SlideShare a Scribd company logo

Professional Code Reviews - Bogdan Gusiev

Ruby Meditation, profile picture
Ruby Meditation

1. The document discusses the code review process and provides guidance on how to effectively conduct code reviews. It suggests reviewing code from a top-down perspective, starting with high-level architecture and design before examining lower-level implementation details. 2. Key aspects that should be reviewed include problem solution, public APIs, database schema, object-oriented design, method signatures, classes and methods, views, test coverage, and code style. Areas like performance, security, and vulnerabilities should also be evaluated. 3. An effective code review process establishes a review culture that is polite, acknowledges good work, and saves reviewers' and authors' time.

Software
1 of 47
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
CODE REVIEW PROCESSCODE REVIEW PROCESS BOGDAN GUSIEVBOGDAN GUSIEV
CODE REVIEW TENDS TO BE NATURALCODE REVIEW TENDS TO BE NATURAL
CODE REVIEW YOURSELFCODE REVIEW YOURSELF
ASKING FOR HELPASKING FOR HELP
SPONDANUOUS CODE REVIEW PROBLEM:SPONDANUOUS CODE REVIEW PROBLEM: TOO LATETOO LATE
EVERYTHING HAD CHANGED BYEVERYTHING HAD CHANGED BY GITHUBGITHUB
DO I NEED A CODE REVIEW?DO I NEED A CODE REVIEW? IMHO: NEW PROJECTSIMHO: NEW PROJECTS DON'T NEED A FORMAL CODE REVIEW AT ALLDON'T NEED A FORMAL CODE REVIEW AT ALL
CODE REVIEW EVOLUTIONCODE REVIEW EVOLUTION 1. Spontanuous Code Reviews 2. "When I am not sure" code reviews 3. Formal Code Review Process 4. Required code review for certain changes 5. Required code reviews for everything Fails Driven Process
CODE REVIEW PROPERTIESCODE REVIEW PROPERTIES NECESSITYNECESSITY Optional Required PROCESSPROCESS Informal Formal PEOPLEPEOPLE Dedicated Distributed
POSITION IN A PROCESSPOSITION IN A PROCESS 1. Planning 2. Coding 3. Code Review 4. QA 5. Release QA <-> Code Review Formally QA a er Code Review
1. Make a fork (optional) 2. Create a Branch 3. Open a Pull Request 4. Wait for review 5. Discuss & Fix 6. Merge
CODE REVIEW ISCODE REVIEW IS A PROCESS OFA PROCESS OF REVIEWING AND APPROVINGREVIEWING AND APPROVING CODE CHANGESCODE CHANGES BEFOREBEFORE THEY GET ACCEPTED TO THE MAINSTREAMTHEY GET ACCEPTED TO THE MAINSTREAM
HOW TO REVIEW?HOW TO REVIEW?
FIX COMMON THINGS FIRST?FIX COMMON THINGS FIRST? Typos Whitespace Code Style Wrong Direction!
WHERE TO LOOK?WHERE TO LOOK? Things that are most significant should be reviewed first which are ones that are the most hard to change.
TOP TO BOTTOM CODE REVIEWTOP TO BOTTOM CODE REVIEW 1. Architecture 1. Problem Solution 2. Public APIs 3. Database Schema 4. Object Oriented Design 5. Public Method Signatures 2. Implementation 1. Classes & Methods 2. Views 3. Tests 4. Code Style, Typos, Whitespace
