Effective code reviews

Sebastian Marek - Softw

are Architect

@proofek

• a Pole living in Sheffield• over 12 years in

development• Pascal, C++, PHP, perl,

python, Java• co-author of 2 PHP

books • big fan of process

automation• TDD and CI• occasionally contributes

to open source projects• wants to be a knight

https://joind.in/6947

Who does code reviews?

Disclaimer

All characters appearing in this presentation are fictitious.

Any resemblance to real persons, living or dead, is purely coincidental.

The Team

Harry “Just Get It Done” – The Manager

Tom “I Need It Now” – The Owner

The Team

Adam “The Night Coder” – developer

Kris “Hackety Hack” – master code reviewer

Bruno “It Will Work” – apprentice reviewer

Scenario 1

How much time do we need to get this project done?

Well, design, coding, code reviews, testing…

Do we really need to code review the code? You surely know how to code, and you have tested it and it works… Right?

Scenario 2

Hmmm… all the developers are busy, we have no one spare. Let's skip it and get it straight into QA…

We're nearly done, just need to get this code reviewed.

Scenario 3

Hello Harry, I need John to review my code.

John is busy, you can have Rob.

But Rob is a junior developer, and he doesn't know this system.

You want it code reviewed or not? Rob is all we've got!

Scenario 4

We do all these code review, spend a lot of time on this, but the code that hits production is still buggy. It's a waste of time!

Code review

Adam The Developerto Kris The Reviewer

9:31 PM (0 minutes ago)

Kris,

I got this code I need you to review.Can you do it for me please? The code is in my repository on problem-fix branch.

Thanks

---Adam

Click here to Reply or Forward

Raising a code review

No (e)mail!

Raising a code review

Bug tracking systems- JIRA- Bugtrak- Mantis

Code review tools- Crucible/Fisheye- Gerrit- Github

Code review

Adam The Developerto Kris The Reviewer

9:31 PM (13 minutes ago)

Kris,

I got this code I need you to review.Can you do it for me please? The code is in my repository on problem-fix branch.

Thanks

---Adam

Click here to Reply or Forward

Kris The Reviewerto Adam The Developer

9:44 PM (0 minutes ago)

Adam,

No problem at all, but where did you branch the code from? I can’t identify the change set without it.

---Kris

What to review

Version control• Specific change

sets• avoid specific

commits• Reviewing patches

risky, unless automated

Code review

Adam The Developer 9:31 PM (25 minutes ago)

Kris, I got this code I need you to review. Can you do it for me please? …

Kris The Reviewerto Adam The Developer

9:44 PM (12 minutes ago)

Adam,

No problem at all, but where did you branch the code from? I can’t identify the change set without it.

---Kris

Adam The Developerto Kris The Reviewer

9:56 PM (0 minutes ago)

Kris,

Ah yes. Sorry. It’s branched from my master branch.

---Adam

The purpose of the review

What and

Why?

One way of doing things…

Bruno “It will work”

• Makes sense• Works• Syntactically correct• Approved

Usual feedback produced:

Being smarter…

Kris “The Master Reviewer”

• PHP linter• PHP Code Sniffer• PHPUnit• phpDocumentor• PHP Depend• PHP Mess Detector• Sonar

Tools used:

Speed up with automation - PHP linter and PHP CodeSniffer

$ php -l Libraries/Action.class.php No syntax errors detected in Libraries/Action.class.php

$ php -l Libraries/Action.class.php Errors parsing Libraries/Action.class.php

$ phpcs –standard=Zend Libraries/Action.class.php

FILE: /Volumes/git/modules/AccountChange/Libraries/Action.class.php--------------------------------------------------------------------------------FOUND 2 ERROR(S) AND 1 WARNING(S) AFFECTING 3 LINE(S)-------------------------------------------------------------------------------- 44 | ERROR | Protected member variable "arrOptions" must contain a leading | | underscore 66 | WARNING | Line exceeds 80 characters; contains 82 characters 97 | ERROR | Line exceeds maximum limit of 120 characters; contains 135 | | characters--------------------------------------------------------------------------------

Time: 0 seconds, Memory: 5.75Mb

Verify whether the code works with PHPUnit

$ phpunitPHPUnit 3.6.12 by Sebastian Bergmann.

