Implementing Effective Code Reviews
How to Build and Maintain Clean Code
1st ed.
To Simone, Sofia, and Matteo (Mone, Fofi, and Petteio), who added plenty of joy to my life.
I confess that I have been blind as a mole, but it is better to learn wisdom late than never to learn it at all.
—Sherlock Holmes in Arthur Conan Doyle’s “The Man with the Twisted Lip” (1891)
When I was 8 years old, I decided that I wanted to be a computer scientist. Since then, all my career and the majority of my interests have been oriented toward technology, programming, and getting better at it. I spent the majority of my life developing my software engineering skills and learning tips and tricks on how to write beautiful code. Over 15 years, I’ve had time and pleasure to learn and set in place coding standards and good coding practices.
The more I learned, the more I realized that a software engineer is not just one who writes code. Being an engineer isn’t just about coding or looking up how to solve a bug. That’s just 20% of our job. Coding is not just coding. After reading a lot of the most valuable existing books from programming languages, good practices, concurrency to security, I couldn’t really find a comprehensive view on the topic.
- 1.
What does good software look like?
- 2.
Do I really need good coding practices? To what extent?
- 3.
What if I need to keep going with the development process and have little time to check the code for standards and quality?
- 4.
Which kinds of processes do I really need?
- 5.
How do I perform a code review?
- 6.
What to avoid during code reviews?
- 7.
Is it only about scanning code?
Who This Book Is For
If you’re like me and you think that coding is an art, not just following the syntax of the programming language of your choice, this book is right for you. If you are the “get it out there quick” person, keep on reading; this book was designed with you in mind.
This book is aimed at people with at least some experience with programming in some sort of language: C, C++, Java, or Python. It could be easier for object-oriented programming folks to go through the book, but a lot of concepts discussed in the book are general enough to be the foundation of good coding.
Snippets of code are in Python: it is a so versatile and powerful language that it allows for mighty smells. Love it!
Some more advanced chapters—like concurrency and security—might require some more focus to make them your own if you are fairly new to them. But, no worries, keep going; it will be rewarding and it will give you the right tools to be at the top of your game.
Passionate programmers willing to go the extra mile and be better at their jobs. It will help you lead a happier and easier life. It might even help you earn a raise.
People who just started to program. This book will power up your programming skills. By learning good habits from the start, you will avoid wasting time on common errors.
Software engineers of all kinds. Knowing a programming language is not enough to be good at it. You need to use foundational concepts, clean coding, and team work skills to use your programming skills wisely.
More experienced IT people in search for a quick guide on how to review code.
We are not here to talk about theoretical mumbo jumbo. We are going to talk about practical guidance. And it is our duty—as professionals—to code in the best possible way, is it not?
You might think, “Will my extra effort mean something?” And I’d say, “Yes! Yes, it will!”
- 1.
If you are looking for an entire encyclopedia on data structures, software architectures, and any possible software engineering facets, this book is not for you. Certain concepts are in pills: the book provides just the core information that can assist you in doing better choices.
- 2.
This book is not made to impress you, it is made to help you out. To be handy and on point.
- 3.
It is not a Python programming book. Not a programming book per se either. It is meant to help in writing better code by looking at it from several angles.
- 4.
This book is not boring. If you are looking for endless mechanical chapters, wrong choice. Let’s add some fun; life is too short.
- 5.
If you are looking for specific tools on how to perform code reviews, sorry, not at this point in time. This book is meant to help you learn how to fish rather than giving you fish or pointing out at who can fish for you.
- 6.
If your heart as a programmer is too sensible on how bad code can be, please stop. I care about you, seriously. Or, at least, read with caution, don’t stress too much: there are other wonderful things in the world!
And if you get upset identifying bad things that you did, no worries, every single programmer on earth has been there!
But at the end of the day, I hope you’ll enjoy it!
“Data! Data! Data!" he cried impatiently. "I can’t make bricks without clay.”
