Code Review

May 2015

@hakansaglam

Hakan Saglam

developing since 2000doing code review since 2004

software developer @ havelsanlead software developer @ oytek

project manager @ software agtechnical coordinator @ sony

solution architect @ sony

head of mobile development @ peak games

THE USUAL SUSPECTS

by Matt Owen

What is code review?

It is intended to find and fix mistakes overlooked in the initial development phase,

improving both the overall quality of software and the developers' skills.

CODE INSPECTION

INTRODUCED BY MICHAEL FAGAN IN 1976

CODE TEST

CODE TESTREVIEW

The reviewer

and the

author are a

team

Why should we do code review?

one hour of inspection

20 hours of testing

82 hours rework

Each hour of inspection saved 20 hours of testing and 82 hours of rework effort had the defects found by

inspection remained in the released products.

If we do review at the earlier stage, the cost to fix this will be

less. It is 2400% cheaper to fix any issues in development

stage than in the production environment.

http://www.kunal-chowdhury.com/2013/06/code-review-and-its-importance.html

http://www.veracode.com/blog/2015/03/how-code-review-best-practices-saved-one-company-millions

IS IT ALL ABOUT BUGS?

BEYOND THAT DEFINITION

DISCUSSIONS

COMMITDISCUSS

DISCUSS

DISCUSSCOMMIT

MERGEhttps://flic.kr/p/fHgQDg

COMMIT DISCUSS

CULTURE

Every Code Review is an opportunity to learn and teach. And a very simple way to build

an engineering culture.https://flic.kr/p/89YLs1

Who should make code review?

ALL TEAM

Team Leader

Junior Developer

Senior Developer

SolutionArchitect

TechnicalSpecialist

https://flic.kr/p/9XdG3M

The social incentives inherent in voluntary code review policies

encourage developers to take ownership of the code.

AUTONOMY

http://alysonschafer.com/wp-content/uploads/2014/08/autonomy_makes_children_more_responsible.jpg

How should we do code review?

CODE REVIEW

WAS HARD

1 CODEREVIEW

viaTOOLS

BREAK TASKS INTO

SMALLERPIECES

https://flic.kr/p/bBZMoJ

team

DEFINITION OF DONE

An agreed team definition of done is essential to produce

high quality code.

teamhttps://flic.kr/p/8oXJWd

http://www.slideshare.net/lemiorhan/fix-your-broken-windows-with-code-review-phpist14

Reorder commits with rebaseto make the review easier.

author

RUBBER DUCK

DEBUGGINGhttps://flic.kr/p/39jEVr

author

author

LET’S DOCODE

REVIEWInstead of finding your own solution, try to understand author’s solution.

https://flic.kr/p/4eLyGdreviewer

MASLOW PYRAMID OF CODE REVIEW

CORRECTSECURE READABLE

ELEGANTALTURIST

reviewer

http://blog.d3in.org/post/111338685456/maslows-pyramid-of-code-review

CORRECT

•  Does the code do what it’s supposed to? •  Does it handle edge cases? •  Is it adequately tested to make sure that it stays correct? •  Is it performant enough for this use case?

reviewer

SECURE

•  Does the code have vulnerabilities?•  Is the data stored safely? •  Is personal identification information handled correctly? •  Could the code be used to induce a DOS? •  Is input validation comprehensive enough?

reviewer

READABLE

•  Is the code easy to read and comprehend? •  Does it make clear what the business requirements are?•  Are variables, functions and classes named appropriately? •  Does it use consistent coding convention?

reviewer

ELEGANT

•  Does the code leverage well-known patterns? •  Does it achieve what it needs to do without sacrificing

simplicity and conciseness?•  Does the code reuse existing functions when applicable?•  Would you be proud of this code?

reviewer

ALTURIST

•  Does the code leave the codebase better than what it was?

•  Does it inspire other engineers to improve their code? •  Is it cleaning up unused code?•  Is it improving documentation, introducing better patterns

through small-scale refactoring?

reviewer

reviewer

CHECKLIST

Develop your own domain and language specific checklist both for better review and

better coding.

reviewer

author

GIVE FEEDBACK

FEEDBACK EMBRACE

FEEDBACK FEEDBACK

https://flic.kr/p/baYdD4

authorreviewer

WATCHyourWORDS

LEAVEyour

EGOhttps://flic.kr/p/kr98Fr

https://flic.kr/p/7JAXE4

IMPLEMENTAGREED

CHANGES

author

MERGEPULL REQUEST

reviewerhttp://www.inc.com/uploaded_files/image/how-to-merge-corporate-culutres-pop_8709.jpg

https://www.previousnext.com.au/blog/automated-drupal-testing-github-pull-requests

CODEREVIEWviaTOOLS

RECAP

TWO DEVELOPER ONE MACHINE

https://flic.kr/p/84RfxX

PAIR PROGRAMMING

2

pair

SOME TASKS

NEEDS TO BE COMPLETED

IN ONE BLOCK

OF TIME

http://groundedpsyche.com/wp-content/uploads/2015/01/Iceberg.png

THINGS CAN HAPPEN

pair

THAT ARE NOTPART OF THE PLAN

https://flic.kr/p/fq4RiW

ONBOARDYOURNEW COMERS

pairhttps://flic.kr/p/5hbe4x

SOME-TIMESYOU JUSTNEED HELP

pair

TEAM REVIEW

3 LET’S GETTOGETHER

team

GETTING READY FOR NEW

TECHNOLOGIEShttp://www.kaizen-news.com/wp-content/uploads/2014/02/5s-ingrediants.jpg

team POST PROJECT REVIEWS

(a.k.a.) AFTER PARTY

CLEANINGhttps://flic.kr/p/2PVtrp

TO MAKE THE RIGHT MOVES

team

SOFTWARE ENGINEERING PRINCIPALS

https://flic.kr/p/4hLh9S

CODE REVIEWPRACTICES

PULL REQUESTSPAIR PROGRAMMING

TEAM REVIEW

RECAP

What is code review?Why it is needed?Who should make review?

How we can do it with tools?How we can do it in pairs?How we can do it as team?

Make peace with the simple fact that the code you’re shipping

today has bugs.

Make peace that your work is never done.

https://flic.kr/p/8ZxReChttp://www.pushing-pixels.org/2015/04/15/make-peace.html

@hakansaglam