PROBLEM SOLUTIONPROBLEM SOLUTION 1. Problem makes sense 2. Problem Solved 3. High Level Security 4. High Level Performance
ONLY SHOW CUSTOM PROPERTIES WITH AT LEAST ONE VALUE IN SELECTONLY SHOW CUSTOM PROPERTIES WITH AT LEAST ONE VALUE IN SELECT def selectable_product_categories + ProductCategory.with_at_least_one_product - ProductCategory.all end ProductCategory. where("not exists(select * from products where ...)"). count # => 0
HIGH LEVEL SECURITYHIGH LEVEL SECURITY EX. FEATURE:EX. FEATURE: LOGIN USER AUTOMATICALLY WHEN IT CLICKS ON THE LINK IN THE EMAILLOGIN USER AUTOMATICALLY WHEN IT CLICKS ON THE LINK IN THE EMAIL THIS IS NOT VERY SECURETHIS IS NOT VERY SECURE
HIGH LEVEL PERFORMANCEHIGH LEVEL PERFORMANCE CHECK IF THE CHANGECHECK IF THE CHANGE Touches Performance sensitive code Will be slow for particular data No pagination when there are 1000+ records to display
PUBLIC APISPUBLIC APIS USING HTTP API AS EXAMPLEUSING HTTP API AS EXAMPLE 1. Efficiency 2. Logical Endpoints 3. Request Parameters 4. Response Format WHATEVER THAT IS DOCUMENTEDWHATEVER THAT IS DOCUMENTED
API INEFFICIENCY EXAMPLEAPI INEFFICIENCY EXAMPLE EFFICIENT WAY?EFFICIENT WAY? Purchase.has_one :referral GET /purchases/:order_number { id: 1, order_number: '1838382', referral_id: 17 } POST /referrals/:id/approve POST /purchases/:order_number/referral/approve
RESPONSE FORMATRESPONSE FORMAT # Easier render json: @campaign.view_setups.to_json # Extensible render json: {view_setups: @campaign.view_setups.to_json}
BAD API EXAMPLEBAD API EXAMPLE Talkable.publish('talkable_offer_close', null, true); Talkable.publish('offer_close', null, true);
ANALYZE USAGE FIRSTANALYZE USAGE FIRST BUT NOT IMPLEMENTATIONBUT NOT IMPLEMENTATION setCustomProperty: function (person, properties) { ... } setCustomProperty('advocate', {key: value}) setCustomProperty('friend', {key: value}) setAdvocateCustomProperty: function(properties) { private_stuff.setCustomProperty("advocate", properties); }, setFriendCustomProperty: function(properties) { private_stuff.setCustomProperty("friend", properties); },
DATABASE SCHEMADATABASE SCHEMA 1. Relations between tables 2. Data Columns 3. Naming
EFFICIENT RELATIONSEFFICIENT RELATIONS 1. What are the variants? 2. Was the best one selected?
EFFICIENT SCHEMAEFFICIENT SCHEMA add_column :images, :dimension, :string class Image < AR::Base def width dimension.split("x").first end def height dimension.split("x").last end end add_column :images, :width, :integer add_column :images, :height, :integer
DATA SHOULD BEDATA SHOULD BE EASY TO READEASY TO READ EVEN IF IT MAKES ITEVEN IF IT MAKES IT HARDER TO WRITEHARDER TO WRITE
OBJECT ORIENTED DESIGNOBJECT ORIENTED DESIGN 1. Reflects Real World 2. Inheritance 3. Constructors
REVIEWING CONSTRUCTORSREVIEWING CONSTRUCTORS CIRCULAR DEPENDENCYCIRCULAR DEPENDENCY class Field def initialize @cells = Array.new(10) do Array.new(10) { Cell.new(self) } end end end class Cell def initialize(field) @field = field end end
