Code review... done well

CODE REVIEW… DONE WELL DEVFEST17 - NOVEMBER 2017 WARREN GAVIN
(@APOKRUPTO)

WHAT YOU WANTED WHAT YOU WROTE CODE REVIEW - @APOKRUPTO

IS THIS OK? CODE REVIEW - @APOKRUPTO if (myBool) {
// ... }

IS THIS OK? CODE REVIEW - @APOKRUPTO float myBool =
a - b; if (myBool) { // ... }

WE NEED TO IMPROVE OUR CODE CODE REVIEW - @APOKRUPTO

PEER CODE REVIEWS ARE THE SINGLE BIGGEST THING YOU CAN
DO TO IMPROVE YOUR CODE JEFF ATWOOD CODINGHORROR.COM CODE REVIEW - @APOKRUPTO

procmail.c CODE REVIEW - @APOKRUPTO

A CAUTIONARY TALE CODE REVIEW - @APOKRUPTO

TOTES LIED TO YOU

SOME RULES CODE REVIEW - @APOKRUPTO

BEST PRACTICES CODE REVIEW - @APOKRUPTO

Best Kept Secrets of Peer Code Review © 2013 SmartBear
Software CODE REVIEW - @APOKRUPTO

REVIEW BETWEEN 200-400 LOC CODE REVIEW - @APOKRUPTO

INSPECT 300-500 LOC PER HOUR CODE REVIEW - @APOKRUPTO

NO MORE THAN 90 MINUTES CODE REVIEW - @APOKRUPTO

AS THE AUTHOR, BE PREPARED CODE REVIEW - @APOKRUPTO

AS THE AUTHOR, BE PREPARED LIKE EXAM REVISION HOW OFTEN
DO YOU WRITE CODE AND SAY “GOOD ENOUGH”? CODE REVIEW - @APOKRUPTO

VERIFY FIXES CODE REVIEW - @APOKRUPTO

HAVE A BIG EGO CODE REVIEW - @APOKRUPTO

CODE REVIEW - @APOKRUPTO

AVOID UNINTENDED CONSEQUENCES CODE REVIEW - @APOKRUPTO

String identifier = “foo”; AVOID UNINTENDED CONSEQUENCES CODE REVIEW -
@APOKRUPTO

AVOID UNINTENDED CONSEQUENCES PREFER ENUMS OVER STRINGS & INTS PREFER
PROMOTED TYPES SEND STRICT, ACCEPT STRICT CODE REVIEW - @APOKRUPTO

// COMMENTS CODE REVIEW - @APOKRUPTO

PROS & CONS // COMMENTS CODE REVIEW - @APOKRUPTO

YOU CAN OVERDO IT /* Now bump the count */
(*argc)++; CODE REVIEW - @APOKRUPTO wireshark

IS THIS SELF DOCUMENTING? class Fibonacci { // ... }

IS THIS SELF DOCUMENTING? class Cauchy { // ... }

IF YOU FIND YOURSELF DOING THE SAME THING MORE THAN
THREE TIMES, WRITE A SCRIPT CODE REVIEW - @APOKRUPTO

STATIC ANALYSIS FINDS: CODE REVIEW - @APOKRUPTO

STATIC ANALYSIS FINDS: CODE REVIEW - @APOKRUPTO CODE STYLE INFRACTIONS

COMPLEX CODE

COMPLEX CODE DUPLICATION

COMPLEX CODE DUPLICATION POTENTIAL SECURITY HOLES

WHICH IS CORRECT? if (doFoo) { foo(); } else {
bar(); } if (doFoo) { foo(); } else  { bar(); } if (doFoo) foo(); else bar(); CODE REVIEW - @APOKRUPTO

WHICH IS RIGHT? if (doFoo) { foo(); } else {
bar(); } if (doFoo) { foo(); } else  { bar(); } if (doFoo) foo(); else bar(); CODE REVIEW - @APOKRUPTO

if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if
((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0) goto fail; CODE REVIEW - @APOKRUPTO

