Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Code Reviews: The #1 Way to Improve Code Quality

Code Reviews: The #1 Way to Improve Code Quality

Craig Berntson

October 01, 2016
Tweet

More Decks by Craig Berntson

Other Decks in Programming

Transcript

  1. EGO STUFF AUTHOR Continuous Integration in .NET Manning Publishing MICROSOFT

    MVP 20+ years, currently for Developer Tools .NET ARCHITECT TECHNICAL SPEAKER 20+ years as international speaker AUTHOR Software Gardening column DNC Magazine COMMUNITY INFLUENCER Grape City
  2. TODAY’S AGENDA  What is a code review  Impact

    of a code review  Types of code reviews  The Reviewer  The Reviewee
  3. Recent work by Tom Gilb, one of the more prominent

    authors dealing with software inspections, and his colleagues continues to support earlier findings that a human being inspecting code is the most effective way to find and eliminate complex problems that originate in requirements, design, and other noncode deliverables. Indeed, to identify deeper problems in source code, formal code inspection outranks testing in terms of defect-removal efficiency levels. - "Do You Inspect?“ - Capers Jones and Olivier Bonsignour 2011
  4. Code review is systematic examination (sometimes referred to as peer

    review) of computer source code. It is intended to find mistakes overlooked in the initial development phase, improving the overall quality of software. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections. DEFINITION - Wikipedia
  5. Code review is systematic examination (sometimes referred to as peer

    review) of computer source code. It is intended to find mistakes overlooked in the initial development phase, improving the overall quality of software. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections. DEFINITION - Wikipedia
  6. Code review is systematic examination (sometimes referred to as peer

    review) of computer source code. It is intended to find mistakes overlooked in the initial development phase, improving the overall quality of software. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections. DEFINITION - Wikipedia
  7. WHAT IS A CODE REVIEW  Determine what is being

    done well and what can be done better  It is not a witch hunt  Sharing findings makes all developers involved better  No one size fits all - Shawn Wildermuth: Pluralsight
  8. TYPES OF CODE REVIEWS FORMAL • Reviewers get code and

    read it before review meeting • All parties meet to go through code INFORMAL • Reviewers get code and email comments to author AUTOMATED • Software flags suspect code that doesn’t follow guidelines • Human reviewers enter additional comments PULL REQUEST • Reviewers look at code changes before merge
  9. … software testing alone has limited effectiveness – the average

    defect detection rate is only 25 percent for unit testing, 35 percent for function testing, and 45 percent for integration testing. In contrast, the average effectiveness of design and code inspections are 55 and 60 percent. programming, informal walkthroughs, and formal inspections. - Code Complete
  10. WHAT DO YOU FEEL IS THE NUMBER ONE THING A

    COMPANY CAN DO TO IMPROVE CODE QUALITY Code Review 34% Unit Testing 24% Integration Testing 17% Function Testing 12% Other 13% SmartBear
  11. WHAT DO YOU THINK ARE THE MOST IMPORTANT BENEFITS OF

    CODE REVIEW? 84 62 61 56 48 27 26 23 21 16 0 10 20 30 40 50 60 70 80 90 Improved Quality Ability to Mentor Enhanced Maintainability Adhere to Coding Standards Increased Collaboration Reduce Time & Costs Compliance with Regulations Customer Satisfaction Set Expectations Competitive Advantage SmartBear
  12. HOURS TO FIX A BUG Stage Introduced Requirements Coding/Unit Testing

    Integration Beta Testing Production Requirements 1.2 8.8 14.8 15.0 18.7 Coding/Unit Testing NA 3.2 9.7 12.2 14.8 Integration NA NA 6.7 12.0 17.3 Stage Found http://www.nist.gov
  13. A BIONIC CULTURAL HAMMER Promotes openness Raises team standards Propels

    teamwork Keeps security top of mind Shapes the culture http://www.fullstory.com
  14. Don’t review for code style; there are much better things

    on which to spend your time, than arguing over the placement of white spaces. Looking for bugs and performance issues is the primary goal and is where the majority of your time should be spent. Suggestions on maintenance best practices can be brought up after the bugs have been discussed. . WHAT TO LOOK FOR - msdn.com
  15. READ THE CODE  Learn by looking at the codebase

     Search for patterns and anti-patterns  Look for what they’re doing well  Look for what they’re doing that is causing problems  Quantify the quality of the code  Not exhaustive, spot check - Shawn Wildermuth: Pluralsight
  16. WHEN YOU’RE THE REVIEWER  Ask questions rather than make

    statements  Avoid the “why” questions  Give praise  Have good coding guidelines  Stay focused on the code, not the coder  There is more than one way to approach a solution  Look for patterns rather than individual bugs
  17. HOW TO REVIEW CODE  Take your experience to bear

     Find things to laud and things to fix  Look for common (repeated problems) not of-off issues  Review 200-400 lines at a time  Reviewing the entire code base is not beneficial  No code is perfect  Maintainable code is a feature - Shawn Wildermuth: Pluralsight
  18. WHAT TO LOOK FOR  Does the code do the

    job is was supposed to do  Does the code follow coding guidelines  Are there just enough comments (none?)  Are there unit tests for this code  Can I understand this code from just reading it  Does this code belong here or in its own method/class (SRP)  Is code being replaced, commented out, or removed
  19. WHAT NOT TO DO  Don’t get emotional  Don’t

    focus on blame  Don’t redesign the code  Don’t judge how you would have done it  Don’t include one-off problems
  20. WHEN YOU’RE THE REVIEWEE • We get attached to our

    code, but can learn from the reviewers, even when they’re less experienced Remember the code isn’t you • Items the reviewers tend to look for • Do your own review with the checklist before submitting the code for review Have a checklist of review items • Are things missing? • Do things need to be updated? • Do things need to be removed? Help maintain the coding guidelines
  21. HOW OFTEN SHOULD YOU REVIEW CODE  Depends on the

    team  General rule: no code should be checked in / merged without a code review
  22. THE BAD  Developer often feels it’s an attack on

    her design  It adds time to the schedule  Can become a battle of who is the better coder
  23. REVIEW  What is a code review  Impact of

    a code review  Types of code reviews  The Reviewer  The Reviewee