

input.

The bottom line is that the result of an effective code review is that an improved overall product is created

for the company. And an automated code review eases and speeds up the process.

Code Review challenges and how Automation helps We ran a survey to gather data from developers and teams who had tried to implement team guidelines

using a manual code review

process.

The results showed that

only 40% had successfully

implemented guidelines

using manual code reviews.

It’s clear that this successful

minority faced very much

the same challenges as

those who failed and that

for both categories the use

of an automated process

would have increased their

level of success.

Of those who succeeded in

implementing team

Figure 1 Implementation Challenges

38%

21%

30%

6%

5%

D E V E L O P E R S K E P T F O R G E T T I N G T O A B I D E T H E G U I D E L I N E S

R E S I S T A N C E A M O N G T H E T E A M M E M B E R S

G E T T I N G C O N C E N S U S O N W H I C H S T A N D A R D T O F O L L O W

M A N A G E M E N T T H O U G H T I S W A S T O O E X P E N S I V E

O T H E R

IMPLEMENTATION CHALLENGES

Automating Code Reviews with CodeIt.Right 3

guidelines with a manual process, some of the key problem areas are shown on Figure 1. Agreeing on which

standard to follow and then getting developers to abide to the guidelines are clearly the major issues.

Interestingly, those who tried but failed to implement guidelines with a manual process had a very similar

ratio of problems. Inability to get a consensus and developers forgetting to keep to the guidelines were again

the two biggest issues.

Using a tool to implement

team guidelines overcomes

those major problem areas.

If developers keep

forgetting, a tool helps by

automatically fixing the

issue or reminding the

developer of what’s needed.

Acrimonious and sometimes

heated debates about which

standard to follow are

avoided because the tool

comes with a base standard

which can then be easily

customized and fine-tuned

to meet team requirements.

One of the main reasons for resistance among team members is that the manual process is extremely tedious

and is way down the list of tasks that most developers enjoy. A tool, of course, is a vast improvement here

because it lifts the majority of the boring tasks off the developer’s shoulders.

In those cases – both the successes and failures – where management believed that implementation was too

expensive, it is important to realize that automation drastically reduces the cost when compared to manual

review.

The bottom line is that automation helps to overcome all the specific problem areas highlighted by the poll.

How CodeIt.Right can speed up and smooth the process Given that code reviews can meet resistance and can be time consuming and repetitive, you should try to

make the process as painless as possible. Using a tool like CodeIt.Right to check the code automatically is a

major step in the right direction.

CodeIt.Right offers multiple ways to automate code reviews:

1. Instant Code Review

2. OnDemand Analysis

3. Check-In Policy Integration

4. Build Integration

In addition, CodeIt.Right offers Refactoring, Code Metrics, and Reporting tools that identify, analyze, highlight

and fix code issues.

Figure 2 Why code review implementation failed

35%

23%

26%

10%

6%

D E V E L O P E R S K E P T F O R G E T T I N G T O A B I D E T H E G U I D E L I N E S

R E S I S T A N C E A M O N G T H E T E A M M E M B E R S

C O U L D N ' T G E T A C O N C E N S U S O N W H I C H S T A N D A R D T O F O L L O W

M A N A G E M E N T H O U G H T I S W A S T O O E X P E N S I V E A N D N O T W O R T H

T H E I N V E S T M E N T

O T H E R

WHY FAILED

Automating Code Reviews with CodeIt.Right 4

Instant Code Review

This a real-time feature where violations are identified and highlighted in the code file while the developer is

writing or editing the code. The screenshot below shows a typical example:

The Violation Detail window

explains the nature of the

issue, offers auto-refactoring

choices and also allows the

option to ignore (exclude) the

violation when appropriate.

But identifying the problem is

only the first part of the task,

so CodeIt.Right completes the

job by suggesting ways to fix

the violations, often with

multiple options, and also

gives background information

and explanations. The developer can then instantly implement any of those fixes or get more guidance with

a click of a mouse button. There is also the option to ignore any highlighted violation, whenever this is

appropriate.

In addition to the highlighted code and the Violation Detail window, a

CodeIt.Right Violations Bar is displayed at the right hand side of the Visual Studio

IDE.

The items in the Violations Bar are all color coded, and the color indicates the

severity of each error. This gives an instant overview of the situation, and you

can then click on any item in the bar, see its detail and fix it.