OBJECT CONSTRUCTORS ARE IMPORTANT:OBJECT CONSTRUCTORS ARE IMPORTANT: Which things are required to use an object? What are the object responsibilities? Theoretical limit Which methods can be implemented in the object? Which things would need to be passed to methods as arguments? Constructor defines object API
REVIEWING CONSTRUCTORSREVIEWING CONSTRUCTORS UNDEFINED CONTEXTUNDEFINED CONTEXT class ApplicationController before_action do WhateverRequestAnalyzer.new(request).analyze end end CrawlerRequestAnalyzer.new( request.user_agent, request.url, request.content_type ).analyze
PUBLIC METHOD SIGNATURESPUBLIC METHOD SIGNATURES 1. Placement 2. Arguments 3. Name
METHOD PLACEMENTMETHOD PLACEMENT class User def approve!(referral) end # OR class Referral def approve!(user) end
METHOD ARGUMENTSMETHOD ARGUMENTS this.extractUserData(this.data)
IMPLEMENTATIONIMPLEMENTATION
CLASSES & METHOD BODIESCLASSES & METHOD BODIES Each method or class separately Check one by one: 1. Approach & Algorithm 2. Performance 3. Security 4. Minimalism 5. Local Variable Names
PERFORMANCE & VULNERABILITIESPERFORMANCE & VULNERABILITIES In the ideal world performance and vulnerabilities should not change the code structure. In practice it can but we should try hard to fix performance problems only at the implementation level
GOOD PERFORMANCE PATCHGOOD PERFORMANCE PATCH def core_options - { header: name, description: description, group: group } + @core_options ||= { header: name, description: description, grou end - @campaign.locale_entries.each do + @campaign.locale_entries.preload(:variants).each do
GOOD VULNERABILITY PATCHGOOD VULNERABILITY PATCH -{{ advocate_info.first_name }} +{{ advocate_info.first_name | escape }}
SECURITYSECURITY Approach Security (Step 1) Is it secure to have this feature? Is it secure to implement the feature this way? Vulnerabilities XSS Allowed Parameters Backend Authorisation check Authorisation for UI elements
TESTSTESTS 1. Use Cases Coverage 2. Formal Code Coverage 3. Tests Implementation
TOP TO BOTTOM IDEATOP TO BOTTOM IDEA IT IS BAD TO:IT IS BAD TO: Discuss the method name before the method existence as a fact Discuss Code Style before implementation itself
BOSS CONTROL APPROACHBOSS CONTROL APPROACH Ensure top points from the list are always performed Choose X things on top of the list to double-check and delegate the rest completely
CODE REVIEW CULTURECODE REVIEW CULTURE Be Polite Admit good things First things first Reduce number of cycles Save Author's time Save Your time
TOP TO BOTTOM CODE REVIEWTOP TO BOTTOM CODE REVIEW 1. Architecture 1. Problem Solution 2. Public APIs 3. Database Schema 4. Object Oriented Design 5. Public Method Signatures 2. Implementation 1. Classes & Methods 2. Views 3. Test Coverage 4. Code Style, Typos, Whitespace