—Sherlock Holmes in Arthur Conan Doyle’s “The Adventure of the Copper Beeches” (1892)
This book addresses the importance of good coding practices as well as it takes a deep dive on code reviews. It is a comprehensive guide across all the main aspects to look at during code reviews. The aim is to provide practical information and examples to consider when performing them.
Much like the fictional Sherlock Holmes, we must have knowledge to make the right deductions and take the correct actions. Knowledge is data, knowing all the possible things. Wisdom is discerning between the good and the bad (potentially the ugly) and picking the right things to do.
Programming pyramid
Bugs are the ugly and sit at the very bottom of the programming pyramid. You need to get rid of them, at all the costs. Unfortunately, oftentimes, our only concern is to just fix what is really needed and never touch again that code.
“But it was working on my laptop,” they said.
In order to provide real value, code’s quality needs to be assured. Sure enough, value is not only given by quality code. The fanciest code that does not achieve business goals or that does not solve people’s problems would be a nice craft but would not add much value. But I believe that quality is an expression of value, as we will see later in this book.
Chapter 1 : The Art of Programming provides a solid overview on the code review process and why it matters.
Chapter 2 : Code Structure deals with general structural smells to look at during code reviews including design, reusability, control structures, and APIs.
Chapter 3 : Data Structures takes a glance over main data structures and provides some rules of thumb to consider when designing and/or reviewing your projects.
Chapter 4 : Design Smells walks through main design smells to look at during a holistic review of your code.
Chapter 5 : Software Architectures digs deeper into software architecture smells and best practices. In particular, dos and don’ts about main design patterns are explained.
Chapter 6 : From Scratch responds to the question of how do we check that the design and code is aligned with what is really needed. The main reason behind this section is that writing super fancy code that does not achieve objectives means nothing at the end of the day.
Chapter 7 : Naming and Formatting Conventions provides good practices around naming and data.
Chapter 8 : Comments highlights what to check into the comments you provide (do you?) with your code.
Chapter 9 : Concurrency, Parallelism, and Performances provides some foundation knowledge about concurrent and parallel programming. It also introduces metrics used in this context in order to evaluate performances.
Chapter 10 : Security provides guidance for embedding security checks into the review process. It glances at main security principles and how to perform reviews during the development lifecycle.
Chapter 11 : Code Reviews closes the book by providing metrics and final remarks on code reviews. This chapter reviews how to approach code reviews depending on your role (i.e., developer, reviewer, manager).
Each chapter is addressed with a divide-and-conquer approach : each of them deals with issues within the topic. Thus, each chapter will walk through different practices, reasoning why they are good or bad, as well as providing some clarifying examples. Finally, a checklist ends all of them to help you during the review process of your projects.
Feedback and Errata
Feedback from readers is always more than welcome and highly valued. Let me know what you think about this book, what you liked, what you disliked, and what you would like to read in a future version on the topic.
Anything that can go wrong will go wrong.
If you find a mistake, a typo, something missing, please report it, so I can improve the book.
More generally, you can get in touch with me by following my LinkedIn profile: www.linkedin.com/in/giucar .
Disclaimer
All opinions and concepts are my own and by no means represent the position of any of my employers past or present.
, CCSK, PSM certified, is a Research Engineering Manager at Tenable. With over 15 years of engineering experience, she has grown her expertise mainly in the networking, security, cloud computing, telecommunications, and Internet of Things (IoT) industries. Through her career, she has worn many hats, including researcher, engineer, project manager, and engineering manager. Giuliana has been doing research in a number of application fields for over 7 years, 5 of which were devoted to the InfoSec area. She dealt with research in a number of application fields, from academia to industrial research, within SMEs (small and mid-size enterprises) and corporations, including Intel and Ericsson. As the author of 15 research papers and several books, Giuliana loves to make even difficult concepts entertaining and easy to grasp.
is a software engineer who has worked for both early-stage startups and large media giants such as the Financial Times. Throughout his career, he’s faced both the challenges of visually rich applications and the problems of distribution in microservices architectures. This has helped him find the balance between technology and business and see the benefits of clean code no matter the product.