SlideShare une entreprise Scribd logo

Code review

R
Raquel Pau

Code review is the systematic examination of computer source code to find mistakes. It aims to improve overall software quality by identifying errors missed during initial development. Effective code review processes include pairing programmers, using tools to manage code review workflows, and establishing guidelines for what reviewers should evaluate like requirements, readability, performance, and error handling. Selecting the right code review tool is important to support the chosen workflow and meet a team's particular needs.

Logiciels
1  sur  34
Télécharger pour lire hors ligne
How to start performing useful code reviews Raquel Pau (@raquelpau) rpau@walkmod.com 1 #legacycoderocks
What is Code / Peer Review Code review is systematic examination (sometimes referred to as peer review) of computer source code. It is intended to find mistakes overlooked in the initial development phase, improving the overall quality of software. 2 #legacycoderocks
The origins.. 3 Formal Code Inspection (Fangan 1976) #legacycoderocks
Pair programming u Very effective code review, finds defects early. u Great for sharing knowledge, mentoring. u Requires two developers, co-located u Transient discussion u Personalities 4 #legacycoderocks
Tool-assisted Code Review u Managed workflow and notification u Record of discussion u Asynchronous u Change team culture? 5 #legacycoderocks
“Always code as if the person who ends up maintaining your code is a violent psychopath who knows where you live” John F. Woods (1991) 6 #legacycoderocks
The human factor 7 #legacycoderocks
The team: introducing code review u Communicate clearly u Listen to concerns u Cultivate code review culture 8 #legacycoderocks
Code Review benefits u Finding bugs u Spread code ownership u Exchange knowledge and ideas u Increased bus factor u Promote and evolve standards across an organization u Mentor developers 9 #legacycoderocks
Change impact u Who? u What? u When? 10 #legacycoderocks
Process u Decide the contribution workflow u Patches / Branches / Pull requests u Keep workflow simple u Iterations are good u Average 2 reviewers 11 Work on feature/fix Commit the change Review the change Done Problems found #legacycoderocks
Tools u Yes, you need a code review tool u Find the right tool: u Fits in your environment u Supports chosen workflow u Meets your particular needs 12 #legacycoderocks
As a code author u Review your own code u Commit small changes u Document your code u Provide meaningful commit messages 13 #legacycoderocks
As a reviewer u Don’t postpone it (mental flows interruptions) u Don’t spend too much time (10min, 30min, 1h) u Keep in mind your project’s priorities u Manage technical debt properly u Apply your expertise 14 #legacycoderocks
Use Quality Gates & CI tools u Tests execution u Test Coverage u Code Style Analysis 15 #legacycoderocks
What to look for? Create your own checklist! u Requirements correctness u Readability u Architecture and design u Performance u Errors & Security management 16 #legacycoderocks
Requirements correctness u Are tests descriptive enough? u Are there any bugs? u Are the business rules and logic fully implemented and tested? 17 #legacycoderocks
Readability u Use appropriate names u Documentation u Define and use formatters 18 #legacycoderocks
Architecture and design review u Are we modifying the same files over and over again? u Is this functionality already implemented in another place? u Are there any libraries to perform that? u Data structures u Is this over engineered? 19 #legacycoderocks
Performance u Performance requirements u Performance tests u Common causes of performance problems: u Unnecessary network calls u Using locks to access shared resources u Potential memory leaks u Not closed connections/streams u Calls to databases 20 #legacycoderocks
Errors & security management u Errors are handled properly u Are using special codes/exceptions for each problems u Authentication u Third party libraries 21 #legacycoderocks
Human factor u Ego-free reviews u Do not be a pedant u Find problems, not solutions u Embrace feedback 22 #legacycoderocks
Workflow: validate as quick as possible 23 Send a patch to apply Hook Clone the project and apply the patch Receives the patch to review Build Project Quality GateWrite code #legacycoderocks
Workflow: validate as quick as possible 24 Send a patch to apply Hook Clone the project and apply the patch Receives the patch to review Build Project Quality GateWrite code #legacycoderocks
Pre code-review tools u Test coverage u Build problems u Static code analysis tools u Detect style issues u Detect common bugs u Detect dead code u Detect design issues 25 #legacycoderocks
code-review tools u Pull requests u GitHub / Bitbucket u Upsource u Jetbrains u FishEye + Crucible u Atlassian (JIRA) u Gerrit (open source) u Google u Reviewable.io 26 #legacycoderocks
code-review tools: pull-requests u It is a diff / patch visualization u A thread of comments u Usually people express their opinions with +1, -1, +1000 J u After an agreement, project owners can apply the patch u The code review is merged 27 #legacycoderocks
code-review tools: upsource u Integrated static code analysis u Code navigation u Find usages u IDE plugin 28 #legacycoderocks
29 #legacycoderocks
code-review tools: fisheye u Great integration with Atlassian products u Crucible, Bitbucket + JIRA u Like Pull requests u Share pieces of code u Open discussions u Validate patches /diffs. 30 #legacycoderocks
code-review tools: gerrit u Gerrit manages the real changes to the final repository. u It becomes the developer repository: git clone ssh://gerrithost:29418/RecipeBook.git u Special branches for code review git push origin HEAD:refs/for/master 31 #legacycoderocks
32 #legacycoderocks
code-review tools: reviwable.io u SaaS solution u https://reviewable.io/ u Improved used experience from GitHub pull requests. u Shows you what changed since last time you looked u Manages comments so your inbox does not overflow. u Integrates effortless with GitHub pull requests 33 #legacycoderocks
thanks for your attention 34 Raquel Pau (@raquelpau) rpau@walkmod.com #legacycoderocks

