Code review... done well

CODE REVIEW… DONE WELL
DEVFEST17 - NOVEMBER 2017
WARREN GAVIN (@APOKRUPTO)

View Slide

WHAT YOU WANTED
WHAT YOU WROTE
CODE REVIEW - @APOKRUPTO

View Slide

IS THIS OK?
if (myBool) {
// ...
}

View Slide

IS THIS OK?
float myBool = a - b;
if (myBool) {
// ...
}

View Slide

WE NEED TO IMPROVE OUR CODE

View Slide

PEER CODE REVIEWS ARE THE
SINGLE BIGGEST THING YOU
CAN DO TO IMPROVE YOUR
CODE
JEFF ATWOOD
CODINGHORROR.COM

View Slide

View Slide

procmail.c

View Slide

A CAUTIONARY TALE

View Slide

View Slide

TOTES LIED
TO YOU

View Slide

View Slide

SOME RULES

View Slide

View Slide

BEST PRACTICES

View Slide

View Slide

Best Kept Secrets of Peer Code Review © 2013 SmartBear Software

View Slide

REVIEW BETWEEN
200-400 LOC

View Slide


View Slide

INSPECT 300-500 LOC
PER HOUR

View Slide

View Slide

NO MORE THAN 90
MINUTES

View Slide

AS THE AUTHOR, BE
PREPARED

View Slide


View Slide

AS THE AUTHOR, BE
PREPARED
LIKE EXAM REVISION
HOW OFTEN DO YOU WRITE CODE
AND SAY “GOOD ENOUGH”?

View Slide

VERIFY FIXES

View Slide

HAVE A BIG EGO

View Slide


View Slide

AVOID UNINTENDED
CONSEQUENCES

View Slide

String identifier = “foo”;
AVOID UNINTENDED
CONSEQUENCES

View Slide

AVOID UNINTENDED
CONSEQUENCES
PREFER ENUMS OVER STRINGS & INTS
PREFER PROMOTED TYPES
SEND STRICT, ACCEPT STRICT

View Slide

// COMMENTS

View Slide

PROS & CONS
// COMMENTS

View Slide

YOU CAN OVERDO IT
/* Now bump the count */
(*argc)++;
CODE REVIEW - @APOKRUPTO wireshark

View Slide

IS THIS SELF DOCUMENTING?
class Fibonacci {
// ...
}

View Slide

IS THIS SELF DOCUMENTING?
class Cauchy {
// ...
}

View Slide

View Slide

IF YOU FIND YOURSELF DOING
THE SAME THING MORE THAN
THREE TIMES, WRITE A SCRIPT

View Slide

STATIC ANALYSIS FINDS:

View Slide

CODE STYLE INFRACTIONS

View Slide

COMPLEX CODE

View Slide

COMPLEX CODE
DUPLICATION

View Slide

COMPLEX CODE
DUPLICATION
POTENTIAL SECURITY HOLES

View Slide

WHICH IS CORRECT?
if (doFoo) {
foo();
} else {
bar();
}
if (doFoo)
{
foo();
}
else 
{
bar();
}
if (doFoo)
foo();
else
bar();

View Slide

WHICH IS RIGHT?
if (doFoo) {
foo();
} else {
bar();
}
if (doFoo)
{
foo();
}
else 
{
bar();
}
if (doFoo)
foo();
else
bar();

View Slide

if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;

View Slide

COMPLEXITY

View Slide

COMPLEXITY
> 10 MUST REVIEW

View Slide

COMPLEXITY
> 10 MUST REVIEW
> 20 MUST CHANGE

View Slide

COMPLEXITY
> 10 MUST REVIEW
> 20 MUST CHANGE
> 50 FATAL

View Slide

COMPLEXITY

View Slide

COMPLEXITY
SSLHANDSHAKE.C

View Slide

=================================================
!!!! WARNINGS (CCN > 15 OR ARGUMENTS > 100 OR LENGTH > 1000) !!!!
================================================
NLOC CCN TOKEN PARAM LENGTH LOCATION
------------------------------------------------
48 18 287 2 55 [email protected]@SSLHANDSHAKE.C

View Slide

View Slide

RECAP

View Slide

RECAP
REVIEW BETWEEN 200-400 LOC

View Slide

RECAP
INSPECT 300-500 LOC PER HOUR

View Slide

RECAP
INSPECT 300-500 LOC PER HOUR
NO MORE THAN 90 MINUTES

View Slide

RECAP
BE PREPARED

View Slide

RECAP
BE PREPARED
HAVE A (BIG) EGO

View Slide

RECAP
BE PREPARED
HAVE A (BIG) EGO
ADOPT CODING GUIDELINES/STYLE

View Slide

RECAP
AVOID UNINTENDED CONSEQUENCES

View Slide

RECAP
THINK ABOUT YOUR COMMENTS

View Slide

RECAP
THINK ABOUT YOUR COMMENTS
AUTOMATE THE AUTOMATABLE

View Slide

READING LIST
IN PRAISE OF SUPERFICIAL BEAUTY
HTTPS://CORTE.SI/POSTS/CODE/READING-CODE.HTML
CODE REVIEWS: JUST DO IT
HTTPS://BLOG.CODINGHORROR.COM/CODE-REVIEWS-JUST-DO-IT/
BEST KEPT SECRETS OF PEER CODE REVIEW
HTTPS://SMARTBEAR.COM/SMARTBEAR/MEDIA/PDFS/BEST-KEPT-SECRETS-OF-PEER-CODE-REVIEW.PDF
11 PROVEN PRACTICES FOR MORE EFFECTIVE, EFFICIENT PEER CODE REVIEW
HTTPS://WWW.IBM.COM/DEVELOPERWORKS/RATIONAL/LIBRARY/11-PROVEN-PRACTICES-FOR-PEER-REVIEW/
PROCMAIL.C
HTTPS://OPENSOURCE.APPLE.COM/SOURCE/PROCMAIL/PROCMAIL-1.2/PROCMAIL/SRC/PROCMAIL.C
THE MYTH OF THE COST OF DEFECT
HTTP://THKLEIN.COM/EN_US/COST-OF-DEFECT/
A SHORT HISTORY OF THE COST PER DEFECT METRIC
HTTP://WWW.IFPUG.ORG/DOCUMENTS/JONES-COSTPERDEFECTMETRICVERSION4.PDF
HTTP://LMGTFY.COM/?Q=CODE+REVIEW

View Slide

OBLIGATORY THANK YOU
SLIDE

View Slide

Code review... done well

Code review... done well

Apokrupto

More Decks by Apokrupto

Other Decks in Programming

Featured

Transcript