Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The reviewer checklist

238 views

Published on

The reviewer checklist - or better said how to be a better code reviewer with a methodical approach. In this talk we explore what a code reviewer should flag out and what should not, from finding bad code smell, design problem to spot performance or security issue and poor test coverage. The talks includes snippets of code to demonstrate solutions, challenges I’ve encountered while reviewing code in several big projects and, of course, what has become my checklist.

Published in: Software
  • Be the first to comment

  • Be the first to like this

The reviewer checklist

  1. 1. Nicola Pietroluongo @niklongstone THE REVIEWER CHECKLIST How to be a better reviewer
  2. 2. Nicola Pietroluongo @niklongstone “ I’m really good at stuff until people watch me do that stuff. -Nerd Anatomy
  3. 3. Nicola Pietroluongo @niklongstone Nicola Pietroluongo @niklongstone ▪ Lead developer/Solution architect ▪ Tech article writer ▪ Open Source contributor ▪ Author of “Learning PHP7” by Packt Publishing ▪ +10y of PHP programming ▪ Amazon Alexa skill challenge award winner
  4. 4. Nicola Pietroluongo @niklongstone Main areas What we are going to cover ▪ Introduction to code review ▪ The checklist ▪ Tools and conclusions
  5. 5. Nicola Pietroluongo @niklongstone 1. What code review is Introduction to code review, things to do before
  6. 6. Nicola Pietroluongo @niklongstone “ Code review is systematic examination of computer source code. It is intended to find mistakes overlooked in the initial development phase, improving the overall quality of team and software. -Wikipedia
  7. 7. Nicola Pietroluongo @niklongstone TYPES OF CODE REVIEW
  8. 8. Nicola Pietroluongo @niklongstone Formal Inspection / Fagan Inspection Meeting http://www.mfagan.com/pdfs/software_pioneers.pdf https://www.cs.umd.edu/class/spring2005/cmsc838p/VandV/fagan.pdf OverviewPlanning Preparation Rework
  9. 9. Nicola Pietroluongo @niklongstone Over-the- shoulder
  10. 10. Nicola Pietroluongo @niklongstone Pull request
  11. 11. Nicola Pietroluongo @niklongstone Pair programming
  12. 12. Nicola Pietroluongo @niklongstone FeedbackSpot the error Fix TIME Key points
  13. 13. Nicola Pietroluongo @niklongstone Pair Programming TIME Feedback Spot the error Fix
  14. 14. Nicola Pietroluongo @niklongstone GENERAL RULES
  15. 15. Nicola Pietroluongo @niklongstone Share Findings
  16. 16. Nicola Pietroluongo @niklongstone “ Time is money -Your boss when you’re late
  17. 17. Nicola Pietroluongo @niklongstone Manage your time Provide quick feedback ▪ Inspection rate 250 lines/hours ▪ Review 200-400 lines per review session ▪ Quick Feedback
  18. 18. Nicola Pietroluongo @niklongstone Capture metrics Define goals ▪ Lines Of Code ▪ Function Point ▪ Defect Density ▪ Risk Density ▪ Code Coverage ▪ Defect Detection Rate ▪ Defect Correction Rate ▪ Cyclomatic Complexity
  19. 19. Nicola Pietroluongo @niklongstone Cyclomatic Complexity Thomas J. McCabe, Sr. 1976 ▪ E: Edges ▪ N: Nodes ▪ P: Number of exit points (CC) = E - N + 2P http://www.literateprogramming.com/mccabe.pdf http://www.mccabe.com/pdf/More Complex Equals Less Secure-McCabe.pdf A B C D E
  20. 20. Nicola Pietroluongo @niklongstone Cyclomatic Complexity A>B B==1 END IF END IF A=BB=0 7 Edges 6 Nodes CC = 7- 6 + 2 = 3 T TF F
  21. 21. Nicola Pietroluongo @niklongstone It’s a Bug Hunt NOT a Blame Game
  22. 22. Nicola Pietroluongo @niklongstone WHEN QUICKLY DECLINE
  23. 23. Nicola Pietroluongo @niklongstone When the pull request is out of scope you should _______ When quickly decline?
  24. 24. Nicola Pietroluongo @niklongstone When the pull request is out of scope you should DECLINE When quickly decline?
  25. 25. Nicola Pietroluongo @niklongstone When the code has no test coverage you should _______ When quickly decline?
  26. 26. Nicola Pietroluongo @niklongstone When the code has no test coverage you should DECLINE When quickly decline?
  27. 27. Nicola Pietroluongo @niklongstone When you don’t like the solution provided you should _______ When quickly decline?
  28. 28. Nicola Pietroluongo @niklongstone When you don’t like the solution provided… you should _______ When quickly decline?
  29. 29. Nicola Pietroluongo @niklongstone Production Border Force
  30. 30. Nicola Pietroluongo @niklongstone 2. The checklist Reviewer’s responsibilities
  31. 31. Nicola Pietroluongo @niklongstone The checklist What we will cover ▪ Best Practices ▪ Foundation ▪ Architecture ▪ Key Areas (Security, Logging, Performances)