More Related Content

PPTX
Rock Your Code with Code Contracts
David McCarter
 
PPTX
Back-2-Basics: .NET Coding Standards For The Real World (2011)
David McCarter
 
PDF
Clean code & design patterns
Pascal Larocque
 
PPTX
Building unit tests correctly with visual studio 2013
Dror Helper
 
PPT
TDD And Refactoring
Naresh Jain
 
PPTX
TDD & BDD
Arvind Vyas
 
PPTX
Rock Your Code With Code Contracts -2013
David McCarter
 
PPTX
Tdd & clean code
Eyal Vardi
 
Rock Your Code with Code Contracts
David McCarter
 
Back-2-Basics: .NET Coding Standards For The Real World (2011)
David McCarter
 
Clean code & design patterns
Pascal Larocque
 
Building unit tests correctly with visual studio 2013
Dror Helper
 
TDD And Refactoring
Naresh Jain
 
TDD & BDD
Arvind Vyas
 
Rock Your Code With Code Contracts -2013
David McCarter
 
Tdd & clean code
Eyal Vardi
 

What's hot (20)

PPTX
XPDays Ukraine: Legacy
Victor_Cr
 
PPTX
Working with Legacy Code
Eyal Golan
 
PPTX
Refactoring
Mikalai Alimenkou
 
PDF
Working Effectively with Legacy Code: Lessons in Practice
Amar Shah
 
PPTX
Test-Driven Development (TDD)
Brian Rasmussen
 
PPS
Design Patterns For 70% Of Programmers In The World
Saurabh Moody
 
PPTX
BDD Primer
Attila Bertók
 
PPTX
Working Effectively with Legacy Code
Orbit One - We create coherence
 
PDF
Working With Legacy Code
Andrea Polci
 
PPTX
Refactoring Applications using SOLID Principles
Steven Smith
 
PDF
Write readable tests
Marian Wamsiedel
 
PPTX
Design Patterns: From STUPID to SOLID code
Paulo Gandra de Sousa
 
PDF
Why Your Test Suite Sucks - PHPCon PL 2015
CiaranMcNulty
 
PPTX
Back-2-Basics: Code Contracts
David McCarter
 
PDF
Creational Design Patterns
Jamie (Taka) Wang
 
PPTX
Writing clean code in C# and .NET
Dror Helper
 
PPTX
SAD10 - Refactoring
Michael Heron
 
PDF
A journey to_be_a_software_craftsman
Jaehoon Oh
 
PPT
Spring AOP
AnushaNaidu
 
PPTX
Clean tests good tests
Shopsys Framework
 
XPDays Ukraine: Legacy
Victor_Cr
 
Working with Legacy Code
Eyal Golan
 
Refactoring
Mikalai Alimenkou
 
Working Effectively with Legacy Code: Lessons in Practice
Amar Shah
 
Test-Driven Development (TDD)
Brian Rasmussen
 
Design Patterns For 70% Of Programmers In The World
Saurabh Moody
 
BDD Primer
Attila Bertók
 
Working Effectively with Legacy Code
Orbit One - We create coherence
 
Working With Legacy Code
Andrea Polci
 
Refactoring Applications using SOLID Principles
Steven Smith
 
Write readable tests
Marian Wamsiedel
 
Design Patterns: From STUPID to SOLID code
Paulo Gandra de Sousa
 
Why Your Test Suite Sucks - PHPCon PL 2015
CiaranMcNulty
 
Back-2-Basics: Code Contracts
David McCarter
 
Creational Design Patterns
Jamie (Taka) Wang
 
Writing clean code in C# and .NET
Dror Helper
 
SAD10 - Refactoring
Michael Heron
 
A journey to_be_a_software_craftsman
Jaehoon Oh
 
Spring AOP
AnushaNaidu
 
Clean tests good tests
Shopsys Framework
 
Ad

Similar to Professional Code Reviews - Bogdan Gusiev (20)

PPTX
Code reviews
Roger Xia
 
PDF
Code reviews
Raúl Araya Tauler
 
PPTX
Capability Building for Cyber Defense: Software Walk through and Screening
Maven Logix
 
PPTX
Code reviews
Roger Xia
 
PDF
Voxxed days 2015-hakansaglam-codereview
Hakan Saglam
 
PDF
Testing survival Guide
Thilo Utke
 
PDF
Funtional Ruby - Mikhail Bortnyk
Ruby Meditation
 
PDF
Functional Ruby
Amoniac OÜ
 
PDF
Staying railsy - while scaling complexity or Ruby on Rails in Enterprise Soft...
Coupa Software
 
PDF
How to improve the quality of your application
EUR ING Ioannis Kolaxis MSc
 
PDF
Refactoring
Herez Moise Kattan
 
PPTX
Building a REST API for Longevity
MuleSoft
 
PDF
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
KEY
Intro to Ruby - Twin Cities Code Camp 7
Brian Hogan
 
PDF
[DevDay2018] Let’s all get along. Clean Code please! - By: Christophe K. Ngo,...
DevDay Da Nang
 
PDF
Code review in practice
Edorian
 
PDF
On to code review lessons learned at microsoft
Michaela Greiler
 
PDF
Code Inspection
Fáber D. Giraldo
 
PPT
The technology of the Human Protein Reference Database (draft, 2003)
Kiran Jonnalagadda
 
ODP
RailswayCon 2010 - Command Your Domain
Lourens Naudé
 
Code reviews
Roger Xia
 
Code reviews
Raúl Araya Tauler
 
Capability Building for Cyber Defense: Software Walk through and Screening
Maven Logix
 