Recommandé

Design Patterns
Design PatternsDesign Patterns
Design PatternsRaquel Pau
 
Technical debt management strategies
Technical debt management strategiesTechnical debt management strategies
Technical debt management strategiesRaquel Pau
 
Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)IIUM
 
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# AnalysisCoverity
 
Importance of the quality of code
Importance of the quality of codeImportance of the quality of code
Importance of the quality of codeShwe Yee
 
Death to project documentation with eXtreme Programming
Death to project documentation with eXtreme ProgrammingDeath to project documentation with eXtreme Programming
Death to project documentation with eXtreme ProgrammingAlex Fernandez
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit TestingSøren Lund
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Søren Lund
 

Recommandé

Design Patterns
Design PatternsDesign Patterns
Design PatternsRaquel Pau
 
Technical debt management strategies
Technical debt management strategiesTechnical debt management strategies
Technical debt management strategiesRaquel Pau
 
Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)IIUM
 
The Psychology of C# Analysis
The Psychology of C# AnalysisThe Psychology of C# Analysis
The Psychology of C# AnalysisCoverity
 
Importance of the quality of code
Importance of the quality of codeImportance of the quality of code
Importance of the quality of codeShwe Yee
 
Death to project documentation with eXtreme Programming
Death to project documentation with eXtreme ProgrammingDeath to project documentation with eXtreme Programming
Death to project documentation with eXtreme ProgrammingAlex Fernandez
 
Beyond Unit Testing
Beyond Unit TestingBeyond Unit Testing
Beyond Unit TestingSøren Lund
 
Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Documenting Code - Patterns and Anti-patterns - NLPW 2016
Documenting Code - Patterns and Anti-patterns - NLPW 2016Søren Lund
 
Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?CISPA Helmholtz Center for Information Security
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualityDmytro Patserkovskyi
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016Søren Lund
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar OverviewSamuel Langlois
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy codeAlex Soto
 
MATLAB Expert Help Research Ideas
MATLAB Expert Help Research IdeasMATLAB Expert Help Research Ideas
MATLAB Expert Help Research IdeasMatlab Simulation
 
Testing 101: Three Rules for Testing at Ombu Labs
Testing 101: Three Rules for Testing at Ombu Labs Testing 101: Three Rules for Testing at Ombu Labs
Testing 101: Three Rules for Testing at Ombu Labs Ombu Labs, The Lean Software Boutique
 
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Raffi Khatchadourian
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolIvan Ruchkin
 
Turpentine OSS
Turpentine OSSTurpentine OSS
Turpentine OSSMiguel Ignacio Balparda
 