Configuration read from phpunit.xml.dist

..................IIII................IIIIIIIIIIIIIIIIIIIIIII.. 63 / 240 ( 26%)

.............................................I.....I........... 126 / 240 ( 52%)

............................................................... 189 / 240 ( 78%)

...................................................

Time: 02:01, Memory: 26.75Mb

OK, but incomplete or skipped tests!Tests: 240, Assertions: 514, Incomplete: 29.

Static analysis and code quality with PHP Depend

PHP_Depend 0.10.6 by Manuel Pichler

Parsing source files:.................... 20

Executing CyclomaticComplexity-Analyzer:............. 261

Executing ClassLevel-Analyzer:............ 247

Executing CodeRank-Analyzer:. 28

Executing Coupling-Analyzer:............. 267

Executing Hierarchy-Analyzer:............ 246

Executing Inheritance-Analyzer:. 30

Executing NPathComplexity-Analyzer:.............. 283

Executing NodeCount-Analyzer:........ 174

Executing NodeLoc-Analyzer:.......... 205

Generating pdepend log files, this may take a moment.

Time: 00:05; Memory: 25.50Mb

Static analysis and code quality with PHP Mess Detector

Static analysis and code quality with Sonar

Static analysis and code quality with Sonar

Static analysis and code quality with Sonar

Static analysis and code quality with Sonar

Static analysis and code quality with Sonar

Static analysis and code quality with Sonar

…by looking at things all important

Kris “The Master Reviewer”

Things checked:• clarity• performance• excessive complexity• impact on other

systems• does the solution

solves the problem

• duplications• code quality• potential deployment

issues• design flaws

The benefits of a code review – they are for you!

• Knowledge sharing• Mentoring new starters• Find bugs/design flaws

early• Improve overall code quality• Fostering collective code

ownership

The soft side - developers

• Understand and accept that you will make mistakes.

• You are not your code.

• No matter how much "karate" you know, someone else will always know more.

• Don't rewrite code without consultation.

DEV

ELO

PER

S

The soft side – code reviewers

• The only true authority stems from knowledge, not from position.

• Critique code instead of people

CO

DE

REV

IEW

ERS

Summary - what include in the code review

• Location of your changes– Repository name, branch name, branch base

• Subject of your changes– What have you changed

• Reason for the change– Why have you change it

WH

AT?

Summary - who assign the code review to?

• Seek the experts– If you're not sure ask around

• Question the solution– Make sure it fits the purpose

WH

O?

Summary – where to raise a code review?

• Make it traceable– Bug trucking system, ie. Jira, Trac, Mantis, etc– Code review tool, ie. Fisheye/Crucible, gerrit

• Conversation/Pair programming– Just make sure outcome is captured

WH

ERE?

Summary - how to perform a good code review?

• Use tools, don’t be a tool• Check for duplications/

complexity• Asses impact on other systems• Make sure code is clear and

self-descriptive

HO

W?

Credits…

http://georgegant.deviantart.com/art/Angry-Nerds-217554774http://www.flickr.com/photos/dawgbyte77/3058349367/http://www.flickr.com/photos/zzpza/3269784239/http://www.flickr.com/photos/toolmantim/6170448143/http://www.flickr.com/photos/coyau/7630782996/http://www.flickr.com/photos/73885983@N02/6729908421/http://www.osnews.com/story/19266/WTFs_m

http://www.atlassian.com/angrynerds/

…and references

The Ten Commandments of Egoless Programming: http://alturl.com/q4dpa

The Code review: http://www.soulbroken.co.uk/blog/2010/07/the-code-review/

Fisheye/Crucible: http://www.atlassian.com/software/crucible/overview

Gerrit: http://code.google.com/p/gerrit/

Github: https://github.com/

PHPUnit: http://phpunit.de

PHP CodeSniffer: http://pear.php.net/PHP_CodeSniffer

PHP Depend: http://pdepend.org/

PHP Mess Detector: http://phpmd.org/

Sonar: http://www.sonarsource.org/

Q&A

Questions?

https:// /6947