Code reviews
Roger Xia
 
Voxxed days 2015-hakansaglam-codereview
Hakan Saglam
 
Testing survival Guide
Thilo Utke
 
Funtional Ruby - Mikhail Bortnyk
Ruby Meditation
 
Functional Ruby
Amoniac OÜ
 
Staying railsy - while scaling complexity or Ruby on Rails in Enterprise Soft...
Coupa Software
 
How to improve the quality of your application
EUR ING Ioannis Kolaxis MSc
 
Refactoring
Herez Moise Kattan
 
Building a REST API for Longevity
MuleSoft
 
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Intro to Ruby - Twin Cities Code Camp 7
Brian Hogan
 
[DevDay2018] Let’s all get along. Clean Code please! - By: Christophe K. Ngo,...
DevDay Da Nang
 
Code review in practice
Edorian
 
On to code review lessons learned at microsoft
Michaela Greiler
 
Code Inspection
Fáber D. Giraldo
 
The technology of the Human Protein Reference Database (draft, 2003)
Kiran Jonnalagadda
 
RailswayCon 2010 - Command Your Domain
Lourens Naudé
 
Ad

More from Ruby Meditation (20)

PDF
Is this Legacy or Revenant Code? - Sergey Sergyenko | Ruby Meditation 30
Ruby Meditation
 
PDF
Life with GraphQL API: good practices and unresolved issues - Roman Dubrovsky...
Ruby Meditation
 
PDF
Where is your license, dude? - Viacheslav Miroshnychenko | Ruby Meditation 29
Ruby Meditation
 
PDF
Dry-validation update. Dry-validation vs Dry-schema 1.0 - Aleksandra Stolyar ...
Ruby Meditation
 
PDF
How to cook Rabbit on Production - Bohdan Parshentsev | Ruby Meditation 28
Ruby Meditation
 
PDF
How to cook Rabbit on Production - Serhiy Nazarov | Ruby Meditation 28
Ruby Meditation
 
PDF
Reinventing the wheel - why do it and how to feel good about it - Julik Tarkh...
Ruby Meditation
 
PDF
Performance Optimization 101 for Ruby developers - Nihad Abbasov (ENG) | Ruby...
Ruby Meditation
 
PDF
Use cases for Serverless Technologies - Ruslan Tolstov (RUS) | Ruby Meditatio...
Ruby Meditation
 
PDF
The Trailblazer Ride from the If Jungle into a Civilised Railway Station - Or...
Ruby Meditation
 
PDF
What/How to do with GraphQL? - Valentyn Ostakh (ENG) | Ruby Meditation 27
Ruby Meditation
 
PDF
New features in Rails 6 - Nihad Abbasov (RUS) | Ruby Meditation 26
Ruby Meditation
 
PDF
Security Scanning Overview - Tetiana Chupryna (RUS) | Ruby Meditation 26
Ruby Meditation
 
PDF
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
PDF
Best practices. Exploring - Ike Kurghinyan (RUS) | Ruby Meditation 26
Ruby Meditation
 
PDF
Road to A/B testing - Alexey Vasiliev (ENG) | Ruby Meditation 25
Ruby Meditation
 
PDF
Concurrency in production. Real life example - Dmytro Herasymuk | Ruby Medita...
Ruby Meditation
 
PDF
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
PDF
Rails App performance at the limit - Bogdan Gusiev
Ruby Meditation
 
PDF
GDPR. Next Y2K in 2018? - Anton Tkachov | Ruby Meditation #23
Ruby Meditation
 
Is this Legacy or Revenant Code? - Sergey Sergyenko | Ruby Meditation 30
Ruby Meditation
 
Life with GraphQL API: good practices and unresolved issues - Roman Dubrovsky...
Ruby Meditation
 
Where is your license, dude? - Viacheslav Miroshnychenko | Ruby Meditation 29
Ruby Meditation
 
Dry-validation update. Dry-validation vs Dry-schema 1.0 - Aleksandra Stolyar ...
Ruby Meditation
 
