Modern Code Review

……………

……………

“This Ain’t Your Granddaddy’s Code Review…”

Building Better Code Reviews

……………

……………

Overview

» What is Code Review and Why Do I Care?

» Why Is Our Traditional Process Broken?

» How Do We Make Code Review Better?

……………

……………

Why Do I Care?

» Cost of Fixing Defects

……………

……………

Where Does Code Review Fit In?

• Common Mistakes• Coding Style /

Standards

• ???

• UI functionality• Application

Behavior (high-level)

• User Experience

• Tests the modular function

• Individual Pieces • Can be automated

Unit Testing

QA / UAT

Static Code Analysis

(e.g. SONAR)

Code Reviews

Tools for Finding Defects

……………

……………

Why Do I Care?

Code Review

Logic / Runtime Errors

Learning Opportunities / Redesign

“Tribal Knowledge”

Stupid Mistakes

String zero = "" + 0;

We’re going to keep you up at night and waste your weekends!!!

……………

……………

Case Study

Source: Best Kept Secrets In Code Review

Code Review At CISCO Systems

……………

……………

What Is Code Review?

» Types of Code Review• Informal

• Over-the-Shoulder• Email Pass-around• Pair Programming

• Formal• Formal Inspection• Tool Assisted

……………

……………

Formal Inspection

Plan a Review

• Determine files to review

• Book meeting room, projector, send invites

Review Meeting

• Reviewers inspect files

• Identify defects

• Log issues

Fix Defects

• Author reviews defects

• Makes changes as needed

Repeat Weekly

……………

……………

Best Practices

» How Much?• 200 – 400 lines of code per session

» How Fast?• 300 – 500 LoC / hour

» How Long?• 60-90 minutes

function expireUserSession(){ var userResponse = window.confirm("You will be logged out unless you click OK"); if(userResponse === true){ setTimeout('expireUserSession', 30*60*1000); } else { window.location = 'logout.action'; }}dojo.addOnLoad(function(){ setTimeout('expireUserSession', 30*60*1000);});

OMG, Super Wrong*!!!

Slow Down…72 seconds

* Super wrong is a technical term. This will not work at all!

……………

……………

Best Practices

» Foster a good code review culture• Finding defects is a good thing!• Learning opportunity for developers• Managers must understand metrics

» Use Anti-pattern Checklists• Code Review Bingo

• Example: Avoid “Tableception”!

Your HTML Page

Best Practice: Avoid “Tableception” (Tables within Tables)

……………

……………

How Can We Do This Better???

……………

……………

Roadblocks to Better Code Review

» Time Commitment• 60 - 90 minutes?• Different Schedules• Remote Workers

» Accountability / Enforcement• Ensuring that defects get fixed

» Reporting• Can we ship this feature to production?

» Automation• Every step is manual, requires a lot of effort

……………

……………

Better Code Review

» Time Commitment• Asynchronous reviews

» Accountability• Associate Features with Reviews

» Reporting• Transparency to Managers• Out of the box functionality from Collaborator!

» Automation• Remove manual steps, make the CI Server work for us!

……………

……………

Better Code Review

Hurray!

Ugh!

*

* This is harder if you’re using ClearCase, but other VCS this should be easy

……………

……………

Demo Time

……………

……………

What do Developers See: Action Items

From the Web UI

What do I need to Review?

……………

……………

What do Developers See: Action Items

From Email

……………

……………

Reviews

……………

……………

Reviews

……………

……………

……………

……………

……………

……………

……………

……………

Recap: Why Is This Better?

» Reviews Automatically Created» Clear Action Items for Developers» Notification System» Fast Comparison Tool

• Support for your favorite external tool too!» Real-time Chats / Comments» Easy to Identify “Reworked” Files» Generate Reports

……………

……………

The Catch

» Collaborator Costs• $499 / named license

» No support for IntelliJ» Alternatives

• Crucible• Good price• No support for rework• No Automation Support / Metrics

• Review Board• Great options for cloud hosting!• Only supports pre-commit model• Setup a bit of a pain

……………

……………

Questions?

……………

……………

Material That Didn’t Make it Into The Presentation

……………

……………

Pre-Commit vs. Post-Commit

» Post-Commit Model• Reviews Created After Check-in to VCS• Advantages

• Can Utilize CI Server for Automation• Easier to Adopt

• Disadvantages• No way to ensure all code is reviewed before production

……………

……………

Pre-Commit vs. Post-Commit

» Pre-Commit Model• Only check in code after completing a review• Advantages

• Code doesn’t “pollute” VCS• Enforcement

• Disadvantages• Against best practice: “Commit Early and Often”• Requires manual work from developers to create reviews

……………

……………

Pre-Commit vs. Post-Commit

» GIT: Post-Commit, Pre-Push Model• Use local branch to commit, but review must be completed

before push to “gold repository”

……………

……………

Benefits of Code Review

» Identify and Fix Bugs Earlier• Difficult to diagnose issues

» Mentoring / Career Development

» Knowledge Transfer

» More Maintainable Code

» Shorter Development / Test Cycles

……………

……………

Other Thoughts On Formal Inspection

» Team Size: 3 – 6 people» Roles

• Author: Wrote the code• Reviewer: Developers, appraise the code• Moderator: Facilitates discussion, settles ties. Usually the lead

developer• Observer: BA or other non-technical, provides SME• “Reader”: Looks at code purely for readability