how to get the most out of code reviews

HOW TO STOP WASTING YOUR TIME AND START PERFORMING USEFUL CODE

REVIEWSMaria Khalusova, JetBrains

@mariakhalusova

CODE REVIEW

https://twitter.com/pcweenies/status/649954658794913792

CONTENTS

• Smooth start

• Making code reviews useful

• What to look for in a code review

• Human factor

WHERE TO START

THE TEAM

• Communicate clearly.

• Listen to concerns.

• Cultivate code review culture.

PROCESS• Decide on the process

• Keep workflow simple

• Iterations are good

• Average of 2 reviewers

• Do reviews often

NEW TOOL• Yes, you need a code review tool

• Find the right tool for you:

Fits in your environment

Supports chosen workflow

Meets your particular needs

Keeps you in the loop without spamming

SUMMARY

• Have an open dialog with the team

• Have a good plan

• Find a tool

MAKING CODE REVIEWS USEFUL

AUTOMATE WHAT CAN BE AUTOMATED

• Tests

• Continuous Integration

• Static code analysis

• Spellchecker

• etc.

Code review is not a place for coding style wars

AS A CODE AUTHOR

• Review your own code

• Commit small changes

• Document your code

• Write meaningful commit message

AS A REVIEWER

• Don’t delay the review

• Don’t spend too much time

• Apply your expertise

KNOW WHAT TO LOOK FOR

GENERAL AND BUSINESS LOGIC

• Correctness

• Coding errors

• Business logic and rules

• User-facing messages

ARCHITECTURE AND DESIGN

• Is the code in the right place?

• Complexity

• Reusability

• Data structures

READABILITY & MAINTAINABILITY

• Naming

• Readability

• Test coverage

• Documentation

Always code as if the person who ends up maintaining your code is a violent psychopath who knows where you live.- John F. Woods (1991), Martin Golding (1994)

PERFORMANCE

• Performance requirements

• Performance tests

• Unnecessary network calls

• Potential memory leaks

SECURITY• Review potential problems

• Third party libraries

• Authentication

• Data encryption

• Proper management of passwords, encryption keys, etc.

• …

SECURITY: USEFUL READ

• Common weakness enumeration: CWE.mitre.org

• OWASP.org

Code Review Guide Book v. 2.0 ALPHA

HUMAN FACTOR

https://twitter.com/msdevUK/status/644136657311113216

https://twitter.com/ankitsadana1/status/651473349319766016

LEARN TO GIVE FEEDBACK• Don’t be rude

• Don’t dictate, ask questions, engage in a discussion

• It’s ok to disagree and argue

• Do not teach

• Be sensitive to cultural differences

LEARN TO RECEIVE FEEDBACK

• Contain your immediate reaction

• Consider suggestions

• Ask followup questions

IT DOESN’T HAVE TO BE ALL CRITICISM

PRAISE GOOD WORK

THANK YOU!QUESTIONS?

maria.khalusova@jetbrains.com@mariakhalusova