How to cook Rabbit on Production - Bohdan Parshentsev | Ruby Meditation 28
Ruby Meditation
 
How to cook Rabbit on Production - Serhiy Nazarov | Ruby Meditation 28
Ruby Meditation
 
Reinventing the wheel - why do it and how to feel good about it - Julik Tarkh...
Ruby Meditation
 
Performance Optimization 101 for Ruby developers - Nihad Abbasov (ENG) | Ruby...
Ruby Meditation
 
Use cases for Serverless Technologies - Ruslan Tolstov (RUS) | Ruby Meditatio...
Ruby Meditation
 
The Trailblazer Ride from the If Jungle into a Civilised Railway Station - Or...
Ruby Meditation
 
What/How to do with GraphQL? - Valentyn Ostakh (ENG) | Ruby Meditation 27
Ruby Meditation
 
New features in Rails 6 - Nihad Abbasov (RUS) | Ruby Meditation 26
Ruby Meditation
 
Security Scanning Overview - Tetiana Chupryna (RUS) | Ruby Meditation 26
Ruby Meditation
 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
Best practices. Exploring - Ike Kurghinyan (RUS) | Ruby Meditation 26
Ruby Meditation
 
Road to A/B testing - Alexey Vasiliev (ENG) | Ruby Meditation 25
Ruby Meditation
 
Concurrency in production. Real life example - Dmytro Herasymuk | Ruby Medita...
Ruby Meditation
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
Rails App performance at the limit - Bogdan Gusiev
Ruby Meditation
 
GDPR. Next Y2K in 2018? - Anton Tkachov | Ruby Meditation #23
Ruby Meditation
 

Recently uploaded (20)

PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
2025 Textile ERP Trends: SAP, Odoo & Oracle
Aetos Technologies
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
AI in Product Development-omnex systems
omnex systems
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
System and Network Administration Chapter 2
jaramharo
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 