  32. 32. Nicola Pietroluongo @niklongstone BEST PRACTICES
  33. 33. Nicola Pietroluongo @niklongstone “ Fat model, skinny controller -Weight Watchers
  34. 34. Nicola Pietroluongo @niklongstone Services config # Sf 2.8 app/config/services.yml services: # keep your service names short app.slugger: class: AppBundleUtilsSlugger # Sf 3.3 app/config/services.yml services: # use the fully-qualified class name as the service id AppBundleUtilsSlugger: public: false
  35. 35. Nicola Pietroluongo @niklongstone Adopt what’s make your team’s life easier. Best practices
  36. 36. Nicola Pietroluongo @niklongstone Controller as a Service class EventController { //... public function __construct( TemplatingEngine $templating Router $router, LoggerInterface $logger, EventRepository $eventRepository ) //... public function indexAction($id) { //...
  37. 37. Nicola Pietroluongo @niklongstone FOUNDATION
  38. 38. Nicola Pietroluongo @niklongstone Parameters/ Return Types /** * Get options. * * @param string $name * @param mixed $value * * @return mixed $option */ public function getOption($name, $value) { //...
  39. 39. Nicola Pietroluongo @niklongstone Dependency Constraint
  40. 40. Nicola Pietroluongo @niklongstone Alternatives/ Deprecations
  41. 41. Nicola Pietroluongo @niklongstone TEST
  42. 42. Nicola Pietroluongo @niklongstone ARCHITECTURE
  43. 43. Nicola Pietroluongo @niklongstone “ Never assume anything -Law enforcement
  44. 44. Nicola Pietroluongo @niklongstone “ To bundle or not to bundle, that is the question -Sf Hamlet
  45. 45. Nicola Pietroluongo @niklongstone Folder structure
  46. 46. Nicola Pietroluongo @niklongstone KEY AREAS
  47. 47. Nicola Pietroluongo @niklongstone Security CSRF token # app/config/security.yml security: # ... firewalls: secured_area: # ... form_login: # ... csrf_token_generator: security.csrf.token_manager # twig template {# ... #} <form action="{{ path('login') }}" method="post"> {# ... the login fields #} <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}" > <button type="submit">login</button> </form>
  48. 48. Nicola Pietroluongo @niklongstone OWASP - Code Review Guide https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
  49. 49. Nicola Pietroluongo @niklongstone Syslog Message Severities RFC 5424 Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages
  50. 50. Nicola Pietroluongo @niklongstone Syslog Message Severities RFC 5424 Numerical Code Severity 0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages
  51. 51. Nicola Pietroluongo @niklongstone “ I want it all, I want it now -Queen
  52. 52. Nicola Pietroluongo @niklongstone Website Performance source : Akamai.com
  53. 53. Nicola Pietroluongo @niklongstone Loops A) for ($i = 0; $i < count($array); $i++) { B) $total = count($array); for ($i = 0; $i < $total; $i++) {
  54. 54. Nicola Pietroluongo @niklongstone 3. Tools Tools and automation
  55. 55. Nicola Pietroluongo @niklongstone Blackfire
  56. 56. Nicola Pietroluongo @niklongstone SensioLabs Insight
  57. 57. Nicola Pietroluongo @niklongstone PHP CSF
  58. 58. Nicola Pietroluongo @niklongstone Exakat
  59. 59. Nicola Pietroluongo @niklongstone PhpMetrics
  60. 60. Nicola Pietroluongo @niklongstone PHP MD
  61. 61. Nicola Pietroluongo @niklongstone PHPMD $ ./phpmd.phar filesOrDir reportFormat rules $ ./phpmd.phar fileA.php,fileB.php text cleancode,codesize
  62. 62. Nicola Pietroluongo @niklongstone Git diff $ git diff --name-only --diff-filter=d master src/CinemaBundle/Controller/CinemaController.php src/CinemaBundle/Entity/Screening.php src/CinemaBundle/Entity/ScreeningVenue.php src/CinemaBundle/Entity/Showing.php
  63. 63. Nicola Pietroluongo @niklongstone Sed $ sed ':a; $!N; s/n/,/; ta' :a creates a pattern $!N appends lines to the pattern if not last line s/n/,/ replaces new line with comma ta repeat the a
  64. 64. Nicola Pietroluongo @niklongstone Pull it together *All in one line ./phpmd.phar $(git diff --name-only --diff-filter=d master | sed ':a; $!N; s/n/,/; ta') text cleancode,codesize
  65. 65. Nicola Pietroluongo @niklongstone “ Automate, automate, automate. Allright, allright, all right. -Matthew McSymfony
  66. 66. Nicola Pietroluongo @niklongstone LIGHT TOUCH REVIEW
  67. 67. Nicola Pietroluongo @niklongstone Light touch review Inspect what’s critical ▪Automation ▪High code coverage ▪Small and contained release ▪Good knowledge of the project, business and practices
  68. 68. Nicola Pietroluongo @niklongstone Thanks!!NicolaPietroluongo.com @niklongstone https://github.com/niklongstone https://joind.in/talk/20dcd

×