1 / 12

Peer Code Review and Static Code Analysis Tools

Peer Code Review and Static Code Analysis Tools. Cole Cecil. Peer Code Review. Why do a peer code review?. Find defects earlier Find different kinds of defects Share knowledge among peers Maintainability of code is improved Encourages developers to do better work.

lana
Télécharger la présentation

Peer Code Review and Static Code Analysis Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Peer Code Review and Static Code Analysis Tools Cole Cecil

  2. Peer Code Review

  3. Why do a peer code review? • Find defects earlier • Find different kinds of defects • Share knowledge among peers • Maintainability of code is improved • Encourages developers to do better work

  4. Types of peer code reviews • Formal inspection • Over-the-shoulder review • Pair programming • Email pass-around • Tool-assisted review

  5. Peer review best practices • Don’t go too fast • Less than 300 – 400 lines of code per hour • Don’t review too much code at once • No longer than 90 minutes • No more than 400 lines of code • Annotate before the review • Track goals and metrics • Use checklists • Not too long • Focus on trouble areas and easily forgotten things

  6. Peer review best practices (continued) • Review code before checking it in • Keeps defects from becoming part of the product, but can slow development • Designate one or more experienced people as primary reviewers • At least one primary reviewer should be involved reviewing each piece of code • Verify that all review comments are resolved • Keep a good attitude about defects • View them as improvements to the application • View them as opportunities to learn • If you can’t review everything, still review some things • Keeps developers learning • Encourages developers to write better code

  7. Tools for peer code review • Commerical Tools • Crucible • CodeCollaborator • Free Tools • Review Board • Rietveld • Gerrit • Codestriker

  8. Static Code Analysis Tools

  9. What are static code analysis tools? • Tools that analyze code without running it • Can find be used to find bugs such as: • Security issues • Performance issues • Memory issues • Potential errors • Not adhering to coding standards • Can often be integrated with an IDE • A good way to reduce the number of bugs before doing peer code review

  10. Limitations of static code analysis tools • False positives • False negatives • Can’t detect some types of issues

  11. Examples of static code analysis tools • A few Java tools • CheckStyle • FindBugs • PMD • Many, many more • http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

  12. References • 11 Best Practices for Peer Code Review. Retrieved from http://support.smartbear.com/resources/cc/11_Best_Practices_for_Peer_Code_Review.pdf • Bilias, S. Peer Code Reviews At Loose Cannon. Retrieved from http://scottbilas.com/blog/peer-code-reviews-at-loose-cannon • Five Types of Review. Retrieved from http://support.smartbear.com/resources/cc/book/code-review-types.pdf • Gomez, I., Morgado, P., Gomez, T., & Moreira, R. An Overview on the Static Code Analysis Approach in Software Development. Retrieved from http://paginas.fe.up.pt/~ei05021/TQSO%20-%20An%20overview%20on%20the%20Static%20Code%20Analysis%20approach%20in%20Software%20Development.pdf • Peer Code Review: An Agile Process. Retrieved from http://support.smartbear.com/resources/cc/Peer-Code-Review_An-Agile-Process.pdf • Rubinstein, D. Making the case for code review. Retrieved from http://www.sdtimes.com/link/34294

More Related