code review in practice

Code Review

in practice Froscon 2011

Volker Dusch / @__edorian

Me?

2 Introduction

Volker Dusch

@__edorian

3 Introduction

PHP for around 9 years

4 Introduction

I‟m currently into TDD, CI,

Clean Code and shipping

5 Introduction

…amongst other stuff

Just go and buy those

6 Introduction

*Book covers used under fair use

Ask questions at any time!

7 Introduction

We‟re gonna talk about

Code Review

8 Agenda

Why do it?

9 Agenda

What types exist?

10 Agenda

How to do it?

11 Agenda

My story!

12 Agenda

Why do Code Review?

13 Why do Code Review?

Define „Code Review‟


'Code Review' describes the systematic

examination of source code

Because code is written

by Humans


Because code is read

by Humans


… a lot

It‟s easy to write code

for machines


… they will understand it

…well they will execute it

But Humans think

differently of code


Mandatory Code Review Joke


Used under Fair Use: © Focus Shift

So.. Code Review


It‟s meant to improve


readability, maintainability

and stability or your code


... so code quality

Improve

the knowledge of

software developers


Improve

achieved by…


more people looking at

the code


before the customer

experiences the changes

achieved by

finding more bugs during

development


achieved by

making sure the code is

understandable by humans


achieved by

bringing devs together to

talk code


leading to…

achieved by

easier team growing


or team building …

achieved by

higher consistency


formatting, architecture, …

achieved by

easier & more mentoring


because training people rocks!

achieved by

Types of Code Review

32 Types of Code Review

Over the shoulder


do you have a moment?

great! grab a chair

This is what usually

happens anyways


doesn‟t matter what you call it

Over the shoulder

People usually self organize

Create Events?!


Over the projector reviews

Over the shoulder

Pair Programming


Code Review with 100% more

real time than similar products

Instant feedback cycle


Every step of the way

Pair Programming

Automated Code Review


computers can be so cruel

a.k.a. static code analysis


phpmd, pDepend, phpcs,

phpunit, phpcpd, phpdcd phploc, phpcb, pfff

phantm, ppw I bet you couldn‟t read that during the presentation

phpqatools.org

talk to people here!


„nuff said

Before we talk about tools

41 Tools for Code Review

Amount of code to review?

42 Type of Code Review

Cycle based


Every Iteration maybe?

Get everyone to together


Cycle based

It might take a while


Cycle based

but you get the big picture


Cycle based

I think I‟m done with this


What do you think?

Feature based

Feature based


Whenever something of value

is done for the first time

Amout depends on

feature / task sizes


Feature based

Avg. 4 hours per feature?


Feature based

Around two reviews per day

Can be a short cylce


Feature based

With big features / tasks you

might run into troube


Feature based

That‟s 3 weeks old!

I‟m not even sure I wrote it

Gives devs. a changes to

get everything proper


Feature based

Nice to make sure it really

meets the businesses case


Feature based

Commit based


Review every single checkin


Commit based

just merges to master?


Commit based

„master‟ == „trunk‟

and those are feature based

reviews I‟d say

Fast feedback


Commit based

High traffic


Commit based

Commit messages matter


Commit based

Commit messages matter

A LOT!


Commit based

Tell people why a

change was made


Commit based

If I want to know what it does

I‟ll read the code

Make small commits


Commit based

As you should anyways

Small as in under 100 LOC


Commit based

What? You have classes

bigger than that?

Small as in change 3-4

places at most


Commit based

You shouldn‟t need to touch

everything. It‟s improper

But that just would be

nice, it works anyways


Commit based

Just don‟t review

reformattings


Commit based

We‟ll get back to that


Commit based

So let‟s talk Tools


Review Board


Open Source (MIT!)

Eclipse Plugin

Post Commit Review

Discussions and so on

Review Board


Image used under fair use: http://www.reviewboard.org/screenshots/

Gerrit


Open Source

Requires git as scm

Powerfull


Gerrit

Screenshots created from: https://review.source.android.com/

Fisheye / Crucible


Commercial

By Atlassian (JIRA)

… if you use JIRA take a look

SmartBear

CodeCollaborator


Commercial

Review Board meets Enterprise

Eclipse & Visual Studio Plugins


CodeCollaborator

Image under fair use from: http://smartbear.com/images/products/codecollaborator/ccollab-feature-sidebyside.png

email pass around


You had me at HELO

scm sends out a mail for

every commit


or push or feature or whatever

Is anyone here familiar

with “mailing lists”


email pass around

Does your mail client have a

“threaded view” button?


All right, all we need

email pass around

Point being:

Everyone has mail


email pass around

No additional tools


email pass around

That‟s also why IDE Plugins rock

No interface learning


email pass around

Your process!

Not the one of the tool


email pass around

But if a tool enforces a process

it might not be a good tool

Very fast cylce times


email pass around

20 sec to 2 minutes per commit

Enough with the tools

already! Let‟s go!


The first rule

of Code Review is

89 How to review code


The first rule of code review



Well.. not really

but it helps a lot!v



Get everyone involved!



No code is scared



Everyone gives feedback

start with your juniors so they

learn and don‟t just agree



Remember:

It‟s about the code

Not who wrote it


What to look for?


What to look for?

