Code Review Tool Evaluation
4 likes2,870 views
The document discusses various code review types, including formal inspections, over-the-shoulder reviews, e-mail pass-around reviews, pair-programming, and tool-assisted reviews, highlighting their effectiveness and drawbacks. It notes that traditional software testing alone is less effective compared to inspections, and emphasizes the importance of early bug detection for cost efficiency and team cohesion. Additionally, the document mentions recommended tools such as Crucible by Atlassian for managing code reviews.
Code Review Tool Evaluation
- 2. “.. software testing alone has limited effectiveness -- the average defect detection rate is only 25 percent for unit testing, 35 percent for function testing, and 45 percent for integration testing. In contrast, the average effectiveness of design and code inspections are 55 and 60 percent. “ Code Complete Steve McConnell
- 3. Benefits Finding bugs early – cheap to fix Coding standards compliance Consistent coding style across the company Teaching and sharing knowledge Consistent design and implementation Higher software security Team cohesion
- 4. Types of Code Review Formal inspections Over-the-shoulder reviews E-mail pass-around reviews Tool-Assisted reviews Pair-Programming 4 http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code-review-types.pdf
- 5. Code Review Types: Formal inspections • Formal inspections • “formal” review refers to a heavy-process review with three to six participants meeting together in one room with print-outs and/or a projector. 5 Planning • Verify materials meet entry criteria. • Schedule introductory meeting Introductory Meeting • Code is presented by author Inspection Meeting • Code is reviewed • Defect logged Rework • Author fixes defects Verification Meeting • Verify defect fixed Complete
- 6. Code Review Types: Formal inspections Pros • a lot of defects can be identified Cons • Needs preparation • Time consuming • No time to dig in and be thorough • Difficult to get the right people
- 7. Code Review Types: Over-the- shoulder reviews • Over-the-shoulder reviews • a developer standing over the author’s workstation while the author walks the reviewer through a set of code changes. • With modern desktop-sharing software a so-called “over-the- shoulder” review can be made to work over long distances 7 Preparation • Developer finds available reviewer in person or through shared- desktop meeting. Inspection Meeting • Developer walks reviewer through the code. • Reviewer interrupts with questions. • Developer writes down defects Rework • Developer fixes defects Complete • When developer deems himself finished, he checks code into version control
- 8. Code Review Types: Over-the- shoulder reviews Pros • simplicity in execution Cons • you need schedule these sharing meetings • this is not an enforceable process – there’s nothing that lets a manager know whether all code changes are being reviewed • there are no metrics, reports, or tools that measure anything at all about the process • it’s easy for the author to unintentionally miss a change • Defects fixes are not verified • The author is controlling the pace of the review, defects can be missed 8
- 9. Code Review Types: E-mail pass- around reviews 1. whole files or changes are packaged up by the author and sent to reviewers via e-mail 2. The version control system can also assist by sending the e- mails out automatically 9 Code Check- In • Developer checks code into SCM. • SCM server sends emails to reviewers based on authors (group leads) and files (file owners) Inspections • Recipients examine code diffs on their own recognizance. • Debate until resolved or ignored Rework • Developer responds to defects by making changes and checking the code in. • Nothing special to do because code is already checked into version control. Complete • Nothing special to do because code is already checked into version control • Don’t really know when in this phase because there’s no physical “review” that can complete.
- 10. Code Review Types: E-mail pass- around reviews Pros • easy to implement • Good for cross-location teams • the ease in which other people can be brought into the review • they don’t knock reviewers out of “the zone” Cons • finding and collecting the files under review • the author has to figure out how to gather the files together • reviewers have to extract those files from the e-mail and generate differences between each • it can rapidly become difficult to track the various threads of conversation and code changes • Review takes more time • Lack of process: it’s not clear whether anybody is reviewing the code 10
- 11. Code Review Types: Pair- Programming • a development process that incorporates continuous code review. 11 Pros • this gives the reviewer lots of inspection time and a deep insight into the problem at hand, so perhaps this means the review is more effective Cons • this closeness is exactly what you don’t want in a reviewer; just as no author can see all typos in his own writing, a reviewer too close to the code cannot step back and critique it from a fresh and unbiased position • it takes too much time
- 12. Code Review Types: Tool-Assisted reviews • Automated File Gathering • Combined Display: Differences, Comments, Defects • Automated Metrics Collection • Review Enforcement • Clients and Integrations (integration with IDE, vision control, admin web clients) 12 Pros • Easy to organize • Transparent process • Configurable workflows • No meetings to be set u: reviewers can review the code at any time • Works for cross-location teams Cons • Usually these tools are not free
- 13. ToolsCriteria Crucible by Atlassian Gerrit Collaborator by SmartBear Review Board Configurable Workflow pre- and post- commit Pre-commit Pre-commit Post-commit Pre-commit Post-commit Integration with Jira + (ootb) JIRA provides plugin - - IDE plugins IDE Connector (ootb, free) for Eclipse and IntelliJ Eclipse plugin, IntelliJ Eclipse plugin - supports GIT / Stash git/stash (ootb) git git git supports Java, CSS, Javascript, XML, property files + + + + Email notifications + + + + Reporting + - + - Hosting In house / cloud In house In house In house License cost Apache v2 Proprietary Proprietary MIT 13
- 15. Crucible & Fisheye Flexible code reviews pre-commit or post- commit code reviews Workflow-based reviews One-click reviews from changesets or issues Threaded comments inline discussions Turn any review into a threaded discussion JIRA integration and more View source code associated with code reviews. View and create code reviews from JIRA. Turn Crucible code review comments into actionable JIRA issues Distributed teams Instant feedback on review activity via email and RSS Audit trail of all review activity Activity streams including source code and code reviews 15
- 16. Customer List
- 17. Review Process Create Review • Author creates review (can be pre-commit or post-commit) • Author invites reviewers Inspections • Reviewers comment on the code Rework • Author responds to the comments • Update the implementation is required Verification • Reviewers verify changes and complete their reviews Complete • Author summarizes and closes the review
- 18. Crucible Price (server host) https://www.atlassian.com/software/crucible/pricing
- 19. Next Steps Assign Moderators Create checklist for authors and reviewers Define standards Define workflow Installation and Configuration Purchase License
- 20. Thank you!
- 21. Resources • Five Types of Review http://www.ccs.neu.edu/home/lieber/courses/cs4500/f07/lectures/code- review-types.pdf • Cricible https://www.atlassian.com/software/crucible/overview • Collaborator - http://smartbear.com/product/collaborator/overview/ • Wikipedia: https://en.wikipedia.org/wiki/List_of_tools_for_code_review