About Code Auditing

Recently has been thinking how to improve the quality of the method, the most important thing is to really do a good "code review", rather than floating in the face just to complete the company's process system, in this point not only I have to do well, to let the whole team can do well, to let everyone really through the code review this activity to promote themselves, help others Standing at the current point of view in order to enhance the Team code audit effect to strengthen the significance of the code audit, existing normative tools, team members reached a consensus. After all, people are the first problem, we must work together to do well. The following article feels very good from its own different role growth describes the view of the review, which interspersed with some good ways to share.

"Code review" has been a common practice in many companies, at first glance seems to be a waste of time, reduce productivity, in fact, the benefits are obvious to all. It can check the correctness of the code, rationality, security, the discovery of hidden bugs, so that the system more reliable operation. It can ensure that the code can have two or more people familiar with the promotion of knowledge sharing. It allows team members to backup each other, support each other, there is no spof. It can deter any idea of burying Thunder and eliminate evil thoughts. It can learn good code from each other and improve programming skills. Wait a minute.

From graduation to work to now, my understanding of "code review" is also more and more profound, more and more feel the importance of it, the product development is not missing. During my growth, I experienced the different roles of "code review", each process, each role, experienced a lot and accumulated experience.

As a fledgling entrepreneur,

Graduating from school soon, out of business with friends, then know how to work hard, do not talk about methods, quickly come out of the product system is the first and only task. All things have to do their own, overtime, people are not many, do each other, there is no code review, who wrote well, who commits to the code base, after a simple test, you can go online. No rollback, fixed again, is completely a fledgling primitive people's practice. At that time, inexperience, ill-conceived, the system often goes wrong. Debugging bugs in the process, time-consuming, then there will be colleagues debugging together, look at the code, the most primitive informal code review was then started. The original lesson was that debug Sucks,test Rocks,code review even rockets.

As a code submitter

Just debut, as the new, more is to write code and let the Master review, also slowly learn how to review.

First, you must understand and learn the company code review specification process. The code style for the different programming languages was first studied, and it was required to be tested by the company's code style, also called code readability. Then be sure to write the code according to the style rules, including how to define the variable name, function name, class name, how to use spaces, how to write comments, which syntax does not encourage or even prohibit use, and so on, the benefit is to improve the readability of the code, consistency, maintainability. Have a good training, a lifetime benefit of things. The company developed the Code style Check tool, which uses tools to check the readability of the codes and to correct them immediately.

Before writing code, design the project directory structure, module structure, object structure, ensure the overall structure of the code is reasonable. In this way, people can see the contents of the project to complete the task, each file to do things.

Enter the coding stage, the first outline of the framework, and then a refinement, code beautiful, reasonable structure, algorithm refinement, high efficiency. Reusable as much as possible, because the code has been tested for quality assurance.

After each part of writing, we must perfect the test case, mainly white box unit test. After writing the whole, there are integration tests, regression tests, even load tests, and so on. Compile, test, integrate into the script, so that every time you modify, you can run the script to complete a variety of automated testing, quality assurance.

The individual tasks of a large project, implemented and tested, are packaged into a change list instead of a fragmented, non-system, and run-alone stack of code.

Check again, you are satisfied, will submit code review. Generally, looking for the same project in the level of high, strong, and even technical leader, invite them to review, they can give you better advice, let you learn more things, improve faster. The higher the requirement, the better the reality to yourself. Some people often make the mistake is to find a good relationship, or very easy to pass, to do their own code review, thought that such a hassle, will not be "criticized", in fact, in the long run is not conducive to their own development and improvement.

As a Code reviewer

With the expert communication process, accumulated a lot of code review experience, oneself also slowly can do some code review work. Especially when others change their own code, they will undoubtedly be selected as the first code reviewer.

When you start reviewing code, you tend to focus on what's on the surface. Overall scan code, code style is satisfied, how readable, code structure is reasonable, whether there is lazy woman binding function, or a huge class, whether the comments are clear, whether the code is repeated, whether the need to complete, whether there are big omissions, and so on. If you find these relatively easy to identify problems, will call back, let the author first modify, only to do a careful in-depth review. In principle, if the code submitter is responsible, such problems should rarely arise.

If the document or requirement is not clearly stated, it will be discussed with the author, understand the task to be completed, and the solution, algorithm. All of this is clear, you can sit down and read the code, think of the Code, review the code.

When you review your code, you'll read it one line at a time, understand it, and think about any problems that might arise, whether or not the boundary is considered. Will think how to do it if you write it yourself. If you think of any problems, check whether the test cases are considered. will also pay attention to whether there are security vulnerabilities, code extensibility, code execution efficiency, whether the structure is reasonable same strain, the object design is reasonable, in multi-threaded multiuser situation, if there is a problem, and so on. A lot of them can be checklist as a check.

The process of reviewing the code is not an easy process. At this time, not only in understanding other people's code, but also their own thinking how to achieve. If the author's design and algorithm are inconsistent with their own, it will be better to compare who's scheme. If you feel better, discuss it with the author and suggest it.

Code reuse, pattern refinement is a point to be aware of. Look at whether the organization of the code is conducive to reuse, whether it can extract patterns, reusable should be extracted to generate easy to reuse form. Furthermore, because each person's grasp of the entire code base is different, then, will also be concerned about the author's code is not already in the library, it should be called, rather than repeating the implementation, thereby reducing the error.

For important or difficult to understand code, you will do a face-to review. For the core or critical code, the Code review meeting is organized, and it is also a process of knowledge sharing. Sometimes, perhaps a code, will invite many people to review, each person will have not understood the opinion, found different problems, although this is more time-consuming, but after the completion of more quality assurance.

As a manager

Later, in addition to the above role, but also as a manager, responsible for the specification and implementation of code review. Mainly do the following several work.

The first is to develop the company code review specifications and processes, and this must be a research and development policy, requires that all research and development must be strictly enforced. For example, the code review process is similar to the following.

Furthermore, the code style that documents different languages should have a set of languages that are commonly used by the company, possibly Java, possibly C + +, possibly Python, possibly PHP, and perhaps the style of scripting language to define. In this way, we can follow, unity and practice.

Based on previous experience, the definition of a code review checklist, equivalent to a number of considerations are documented at any time for reference, so that for the main checkpoints, such as security checks, multi-tasking multi-threading, extensibility, Reuse, oo design, testing completeness, architecture, and so on, will not be ignored. Other points that can be freely controlled and played out. For example, a checklist similar to the following.

Then, set up an easy-to-use code review environment and force the review to be embedded in commands that the code submits to the code base. Without code review, without the approval of the censor, the code is not able to commit to the code base. Someone realized the review Board + SVN code review Scheme, someone realized the review board + git scheme. In short, you want to automatically alert and enforce code review in the commands that you submit, so everyone enforces compliance by automating program commands, not people. This is very important, can rule of law, do not rule by men.

Finally, the quantitative effects, including code review implementation, feedback length, number of comments, repeated times, and even the test or online bug system linkage, really monitor the quality of code review, the award is clear. A variety of indicators visualized, put on the dashboard, anyone can see. Then by the indicator to the Code submitter and reviewer rankings, want to motivate good, will be good to become star list. Want to spur backward, will be poor into shame list.

http://mp.weixin.qq.com/s?__biz=MjM5ODIzNDQ3Mw==&mid=2649966104&idx=1&sn= 2e9a184beb676cb8687c0bed024fdd62&scene=21#wechat_redirect

About Code Auditing