COMPLEXITY CODE REVIEW - @APOKRUPTO

COMPLEXITY CODE REVIEW - @APOKRUPTO > 10 MUST REVIEW

COMPLEXITY CODE REVIEW - @APOKRUPTO > 10 MUST REVIEW >
20 MUST CHANGE

COMPLEXITY CODE REVIEW - @APOKRUPTO > 10 MUST REVIEW >
20 MUST CHANGE > 50 FATAL

COMPLEXITY CODE REVIEW - @APOKRUPTO

COMPLEXITY CODE REVIEW - @APOKRUPTO SSLHANDSHAKE.C

================================================= !!!! WARNINGS (CCN > 15 OR ARGUMENTS > 100
OR LENGTH > 1000) !!!! ================================================ NLOC CCN TOKEN PARAM LENGTH LOCATION ------------------------------------------------ 48 18 287 2 55 SSLUPDATEHANDSHAKEMACS@[email protected] 73 16 488 2 87 SSLPROCESSHANDSHAKERECORD@[email protected] 108 22 799 2 146 DTLSPROCESSHANDSHAKERECORD@[email protected] 96 39 513 2 110 SSLPROCESSHANDSHAKEMESSAGE@[email protected] 400 137 2183 2 477 SSLADVANCEHANDSHAKE@[email protected] 43 18 136 1 43 HDSKSTATETOSTR@[email protected]

RECAP CODE REVIEW - @APOKRUPTO

RECAP CODE REVIEW - @APOKRUPTO REVIEW BETWEEN 200-400 LOC

RECAP CODE REVIEW - @APOKRUPTO REVIEW BETWEEN 200-400 LOC INSPECT
300-500 LOC PER HOUR

RECAP CODE REVIEW - @APOKRUPTO REVIEW BETWEEN 200-400 LOC INSPECT
300-500 LOC PER HOUR NO MORE THAN 90 MINUTES

RECAP CODE REVIEW - @APOKRUPTO BE PREPARED

RECAP CODE REVIEW - @APOKRUPTO BE PREPARED HAVE A (BIG)
EGO

RECAP CODE REVIEW - @APOKRUPTO BE PREPARED HAVE A (BIG)
EGO ADOPT CODING GUIDELINES/STYLE

RECAP CODE REVIEW - @APOKRUPTO AVOID UNINTENDED CONSEQUENCES

RECAP CODE REVIEW - @APOKRUPTO AVOID UNINTENDED CONSEQUENCES THINK ABOUT
YOUR COMMENTS

RECAP CODE REVIEW - @APOKRUPTO AVOID UNINTENDED CONSEQUENCES THINK ABOUT
YOUR COMMENTS AUTOMATE THE AUTOMATABLE

READING LIST CODE REVIEW - @APOKRUPTO IN PRAISE OF SUPERFICIAL
BEAUTY HTTPS://CORTE.SI/POSTS/CODE/READING-CODE.HTML CODE REVIEWS: JUST DO IT HTTPS://BLOG.CODINGHORROR.COM/CODE-REVIEWS-JUST-DO-IT/ BEST KEPT SECRETS OF PEER CODE REVIEW HTTPS://SMARTBEAR.COM/SMARTBEAR/MEDIA/PDFS/BEST-KEPT-SECRETS-OF-PEER-CODE-REVIEW.PDF 11 PROVEN PRACTICES FOR MORE EFFECTIVE, EFFICIENT PEER CODE REVIEW HTTPS://WWW.IBM.COM/DEVELOPERWORKS/RATIONAL/LIBRARY/11-PROVEN-PRACTICES-FOR-PEER-REVIEW/ PROCMAIL.C HTTPS://OPENSOURCE.APPLE.COM/SOURCE/PROCMAIL/PROCMAIL-1.2/PROCMAIL/SRC/PROCMAIL.C THE MYTH OF THE COST OF DEFECT HTTP://THKLEIN.COM/EN_US/COST-OF-DEFECT/ A SHORT HISTORY OF THE COST PER DEFECT METRIC HTTP://WWW.IFPUG.ORG/DOCUMENTS/JONES-COSTPERDEFECTMETRICVERSION4.PDF HTTP://LMGTFY.COM/?Q=CODE+REVIEW

OBLIGATORY THANK YOU SLIDE CODE REVIEW - @APOKRUPTO

Code review... done well

Code review... done well

More Decks by Apokrupto

Other Decks in Programming

Featured

Transcript