Software Analysis using Natural Language Queries
Software Analysis using Natural Language QueriesSoftware Analysis using Natural Language Queries
Software Analysis using Natural Language QueriesPooja Rani
 
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopCoverity
 
Freddie Mac Internship Overview
Freddie Mac Internship OverviewFreddie Mac Internship Overview
Freddie Mac Internship OverviewCharles Stolze
 
Advanced language testing with XPECT
Advanced language testing with XPECTAdvanced language testing with XPECT
Advanced language testing with XPECTjoergreichert
 
St 1.3
St 1.3St 1.3
St 1.3Gunasekhar Ravilla
 
Sonar Metrics
Sonar MetricsSonar Metrics
Sonar MetricsKeheliya Gallaba
 
Project 2 the second project involves/tutorialoutlet
Project 2 the second project involves/tutorialoutletProject 2 the second project involves/tutorialoutlet
Project 2 the second project involves/tutorialoutletMessanz
 
Sonar rules in action with walkmod
Sonar rules in action with walkmodSonar rules in action with walkmod
Sonar rules in action with walkmodRaquel Pau
 
Why you should integrate peer code reviews in your software company
Why you should integrate peer code reviews in your software companyWhy you should integrate peer code reviews in your software company
Why you should integrate peer code reviews in your software companyMatts Devriendt
 
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Atlassian
 

Contenu connexe

Tendances

Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualityDmytro Patserkovskyi
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016Søren Lund
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaNexus FrontierTech
 
Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy codeAlex Soto
 
MATLAB Expert Help Research Ideas
MATLAB Expert Help Research IdeasMATLAB Expert Help Research Ideas
MATLAB Expert Help Research IdeasMatlab Simulation
 
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Raffi Khatchadourian
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolIvan Ruchkin
 
Software Analysis using Natural Language Queries
Software Analysis using Natural Language QueriesSoftware Analysis using Natural Language Queries
Software Analysis using Natural Language QueriesPooja Rani
 
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopCoverity
 
Freddie Mac Internship Overview
Freddie Mac Internship OverviewFreddie Mac Internship Overview
Freddie Mac Internship OverviewCharles Stolze
 
Advanced language testing with XPECT
Advanced language testing with XPECTAdvanced language testing with XPECT
Advanced language testing with XPECTjoergreichert
 
Project 2 the second project involves/tutorialoutlet
Project 2 the second project involves/tutorialoutletProject 2 the second project involves/tutorialoutlet
Project 2 the second project involves/tutorialoutletMessanz
 

Tendances (19)

Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?Do Bugs Reside in Complex Code?
Do Bugs Reside in Complex Code?
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code Quality
 
Documenting code yapceu2016
Documenting code yapceu2016Documenting code yapceu2016
Documenting code yapceu2016
 
Sonar Overview
Sonar OverviewSonar Overview
Sonar Overview
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng NghĩaTech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
Tech Talk #5 : Code Analysis SonarQube - Lương Trọng Nghĩa
 
Testing strategies for legacy code
Testing strategies for legacy codeTesting strategies for legacy code
Testing strategies for legacy code
 
MATLAB Expert Help Research Ideas
MATLAB Expert Help Research IdeasMATLAB Expert Help Research Ideas
MATLAB Expert Help Research Ideas
 
Testing 101: Three Rules for Testing at Ombu Labs
Testing 101: Three Rules for Testing at Ombu Labs Testing 101: Three Rules for Testing at Ombu Labs
Testing 101: Three Rules for Testing at Ombu Labs
 
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...Proactive Empirical Assessment of New Language Feature Adoption via Automated...
Proactive Empirical Assessment of New Language Feature Adoption via Automated...
 