Professional Code Reviews - Bogdan Gusiev

  • 1. CODE REVIEW PROCESSCODE REVIEW PROCESS BOGDAN GUSIEVBOGDAN GUSIEV
  • 2. CODE REVIEW TENDS TO BE NATURALCODE REVIEW TENDS TO BE NATURAL
  • 3. CODE REVIEW YOURSELFCODE REVIEW YOURSELF
  • 5. SPONDANUOUS CODE REVIEW PROBLEM:SPONDANUOUS CODE REVIEW PROBLEM: TOO LATETOO LATE
  • 6. EVERYTHING HAD CHANGED BYEVERYTHING HAD CHANGED BY GITHUBGITHUB
  • 7. DO I NEED A CODE REVIEW?DO I NEED A CODE REVIEW? IMHO: NEW PROJECTSIMHO: NEW PROJECTS DON'T NEED A FORMAL CODE REVIEW AT ALLDON'T NEED A FORMAL CODE REVIEW AT ALL
  • 8. CODE REVIEW EVOLUTIONCODE REVIEW EVOLUTION 1. Spontanuous Code Reviews 2. "When I am not sure" code reviews 3. Formal Code Review Process 4. Required code review for certain changes 5. Required code reviews for everything Fails Driven Process
  • 9. CODE REVIEW PROPERTIESCODE REVIEW PROPERTIES NECESSITYNECESSITY Optional Required PROCESSPROCESS Informal Formal PEOPLEPEOPLE Dedicated Distributed
  • 10. POSITION IN A PROCESSPOSITION IN A PROCESS 1. Planning 2. Coding 3. Code Review 4. QA 5. Release QA <-> Code Review Formally QA a er Code Review
  • 11. 1. Make a fork (optional) 2. Create a Branch 3. Open a Pull Request 4. Wait for review 5. Discuss & Fix 6. Merge
  • 12. CODE REVIEW ISCODE REVIEW IS A PROCESS OFA PROCESS OF REVIEWING AND APPROVINGREVIEWING AND APPROVING CODE CHANGESCODE CHANGES BEFOREBEFORE THEY GET ACCEPTED TO THE MAINSTREAMTHEY GET ACCEPTED TO THE MAINSTREAM
  • 13. HOW TO REVIEW?HOW TO REVIEW?
  • 14. FIX COMMON THINGS FIRST?FIX COMMON THINGS FIRST? Typos Whitespace Code Style Wrong Direction!
  • 15. WHERE TO LOOK?WHERE TO LOOK? Things that are most significant should be reviewed first which are ones that are the most hard to change.
  • 16. TOP TO BOTTOM CODE REVIEWTOP TO BOTTOM CODE REVIEW 1. Architecture 1. Problem Solution 2. Public APIs 3. Database Schema 4. Object Oriented Design 5. Public Method Signatures 2. Implementation 1. Classes & Methods 2. Views 3. Tests 4. Code Style, Typos, Whitespace
  • 17. PROBLEM SOLUTIONPROBLEM SOLUTION 1. Problem makes sense 2. Problem Solved 3. High Level Security 4. High Level Performance
  • 18. ONLY SHOW CUSTOM PROPERTIES WITH AT LEAST ONE VALUE IN SELECTONLY SHOW CUSTOM PROPERTIES WITH AT LEAST ONE VALUE IN SELECT def selectable_product_categories + ProductCategory.with_at_least_one_product - ProductCategory.all end ProductCategory. where("not exists(select * from products where ...)"). count # => 0
  • 19. HIGH LEVEL SECURITYHIGH LEVEL SECURITY EX. FEATURE:EX. FEATURE: LOGIN USER AUTOMATICALLY WHEN IT CLICKS ON THE LINK IN THE EMAILLOGIN USER AUTOMATICALLY WHEN IT CLICKS ON THE LINK IN THE EMAIL THIS IS NOT VERY SECURETHIS IS NOT VERY SECURE
  • 20. HIGH LEVEL PERFORMANCEHIGH LEVEL PERFORMANCE CHECK IF THE CHANGECHECK IF THE CHANGE Touches Performance sensitive code Will be slow for particular data No pagination when there are 1000+ records to display
  • 21. PUBLIC APISPUBLIC APIS USING HTTP API AS EXAMPLEUSING HTTP API AS EXAMPLE 1. Efficiency 2. Logical Endpoints 3. Request Parameters 4. Response Format WHATEVER THAT IS DOCUMENTEDWHATEVER THAT IS DOCUMENTED
  • 22. API INEFFICIENCY EXAMPLEAPI INEFFICIENCY EXAMPLE EFFICIENT WAY?EFFICIENT WAY? Purchase.has_one :referral GET /purchases/:order_number { id: 1, order_number: '1838382', referral_id: 17 } POST /referrals/:id/approve POST /purchases/:order_number/referral/approve
  • 23. RESPONSE FORMATRESPONSE FORMAT # Easier render json: @campaign.view_setups.to_json # Extensible render json: {view_setups: @campaign.view_setups.to_json}
  • 24. BAD API EXAMPLEBAD API EXAMPLE Talkable.publish('talkable_offer_close', null, true); Talkable.publish('offer_close', null, true);
  • 25. ANALYZE USAGE FIRSTANALYZE USAGE FIRST BUT NOT IMPLEMENTATIONBUT NOT IMPLEMENTATION setCustomProperty: function (person, properties) { ... } setCustomProperty('advocate', {key: value}) setCustomProperty('friend', {key: value}) setAdvocateCustomProperty: function(properties) { private_stuff.setCustomProperty("advocate", properties); }, setFriendCustomProperty: function(properties) { private_stuff.setCustomProperty("friend", properties); },