Image used under CC-BY-ND http://creativecommons.org/licenses/by-nd/2.0/en/

Creator: Oliver Widder http://geekandpoke.typepad.com/geekandpoke/2010/11/how-to-make-a-good-code-review.html


It depends on the type

of code review

But let‟s get though my

suggestions and we‟ll see

What to look for?


Does it implement the

business case?

Issue Tracking/Stories help a lot

What to look for?


Intent and purpose over

actual words on paper

or hard disk…

What to look for?


Does it fit into the

applications architecture?

My code always uses

SpecialDbConnect7

because I wrote that class!

What to look for?


Overlooked edge cases?

$date = new DateTime can

throw an exception?!

I <2 off by one errors

What to look for?


Is it tested?

Is is maintainable?

My class does everything we‟ll

ever need, no need to worry

about OO right?

What to look for?


Does it conform to

coding rules?

What to look for?


Does it conform to

coding rules?

What to look for?

You seem to be doing a

machines job. Do you want

some help?


Let tools do what tools

can do.

What to look for?

They are better at some things

and nobody gets mad at

someone when they nag you

a lot. Just make good rules


The things your rules can‟t

catch.. you‟ll notice

What to look for?

Promise


Is it going to confuse your

users in unintended ways?

What to look for?

Confusing them in intended

ways is called major release

Cookie lifetime now 5 minutes?

Reddit says is more secure!!1


Is there a simpler way?

What to look for?

"When debugging, novices

insert corrective code; experts

remove defective code"

Richard Pattis


performance impacts?

What to look for?

SQL is hard, at times

Look out for everything that

leaves PHP (io)


Duplicate functionality?

What to look for?

The bigger your projects the

more ways of achieving the

same result?


And for the closer:

What to look for?


Is it easy to understand

What to look for?

$important = getTRWTF(„daily‟);


Does it take you longer

than a minute to grasp?

Easy to understand?

Is it the code or the commit

message that doesn‟t help?

115 Questions so far?

All right

Story time

116 STOP! STORYTIME!

Soo… code review

at our company

117 Code Review in our Comp

Do you remember 2006?


Let me help you out

2006, meet Froscon <?php

if ($handle = opendir('.')) {

while (false !== ($file = readdir($handle))) {

if ($file != "." && $file != "..") {

$files[] = $file;

}

}

// closedir($handle); php closes on request end

}

if(!isset($files)) {

die();

}

?>


How it started back then


I was a working student

How it started


One day we installed

„WebSvn‟

How it started

Subversion repository browser


And that came with a

simple RSS Feed

How it started


I started asking

a lot of questions

How it started

And nobody stopped me


And even more questions

How it started

At some point I started sending

out one mail per dev per week

with comments and questions

about the code they commited


At some day it „suddenly‟

was a part of my job

How it started

I don‟t think I ever heard the

term „Code Review‟ before

that point. I was just asking ;)


So there I was

looking at feeds a lot

How it started


In the next Year our

company grew. A lot!


I had Scalability Issues

Growing

class __edorian {

[…] // Those darn Singletons

private function __clone() {}

}


So something needed to

be done

Growing


We already had

collective code ownership

Growing


At least nobody thought

it was „his‟ code

Growing


We also didn‟t want to

stop with Code Review

Growing


So everybody agreed to

do peer-reviews

Growing

We already talked a lot before

but now we added per

commit reviews


I‟ve tried many tools

Growing


Nothing worked out well

Growing

I also didn‟t have a vision what

exactly I was looking for.

That didn‟t help


Everything felt complicated

and time intensive

Growing


I was spending WAY to

much time on reviews

Growing


So we needed a solution

Growing


That was 9 month ago

Getting it solved


Enter Qafoo

Getting it solved


It took two days!

Getting it solved


We discussed all possible

solutions with the team

and agreed that email

pass-around would work

Getting it solved


Getting it solved

We implemented a svn-post-commit-hook using

the “php-commit-hooks” from @korend svn://kore-nordmann.de/php-commit-hooks

Also check out vcs_wrapper, a part of Arbit

http://kore-nordmann.de/blog/vcs_wrapper_development.html

We needed to extending one class to hack in

your mail solution and since then I haven‟t

touched that code, it just worked

Well ok, we adjusted the “commiter <-> reviewer”

mapping array many times and created special

review circels for some projects


Then we created a workflow

for our environment

Getting it solved


Oh, environment

Getting it solved


Exchange and Outlook

Getting it solved


- Distribution list in exchange

- commit hook mails there

- Mails get marked as “you should review

that” in the subject line using filter “ |fo|ba|etc| Repo Rev Commit”

- Outlook marks those mails as important.( ! ) - Dev respons with status code (#ok,

#note, #error) and an explanation

- that‟s really really fast btw.

- read, CTRL+L, type #ok, CTRL+ENTER, done

- Continue mailing until the issue is resolved

Workflow


It looks like this


One review cylce


Getting feedback


The commit


What we don‟t do


We don‟t review…

What we don’t do

“Cleanup commits” - We trust our tools

“Buisiness case” - Takes to long. Trust devs

“Maintainability” - For the older stuff

“Performance Impact” - If it isn‟t obvious

With those changes it works out quite nicely

154 Your turn Froscon

So far that‟s our Story

Now I‟d like to hear yours

155 Questions?

Just a moment:

Any open questions?

156 Tell me!

Do you already do code reviews?

Share your exerience!

What tools, what types, what works?

Problems you ran into?

157 Thanks a lot!

Thank you for your time!

code review in practice

Technology