Data Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification ToolData Generation with PROSPECT: a Probability Specification Tool
Data Generation with PROSPECT: a Probability Specification Tool
 
Turpentine OSS
Turpentine OSSTurpentine OSS
Turpentine OSS
 
Software Analysis using Natural Language Queries
Software Analysis using Natural Language QueriesSoftware Analysis using Natural Language Queries
Software Analysis using Natural Language Queries
 
Finding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCopFinding Defects in C#: Coverity vs. FxCop
Finding Defects in C#: Coverity vs. FxCop
 
Freddie Mac Internship Overview
Freddie Mac Internship OverviewFreddie Mac Internship Overview
Freddie Mac Internship Overview
 
Advanced language testing with XPECT
Advanced language testing with XPECTAdvanced language testing with XPECT
Advanced language testing with XPECT
 
St 1.3
St 1.3St 1.3
St 1.3
 
Sonar Metrics
Sonar MetricsSonar Metrics
Sonar Metrics
 
Project 2 the second project involves/tutorialoutlet
Project 2 the second project involves/tutorialoutletProject 2 the second project involves/tutorialoutlet
Project 2 the second project involves/tutorialoutlet
 

En vedette

Sonar rules in action with walkmod
Sonar rules in action with walkmodSonar rules in action with walkmod
Sonar rules in action with walkmodRaquel Pau
 
Why you should integrate peer code reviews in your software company
Why you should integrate peer code reviews in your software companyWhy you should integrate peer code reviews in your software company
Why you should integrate peer code reviews in your software companyMatts Devriendt
 
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Atlassian
 
Code reviews
Code reviewsCode reviews
Code reviewsJuan Maiz
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessDr. Syed Hassan Amin
 
Code Review Tool Evaluation
Code Review Tool EvaluationCode Review Tool Evaluation
Code Review Tool EvaluationKate Semizhon
 
Code reviews - Leave your ego at the door
Code reviews - Leave your ego at the doorCode reviews - Leave your ego at the door
Code reviews - Leave your ego at the doorFrank Sons
 

En vedette (7)

Sonar rules in action with walkmod
Sonar rules in action with walkmodSonar rules in action with walkmod
Sonar rules in action with walkmod
 
Why you should integrate peer code reviews in your software company
Why you should integrate peer code reviews in your software companyWhy you should integrate peer code reviews in your software company
Why you should integrate peer code reviews in your software company
 
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
 
Code reviews
Code reviewsCode reviews
Code reviews
 
Improving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review ProcessImproving Code Quality Through Effective Review Process
Improving Code Quality Through Effective Review Process
 
Code Review Tool Evaluation
Code Review Tool EvaluationCode Review Tool Evaluation
Code Review Tool Evaluation
 
Code reviews - Leave your ego at the door
Code reviews - Leave your ego at the doorCode reviews - Leave your ego at the door
Code reviews - Leave your ego at the door
 

Similaire à Code review

Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
 
Aliaksei Skobeleu "Taking Control Over Code Metrics"
Aliaksei Skobeleu "Taking Control Over Code Metrics"Aliaksei Skobeleu "Taking Control Over Code Metrics"
Aliaksei Skobeleu "Taking Control Over Code Metrics"LogeekNightUkraine
 
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard WorkTaming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard WorkJoseph Yoder
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsShafiul Azam Chowdhury
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without TestingNagarro
 
Stack overflow code_laundering
Stack overflow code_launderingStack overflow code_laundering
Stack overflow code_launderingFoutse Khomh
 
CROSSMINER Project at OW2con'19
CROSSMINER Project at OW2con'19CROSSMINER Project at OW2con'19
CROSSMINER Project at OW2con'19OW2
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
20220603_pperego_openSUSE conference.pdf
20220603_pperego_openSUSE conference.pdf20220603_pperego_openSUSE conference.pdf
20220603_pperego_openSUSE conference.pdfPaolo Perego
 
Introducing Systems Analysis Design Development
Introducing Systems Analysis Design DevelopmentIntroducing Systems Analysis Design Development
Introducing Systems Analysis Design Developmentbsadd
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfJavier Perez
 
technical debt management strategies
technical debt management strategiestechnical debt management strategies
technical debt management strategiesRaquel Pau
 
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSMatteo Emili
 
GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families
GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families
GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families Mohamed BOUSSAA
 
Indy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-muleIndy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-muleikram_ahamed
 
Code reviews: a short introduction
Code reviews: a short introductionCode reviews: a short introduction
Code reviews: a short introductionFreekDB
 
