120 likes | 409 Views
Peer Code Review and Static Code Analysis Tools. Cole Cecil. Peer Code Review. Why do a peer code review?. Find defects earlier Find different kinds of defects Share knowledge among peers Maintainability of code is improved Encourages developers to do better work.
E N D
Why do a peer code review? • Find defects earlier • Find different kinds of defects • Share knowledge among peers • Maintainability of code is improved • Encourages developers to do better work
Types of peer code reviews • Formal inspection • Over-the-shoulder review • Pair programming • Email pass-around • Tool-assisted review
Peer review best practices • Don’t go too fast • Less than 300 – 400 lines of code per hour • Don’t review too much code at once • No longer than 90 minutes • No more than 400 lines of code • Annotate before the review • Track goals and metrics • Use checklists • Not too long • Focus on trouble areas and easily forgotten things
Peer review best practices (continued) • Review code before checking it in • Keeps defects from becoming part of the product, but can slow development • Designate one or more experienced people as primary reviewers • At least one primary reviewer should be involved reviewing each piece of code • Verify that all review comments are resolved • Keep a good attitude about defects • View them as improvements to the application • View them as opportunities to learn • If you can’t review everything, still review some things • Keeps developers learning • Encourages developers to write better code
Tools for peer code review • Commerical Tools • Crucible • CodeCollaborator • Free Tools • Review Board • Rietveld • Gerrit • Codestriker
What are static code analysis tools? • Tools that analyze code without running it • Can find be used to find bugs such as: • Security issues • Performance issues • Memory issues • Potential errors • Not adhering to coding standards • Can often be integrated with an IDE • A good way to reduce the number of bugs before doing peer code review
Limitations of static code analysis tools • False positives • False negatives • Can’t detect some types of issues
Examples of static code analysis tools • A few Java tools • CheckStyle • FindBugs • PMD • Many, many more • http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
References • 11 Best Practices for Peer Code Review. Retrieved from http://support.smartbear.com/resources/cc/11_Best_Practices_for_Peer_Code_Review.pdf • Bilias, S. Peer Code Reviews At Loose Cannon. Retrieved from http://scottbilas.com/blog/peer-code-reviews-at-loose-cannon • Five Types of Review. Retrieved from http://support.smartbear.com/resources/cc/book/code-review-types.pdf • Gomez, I., Morgado, P., Gomez, T., & Moreira, R. An Overview on the Static Code Analysis Approach in Software Development. Retrieved from http://paginas.fe.up.pt/~ei05021/TQSO%20-%20An%20overview%20on%20the%20Static%20Code%20Analysis%20approach%20in%20Software%20Development.pdf • Peer Code Review: An Agile Process. Retrieved from http://support.smartbear.com/resources/cc/Peer-Code-Review_An-Agile-Process.pdf • Rubinstein, D. Making the case for code review. Retrieved from http://www.sdtimes.com/link/34294