  • 26. DATABASE SCHEMADATABASE SCHEMA 1. Relations between tables 2. Data Columns 3. Naming
  • 27. EFFICIENT RELATIONSEFFICIENT RELATIONS 1. What are the variants? 2. Was the best one selected?
  • 28. EFFICIENT SCHEMAEFFICIENT SCHEMA add_column :images, :dimension, :string class Image < AR::Base def width dimension.split("x").first end def height dimension.split("x").last end end add_column :images, :width, :integer add_column :images, :height, :integer
  • 29. DATA SHOULD BEDATA SHOULD BE EASY TO READEASY TO READ EVEN IF IT MAKES ITEVEN IF IT MAKES IT HARDER TO WRITEHARDER TO WRITE
  • 30. OBJECT ORIENTED DESIGNOBJECT ORIENTED DESIGN 1. Reflects Real World 2. Inheritance 3. Constructors
  • 31. REVIEWING CONSTRUCTORSREVIEWING CONSTRUCTORS CIRCULAR DEPENDENCYCIRCULAR DEPENDENCY class Field def initialize @cells = Array.new(10) do Array.new(10) { Cell.new(self) } end end end class Cell def initialize(field) @field = field end end
  • 32. OBJECT CONSTRUCTORS ARE IMPORTANT:OBJECT CONSTRUCTORS ARE IMPORTANT: Which things are required to use an object? What are the object responsibilities? Theoretical limit Which methods can be implemented in the object? Which things would need to be passed to methods as arguments? Constructor defines object API
  • 33. REVIEWING CONSTRUCTORSREVIEWING CONSTRUCTORS UNDEFINED CONTEXTUNDEFINED CONTEXT class ApplicationController before_action do WhateverRequestAnalyzer.new(request).analyze end end CrawlerRequestAnalyzer.new( request.user_agent, request.url, request.content_type ).analyze
  • 34. PUBLIC METHOD SIGNATURESPUBLIC METHOD SIGNATURES 1. Placement 2. Arguments 3. Name
  • 35. METHOD PLACEMENTMETHOD PLACEMENT class User def approve!(referral) end # OR class Referral def approve!(user) end
  • 38. CLASSES & METHOD BODIESCLASSES & METHOD BODIES Each method or class separately Check one by one: 1. Approach & Algorithm 2. Performance 3. Security 4. Minimalism 5. Local Variable Names
  • 39. PERFORMANCE & VULNERABILITIESPERFORMANCE & VULNERABILITIES In the ideal world performance and vulnerabilities should not change the code structure. In practice it can but we should try hard to fix performance problems only at the implementation level
  • 40. GOOD PERFORMANCE PATCHGOOD PERFORMANCE PATCH def core_options - { header: name, description: description, group: group } + @core_options ||= { header: name, description: description, grou end - @campaign.locale_entries.each do + @campaign.locale_entries.preload(:variants).each do
  • 41. GOOD VULNERABILITY PATCHGOOD VULNERABILITY PATCH -{{ advocate_info.first_name }} +{{ advocate_info.first_name | escape }}
  • 42. SECURITYSECURITY Approach Security (Step 1) Is it secure to have this feature? Is it secure to implement the feature this way? Vulnerabilities XSS Allowed Parameters Backend Authorisation check Authorisation for UI elements
  • 43. TESTSTESTS 1. Use Cases Coverage 2. Formal Code Coverage 3. Tests Implementation
  • 44. TOP TO BOTTOM IDEATOP TO BOTTOM IDEA IT IS BAD TO:IT IS BAD TO: Discuss the method name before the method existence as a fact Discuss Code Style before implementation itself
  • 45. BOSS CONTROL APPROACHBOSS CONTROL APPROACH Ensure top points from the list are always performed Choose X things on top of the list to double-check and delegate the rest completely
  • 46. CODE REVIEW CULTURECODE REVIEW CULTURE Be Polite Admit good things First things first Reduce number of cycles Save Author's time Save Your time
  • 47. TOP TO BOTTOM CODE REVIEWTOP TO BOTTOM CODE REVIEW 1. Architecture 1. Problem Solution 2. Public APIs 3. Database Schema 4. Object Oriented Design 5. Public Method Signatures 2. Implementation 1. Classes & Methods 2. Views 3. Test Coverage 4. Code Style, Typos, Whitespace