Code Review Looking for a vulnerable code. Vlad Savitsky.
Code Review Looking for a vulnerable code. Vlad Savitsky.Code Review Looking for a vulnerable code. Vlad Savitsky.
Code Review Looking for a vulnerable code. Vlad Savitsky.DrupalCampDN
 

Similaire à Code review (20)

Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
 
Aliaksei Skobeleu "Taking Control Over Code Metrics"
Aliaksei Skobeleu "Taking Control Over Code Metrics"Aliaksei Skobeleu "Taking Control Over Code Metrics"
Aliaksei Skobeleu "Taking Control Over Code Metrics"
 
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard WorkTaming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
 
Who Should Review My Code?
Who Should Review My Code? Who Should Review My Code?
Who Should Review My Code?
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without Testing
 
Stack overflow code_laundering
Stack overflow code_launderingStack overflow code_laundering
Stack overflow code_laundering
 
CROSSMINER Project at OW2con'19
CROSSMINER Project at OW2con'19CROSSMINER Project at OW2con'19
CROSSMINER Project at OW2con'19
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
 
20220603_pperego_openSUSE conference.pdf
20220603_pperego_openSUSE conference.pdf20220603_pperego_openSUSE conference.pdf
20220603_pperego_openSUSE conference.pdf
 
Introducing Systems Analysis Design Development
Introducing Systems Analysis Design DevelopmentIntroducing Systems Analysis Design Development
Introducing Systems Analysis Design Development
 
Illustrated Code (ASE 2021)
Illustrated Code (ASE 2021)Illustrated Code (ASE 2021)
Illustrated Code (ASE 2021)
 
Software maintenance PyConPL 2016
Software maintenance PyConPL 2016Software maintenance PyConPL 2016
Software maintenance PyConPL 2016
 
Open Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdfOpen Source Security and ChatGPT-Published.pdf
Open Source Security and ChatGPT-Published.pdf
 
technical debt management strategies
technical debt management strategiestechnical debt management strategies
technical debt management strategies
 
A year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTSA year of SonarQube and TFS/VSTS
A year of SonarQube and TFS/VSTS
 
GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families
GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families
GPCE16 Poster: Automatic Non-functional Testing of Code Generators Families
 
Indy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-muleIndy meetup#7 effective unit-testing-mule
Indy meetup#7 effective unit-testing-mule
 
Code reviews: a short introduction
Code reviews: a short introductionCode reviews: a short introduction
Code reviews: a short introduction
 
Code Review Looking for a vulnerable code. Vlad Savitsky.
Code Review Looking for a vulnerable code. Vlad Savitsky.Code Review Looking for a vulnerable code. Vlad Savitsky.
Code Review Looking for a vulnerable code. Vlad Savitsky.
 

Dernier

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Dernier (20)

