Code Review How And When

@paulmgower

I’m Paul Gower.Principal Consultant at Lunamark@paulmgower

AGENDAWhat Is Code Review1

2

3

How and When

Why Code Review

What Is Code Review

1

Father of Code Review

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5388086&filter%3DAND%28p_IS_Number%3A5388084%29

aka Fagan Inspections

Fagan Inspections

https://en.wikipedia.org/wiki/Fagan_inspection

Code Review History

Why Use Fagan Inspections?

Why Use Fagan Inspections?

Good for Mission Critical Software

Lightweight Code Reviews

https://en.wikipedia.org/wiki/Code_review

Over-the-shoulder

Email pass-around

Email pass-aroundPlease don’t do this!

Pair Programming

Code Review Tools

Code Review Tool Resources• github reviews - https://github.com/universe-2016#reviews

• video demo - https://www.youtube.com/watch?v=HW0RPaJqm4g

• reviewable - https://reviewable.io/ • demo - https://reviewable.io/reviews/Reviewable/demo/1

• gerrit code review - https://www.gerritcodereview.com • tutorial - http://www.vogella.com/tutorials/Gerrit/article.html

• VSTS Code Review (TFVC) - https://www.visualstudio.com/en-us/docs/tfvc/get-code-reviewed-vs • walk through - https://www.visualstudio.com/en-us/docs/tfvc/day-life-

alm-developer-suspend-work-fix-bug-conduct-code-review

• Review Assistant - https://www.devart.com/review-assistant/ • comparison - https://www.devart.com/review-assistant/learnmore/

visual-studio-vs-review-assistant.html

• Crucible - https://www.atlassian.com/software/crucible • video demo - https://www.youtube.com/watch?v=UFNPgfQFJHk

• Collaborator - https://smartbear.com/product/collaborator/overview/ • video demo - https://www.youtube.com/watch?v=1MBb21DgRYg

• FogBugz Dev Hub - http://www.fogcreek.com/fogbugz/devhub • demo - http://www.joelonsoftware.com/items/2011/02/03.html

Code Review Tool Resources

How and When

2

Reviewer: Focus on the code

Reviewer: Focus on the code

Don’t say: “You didn’t name these variables well!”

Reviewer: Focus on the code

Don’t say: “You didn’t name these variables well!”

Instead: “I don’t understand these variable names, can you help me understand them?”

Reviewer: Be respectful

Reviewer: Find a positive point

How NOT to Code Review

Author: Be humble

Author: Prepare Before

“ “The objective is for everyone to find defects, including the author, not to

prove the work product has no defects. People exchange work products to review, with the expectation that as

authors, they will produce errors, and as reviewers, they will find errors.

Everyone ends up learning from their own mistakes and other people’s

mistakes.” – Jerry Weinberg, “The Psychology of

Computer Programming”, 1971

Tips and Tricks

Less Than 200 Lines Of Code

Less Than 60 Minutes

Less Than 60 Minutes

http://www.news.illinois.edu/news/11/0208focus_AlejandroLleras.html

Daily Code Review

Daily Code Review

http://blog.fogcreek.com/effective-code-reviews-9-tips-from-a-converted-skeptic/

Always Use A Checklist

http://www.codeproject.com/Articles/593751/Code-Review-Checklist-and-Guidelines-for-Csharp-De

Developer Checklist• Does my code compile without errors and run without exceptions in

“happy path” conditions?

• Have I checked this code to see if it triggers compiler or static analysis warnings?

• Have I covered this code with appropriate tests, and are those test currently green?

• Have I run our performance/load/smoke tests to make sure nothing I’ve introduced is a performance killer?

http://blog.smartbear.com/code-review/creating-your-code-review-checklist/

Reviewer Checklist• Does this code read like prose?

• Do the methods do what the name of the method claims that they’ll do? Same for classes?

• Can I get an understanding of the desired behavior just by doing quick scans through unit and acceptance tests?

• Is anything here a re-implementation of existing functionality the developer may not be aware of?

http://blog.smartbear.com/code-review/creating-your-code-review-checklist/

Don’t Be This

Guy

Don’t Review What Can Be Automated

Static Code Analysis Tools

https://www.npmjs.com/package/eslint-watch

Static Code Analysis Resources• JSLint - http://www.jslint.com

• video demo - https://www.youtube.com/watch?v=QWjMZBoSBtQ

• JSHint - http://jshint.com • video demo - https://www.youtube.com/watch?v=MvV6fljX538

• ESLint - http://eslint.org • video demo - https://www.youtube.com/watch?v=L6vMey4FtQ0

• StyleCop - https://stylecop.codeplex.com • video demo - https://www.youtube.com/watch?v=6v8_PdePM7M

• Visual Studio Code Analysis - https://msdn.microsoft.com/en-us/library/3z0aeatx.aspx • walkthrough - https://msdn.microsoft.com/en-us/library/ms182066.aspx

• ReSharper - https://www.jetbrains.com/resharper/ • demo - https://www.youtube.com/watch?v=jq1JDlIiRmg

3

Why Code Review

“ “…the average defect detection rate is only 25 percent for unit testing, 35 percent for function testing, and 45 percent for integration testing.

In contrast, the average effectiveness of design and code

inspections are 55 and 60 percent.” - Steve McConnell, Code

Complete, 2004

Before 55%

Code Review Case Studies

Before

After 2%

55%

Code Review Case Studies

Before Code Reviews

After Code Reviews

Reasons to Code Review

Save Money

Easier To Find Other’s Mistakes

Alternative Implementations

Knowledge Sharing

“ “The aim is to catch what mistakes you can and to get better – not to attempt perfection.”

- Erik Dietrich, “Creating Your Code

Review Checklist”, 2015

Review

• No more than 60 mins • No more than 200 lines of code • Use Static Code Analysis • Use Check Lists • Use A Code Review Tool

THANK YOU!

@paulmgower

bit.ly/lrtf2016-crlunamark.com