Because different users of CodeIt.Right have different needs, the system allows

you to use profiles that precisely filter the issues you want to include or exclude

from a review. These can be one of the default profiles that ship with

CodeIt.Right, such as the Microsoft Guidelines profile, or you can of course

create your own. Naturally, you can switch between Instant Review profiles, so

that CodeIt.Right runs exactly the analysis you need.

OnDemand Analysis

CodeIt.Right offers an additional way of analyzing the code – OnDemand Analysis. Unlike Instant Code

Review that runs in the background, OnDemand Analysis is called whenever it’s needed. The current file,

project, or - if required - the whole solution, is then analyzed and a detailed report of violations is displayed:

Just as with Instant Code Review,

any or all the violations can then

be corrected at the push of a

button. The reviewer can filter

the number of violations that are

listed by setting the required

severity threshold level. These

levels range from simple

information messages to critical warnings.

Figure 3 Instant Code Review

Figure 4 Violations Bar

Figure 5 Severity Threshold

Automating Code Reviews with CodeIt.Right 5

Figure 6 OnDemand Analysis Violations Report

Check-In Policy Integration

The Enterprise edition of CodeIt.Right integrates seamlessly into your Source Control Check-In procedures.

First, you create the required profile that ensures developers will adhere to company guidelines and policy.

The code will be scanned

and any issues or

violations will be

highlighted and can then

be fixed before check-

in. Because you are

testing the code against

your chosen profile, you

can be sure that it

conforms to the team’s

requirements and only

clean code that’s been

checked against the

chosen profile is allowed

to be checked into source

control.

You can see a detailed

step by step guide to

implementing Check-In Policy Integration here – http://submain.com/fwlink/check-in-policy

Figure 7 Preventing source control check-in of non-conforming code

Automating Code Reviews with CodeIt.Right 6

Build Integration

You can use CodeItRight.Cmd, the command line companion to CodeIt.Right for continuous integration and

automated builds. You can select a solution or project you want to analyze, the profile of your choice,

define the severity threshold, control output, and use the list of exclusions and exceptions you’ve configured

in Visual Studio.

A wide range of command line parameters are supported. See the following link –

http://submain.com/fwlink/cir-cmd-line - for the full list of available commands.

You can set the criteria that will cause a build to fail.

The Enterprise Edition extends command line parameters even further to enable code metrics output and

report distribution over email.

CodeItRight.Cmd can be used as a stand-alone tool or can be added to the automated build

process. CodeIt.Right also comes with MSBuild and NAnt tasks included for your convenience.

Here is an example of integrating CodeIt.Right analysis into TeamCity:

Follow this link - http://submain.com/fwlink/TeamCity - for a step by step guide to integrating with

TeamCity and this link - http://submain.com/fwlink/CruiseControl - for an easy tutorial to integrating with

CruiseControl.NET.

Automating Code Reviews with CodeIt.Right 7

Try CodeIt.Right Free for 14 days! Download your free trial to see why users

choose CodeIt.Right for automated code

review – http://submain.com/codeit.right

Summary Effective code reviews will bring multiple positive results, including better, conformant, more maintainable

code, higher product quality and more satisfied customers. Once the hurdle of developer acceptance of the

process is overcome, the choice of the light or heavyweight approach can be made.

Where the lightweight approach is taken, the use of an

automated code review tool such as CodeIt.Right will

ease and speed up the process. It can also be an

effective time-saver when used for an initial review

when the heavyweight approach is used, effectively

pre-processing the code before the developers sit down

for the main analysis. The tool will find things that

humans will miss, whether through lack of

concentration, missing knowledge, misunderstandings or any other human failing. Then the heavyweight,

human interaction code review session can focus on the proprietary business logic and ensure that it is

implemented correctly.

Although there will always have to be some personal input into the code review, a tool that automatically

identifies problems and is able to fix them automatically will greatly reduce the effort and time needed.

Consequently, better code is created in less time and with reduced cost.

For information on SubMain’s CodeIt.Right automated code review product contact us at

customer-service@submain.com

About SubMain Thousands of customers use SubMain software quality and

developer productivity tools to ensure the high quality and

performance of their desktop, mobile, Web and cloud-based

applications. SubMain products are easy to use and deploy, are

affordable and available for trial at the website. Learn more about

SubMain, the company’s products or join the active user community

at http://submain.com

SubMain, 6513 132nd Ave NE, Suite 331 Kirkland, WA 98033

+1 (800) 936-2134 sales@submain.com http://submain.com

©2013 by SubMain. Specifications subject to change