A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Code review

  • 1. How to start performing useful code reviews Raquel Pau (@raquelpau) rpau@walkmod.com 1 #legacycoderocks
  • 2. What is Code / Peer Review Code review is systematic examination (sometimes referred to as peer review) of computer source code. It is intended to find mistakes overlooked in the initial development phase, improving the overall quality of software. 2 #legacycoderocks
  • 3. The origins.. 3 Formal Code Inspection (Fangan 1976) #legacycoderocks
  • 4. Pair programming u Very effective code review, finds defects early. u Great for sharing knowledge, mentoring. u Requires two developers, co-located u Transient discussion u Personalities 4 #legacycoderocks
  • 5. Tool-assisted Code Review u Managed workflow and notification u Record of discussion u Asynchronous u Change team culture? 5 #legacycoderocks
  • 6. “Always code as if the person who ends up maintaining your code is a violent psychopath who knows where you live” John F. Woods (1991) 6 #legacycoderocks
  • 8. The team: introducing code review u Communicate clearly u Listen to concerns u Cultivate code review culture 8 #legacycoderocks
  • 9. Code Review benefits u Finding bugs u Spread code ownership u Exchange knowledge and ideas u Increased bus factor u Promote and evolve standards across an organization u Mentor developers 9 #legacycoderocks
  • 10. Change impact u Who? u What? u When? 10 #legacycoderocks
  • 11. Process u Decide the contribution workflow u Patches / Branches / Pull requests u Keep workflow simple u Iterations are good u Average 2 reviewers 11 Work on feature/fix Commit the change Review the change Done Problems found #legacycoderocks
  • 12. Tools u Yes, you need a code review tool u Find the right tool: u Fits in your environment u Supports chosen workflow u Meets your particular needs 12 #legacycoderocks
  • 13. As a code author u Review your own code u Commit small changes u Document your code u Provide meaningful commit messages 13 #legacycoderocks
  • 14. As a reviewer u Don’t postpone it (mental flows interruptions) u Don’t spend too much time (10min, 30min, 1h) u Keep in mind your project’s priorities u Manage technical debt properly u Apply your expertise 14 #legacycoderocks
  • 15. Use Quality Gates & CI tools u Tests execution u Test Coverage u Code Style Analysis 15 #legacycoderocks
  • 16. What to look for? Create your own checklist! u Requirements correctness u Readability u Architecture and design u Performance u Errors & Security management 16 #legacycoderocks
  • 17. Requirements correctness u Are tests descriptive enough? u Are there any bugs? u Are the business rules and logic fully implemented and tested? 17 #legacycoderocks
  • 18. Readability u Use appropriate names u Documentation u Define and use formatters 18 #legacycoderocks
  • 19. Architecture and design review u Are we modifying the same files over and over again? u Is this functionality already implemented in another place? u Are there any libraries to perform that? u Data structures u Is this over engineered? 19 #legacycoderocks
  • 20. Performance u Performance requirements u Performance tests u Common causes of performance problems: u Unnecessary network calls u Using locks to access shared resources u Potential memory leaks u Not closed connections/streams u Calls to databases 20 #legacycoderocks
  • 21. Errors & security management u Errors are handled properly u Are using special codes/exceptions for each problems u Authentication u Third party libraries 21 #legacycoderocks
  • 22. Human factor u Ego-free reviews u Do not be a pedant u Find problems, not solutions u Embrace feedback 22 #legacycoderocks
  • 23. Workflow: validate as quick as possible 23 Send a patch to apply Hook Clone the project and apply the patch Receives the patch to review Build Project Quality GateWrite code #legacycoderocks
  • 24. Workflow: validate as quick as possible 24 Send a patch to apply Hook Clone the project and apply the patch Receives the patch to review Build Project Quality GateWrite code #legacycoderocks
  • 25. Pre code-review tools u Test coverage u Build problems u Static code analysis tools u Detect style issues u Detect common bugs u Detect dead code u Detect design issues 25 #legacycoderocks
  • 26. code-review tools u Pull requests u GitHub / Bitbucket u Upsource u Jetbrains u FishEye + Crucible u Atlassian (JIRA) u Gerrit (open source) u Google u Reviewable.io 26 #legacycoderocks
  • 27. code-review tools: pull-requests u It is a diff / patch visualization u A thread of comments u Usually people express their opinions with +1, -1, +1000 J u After an agreement, project owners can apply the patch u The code review is merged 27 #legacycoderocks
  • 28. code-review tools: upsource u Integrated static code analysis u Code navigation u Find usages u IDE plugin 28 #legacycoderocks
  • 30. code-review tools: fisheye u Great integration with Atlassian products u Crucible, Bitbucket + JIRA u Like Pull requests u Share pieces of code u Open discussions u Validate patches /diffs. 30 #legacycoderocks
  • 31. code-review tools: gerrit u Gerrit manages the real changes to the final repository. u It becomes the developer repository: git clone ssh://gerrithost:29418/RecipeBook.git u Special branches for code review git push origin HEAD:refs/for/master 31 #legacycoderocks
  • 33. code-review tools: reviwable.io u SaaS solution u https://reviewable.io/ u Improved used experience from GitHub pull requests. u Shows you what changed since last time you looked u Manages comments so your inbox does not overflow. u Integrates effortless with GitHub pull requests 33 #legacycoderocks
  • 34. thanks for your attention 34 Raquel Pau (@raquelpau) rpau@walkmod.com #legacycoderocks