狠狠撸

Nicola Pietroluongo @niklongstone
THE REVIEWER
CHECKLIST
How to be a better reviewer

鈥� I鈥檓 really good at stuff until people watch me
do that stuff.
-Nerd Anatomy

Nicola Pietroluongo
@niklongstone
鈻� Lead developer/Solution architect
鈻� Tech article writer
鈻� Open Source contributor
鈻� Author of 鈥淟earning PHP7鈥� by Packt Publishing
鈻� +10y of PHP programming
鈻� Amazon Alexa skill challenge award winner

Main areas
What we are going to cover
鈻� Introduction to code review
鈻� The checklist
鈻� Tools and conclusions

1.
What code review is
Introduction to code review, things to do before

鈥� Code review is systematic examination of
computer source code. It is intended to find
mistakes overlooked in the initial development
phase, improving the overall quality of team
and software.
-Wikipedia

TYPES OF CODE REVIEW

Formal
Inspection
/
Fagan
Inspection Meeting
http://www.mfagan.com/pdfs/software_pioneers.pdf
https://www.cs.umd.edu/class/spring2005/cmsc838p/VandV/fagan.pdf
OverviewPlanning Preparation Rework

Over-the-
shoulder

Pull
request

Pair
programming

FeedbackSpot the error Fix
TIME
Key points

Pair
Programming
TIME
Feedback
Spot the
error
Fix

GENERAL RULES

Share
Findings

鈥� Time is money
-Your boss when you鈥檙e late

Manage your time
Provide quick feedback
鈻� Inspection rate 250 lines/hours
鈻� Review 200-400 lines per review session
鈻� Quick Feedback

Capture metrics
Define goals
鈻� Lines Of Code
鈻� Function Point
鈻� Defect Density
鈻� Risk Density
鈻� Code Coverage
鈻� Defect Detection Rate
鈻� Defect Correction Rate
鈻� Cyclomatic Complexity

Cyclomatic Complexity
Thomas J. McCabe, Sr. 1976
鈻� E: Edges
鈻� N: Nodes
鈻� P: Number of exit points
(CC) = E - N + 2P
http://www.literateprogramming.com/mccabe.pdf
http://www.mccabe.com/pdf/More Complex Equals Less Secure-McCabe.pdf
A
B
C D
E

Cyclomatic Complexity
A>B
B==1
END IF
END IF
A=BB=0
7 Edges
6 Nodes
CC = 7- 6 + 2 = 3
T
TF
F

It鈥檚 a Bug Hunt
NOT
a Blame Game

WHEN QUICKLY DECLINE

When
the pull request is out of scope
you should _______
When quickly decline?

When
the pull request is out of scope
you should DECLINE

When
the code has no test coverage
you should _______

When
the code has no test coverage
you should DECLINE

When
you don鈥檛 like the solution provided
you should _______

When
you don鈥檛 like the solution provided鈥�
you should _______

Production
Border
Force

2.
The checklist
Reviewer鈥檚 responsibilities

The checklist
What we will cover
鈻� Best Practices
鈻� Foundation
鈻� Architecture
鈻� Key Areas (Security, Logging, Performances)

BEST PRACTICES

鈥� Fat model, skinny controller
-Weight Watchers

Services
config
# Sf 2.8 app/config/services.yml
services:
# keep your service names short
app.slugger:
class: AppBundleUtilsSlugger
# Sf 3.3 app/config/services.yml
services:
# use the fully-qualified class name as the service id
AppBundleUtilsSlugger:
public: false

Adopt what鈥檚 make your team鈥檚 life easier.
Best practices

Controller as a
Service
class EventController
{
//...
public function __construct(
TemplatingEngine $templating
Router $router,
LoggerInterface $logger,
EventRepository $eventRepository
)
//...
public function indexAction($id)
{
//...

FOUNDATION

Parameters/
Return Types
/**
* Get options.
*
* @param string $name
* @param mixed $value
*
* @return mixed $option
*/
public function getOption($name, $value)
{
//...

Dependency
Constraint

Alternatives/
Deprecations

TEST

ARCHITECTURE

鈥� Never assume anything
-Law enforcement

鈥� To bundle or not to bundle,
that is the question
-Sf Hamlet

Folder
structure

KEY AREAS

Security
CSRF token
# app/config/security.yml
security:
# ...
firewalls:
secured_area:
# ...
form_login:
# ...
csrf_token_generator: security.csrf.token_manager
# twig template
{# ... #}
<form action="{{ path('login') }}" method="post">
{# ... the login fields #}
<input type="hidden" name="_csrf_token"
value="{{ csrf_token('authenticate') }}"
>
<button type="submit">login</button>
</form>

OWASP - Code Review Guide
https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project

Syslog Message Severities
RFC 5424
Numerical Code Severity
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages

鈥� I want it all, I want it now
-Queen

Website
Performance
source : Akamai.com

Loops
A)
for ($i = 0; $i < count($array); $i++) {
B)
$total = count($array);
for ($i = 0; $i < $total; $i++) {

3.
Tools
Tools and automation

Blackfire

SensioLabs
Insight

PHP CSF

Exakat

PhpMetrics

PHP MD

PHPMD
$ ./phpmd.phar filesOrDir reportFormat rules
$ ./phpmd.phar fileA.php,fileB.php text cleancode,codesize

Git diff
$ git diff --name-only --diff-filter=d master
src/CinemaBundle/Controller/CinemaController.php
src/CinemaBundle/Entity/Screening.php
src/CinemaBundle/Entity/ScreeningVenue.php
src/CinemaBundle/Entity/Showing.php

Sed
$ sed ':a; $!N; s/n/,/; ta'
:a creates a pattern
$!N appends lines to the pattern if not last line
s/n/,/ replaces new line with comma
ta repeat the a

Pull it together
*All in one line
./phpmd.phar
$(git diff --name-only --diff-filter=d master |
sed ':a; $!N; s/n/,/; ta')
text cleancode,codesize

鈥� Automate, automate, automate.
Allright, allright, all right.
-Matthew McSymfony

LIGHT TOUCH REVIEW

Light touch review
Inspect what鈥檚 critical
鈻狝utomation
鈻狧igh code coverage
鈻猄mall and contained release
鈻狦ood knowledge of the project, business and practices

Thanks!!NicolaPietroluongo.com
@niklongstone
https://github.com/niklongstone
https://joind.in/talk/20dcd

狠狠撸

The reviewer checklist

Recommended

More Related Content

Similar to The reviewer checklist (20)

Recently uploaded (20)

The reviewer checklist

Editor's Notes