SlideShare a Scribd company logo

On to code review lessons learned at microsoft

Michaela Greiler
Michaela Greiler

Keynote for QUATIC 2016 - the 10th International Conference on the Quality of Information and Communication Technology

Software
1 of 59
Download to read offline
On to code review: Lessons learned @ Microsoft Michaela Greiler
Team: Tools for Software Engineers (TSE) • Build • Code review • Testing • Static analysis • Branch health • Software Development Practices • Empirical Software Engineering 2
Tools for Software Engineers(*) • TSE’s mission is to shorten the development cycle without impacting quality • TSE’s customers are developers (*) http://research.microsoft.com/tse Ideas Build Product Measure Data Learn
Code reviewing @Microsoft • Do code reviews make a difference? • How do we ensure an effective and efficient review process? • Does each code change need a review? • Can we automate parts of code reviews? MSR Redmond/TSE: Michaela Greiler Jacek Czerwonka Wolfram Schulte Suresh Thummalapenta Kim Herzig MSR Redmond: Christian Bird Nachi Nagappan Thomas Zimmermann MSR Cambridge: Brendan Murphy 4
Code Review is Everywhere 5
Zoom in @ Microsoft 6
Code Reviews in Engineering Workflow Code Review • Select reviewers • Review • Check-in Coding • Version control • Branch/Packages • IDE & Dev Tools Local/Buddy Build • Unit testing Pre-checkin Validation • Private test env • Functional tests • Static analysis E2E Validation • Pre-prod deploy • Scenario tests • Build drop Deploy to Production • Deployment targets Production Validation • Watchdogs • Flighting Rolling/Official Build • Buid verification • Unit testing OUTER LOOP Check-in INNER LOOP Insights 7
Code review process 8
CodeFlow 10
Common code review steps: • Preparation of the code to be reviewed • Selection of reviewers • Notification of the selected reviewers or stakeholders • Feedback provided by reviewers • Iteration involving communication between the author and reviewer • Signoff by reviewers • Check-in of the code change to the target system 12
13
14
15
16
Code Review at Microsoft is Big • Great tool experience • Viral adoption • High user satisfaction • Natural tool consolidation • Data consolidation • 5.5M+ Code Reviews by all products since 2010 • Engineers spend more than 30 minutes a day in code reviews 17
Code Reviews Are Not Free Potential Benefits • More maintainable designs • More consistent code base • Knowledge sharing • Better awareness of changes • Additional defects found Potential Costs • Time spent by reviewers • Time spent by author addressing feedback • Time spent by change waiting in process 18
Monitoring and improvement • Several questions arise: • Is the time reviewing wise spend? • Do we find bugs in code reviews? • What is useful code review feedback? • Which issues are found during code review? • How long do engineers spend on a code review? • Which circumstances lead to more effective code reviews? • … • Drive tool improvement • New features • Tool integration • … 19
Seeking answers • Interview engineers • Perform ethnographical observations • Survey the engineers • Look at the data traces left by engineers Qualitative approach Quantitative approach 20
Mixed Method Research Is a research approach or methodology • for questions that call for real-life contextual understandings; • employing rigorous quantitative research assessing magnitude and frequency of constructs and • rigorous qualitative research exploring the meaning and understanding of constructs; DR. MARGARET-ANNE STOREY Professor of Computer Science University of Victoria All methods are inherently flawed! Generalizability Precision Realism 21
Data (trace) collection 22
• What is codemine? What data does codemine have? 23
• What is codemine? What data does codemine have? 24
Code Review Analytics Architecture More information? See article: Lessons Learned from Building and Deploying a Code Review Analytics Platform (Christian Bird, Trevor Carnahan,Michaela Greiler) Established in June 2012 as “Garage Project” • 200GB Raw (compressed) • 500GB Curated (compressed) • > 5000 Projects • > 5M Reviews by 50K Distinct Authors • > 8M Iterations • > 8M Review Participants • > 15M Comment Threads • Running in Microsoft Azure • Won 3 internal engineering awards • Funded by Tools for Software Engineers as part of Codemine 25
CodeFlow Analytics Project Leaderboard 26
A few studies on code reviews 27
Characteristics of Useful Code Reviews: An Empirical Study at Microsoft Amiangshu Bosu, Michaela Greiler, Christian Bird 28
“Was this an impactful review, a useful comment? You know, not just a comment, but did it result in a change that wouldn’t have been there before.” - Development Team Manager 29
Study Goals •Identify factors that impact feedback usefulness • Question: What makes a code review comment useful? •Recommendations for effectiveness improvements • What factors are related to usefulness feedback? 30
Methodology: Three Phases    Interview Developers Build Comment Classifier Quantitatively Investigate Factors 31
Asked author what makes code review comments useful Asked code review author to rate 20-25 comments ?  Phase 1: Interview Developers 32
Useful: Pointing out defects Validation issues Info about execution environments API/tool suggestions Team conventions Designs to follow Somewhat Useful: Code formatting Typos Questions that make code more comprehensible Not Useful: Comments not in the changed code Praise Future work/Not immediately actionable Which comments are useful? 33
Positive sentiment? Is status won’t fix? Is status won’t fix? Only one comment in thread? Change within one line? Third iteration? Is status closed? Not Useful Not Useful Not Useful Not Useful Useful Useful Useful Useful 85% Recall 89% Precision Phase 2: Build Comment Classifier 34
Phase 3: Investigated Factors of review effectiveness • Classified 1.5 million reviews • Related comment usefulness to: • Characteristics of the reviewer • Characteristics of the team • Characteristics of the change under review 35
• After four reviews of a file, a developer’s knowledge reaches mastery and plateaus • It takes between six months and a year to become a high quality reviewer at MS • Quality of feedback degrades when there are more twenty files in a change More results in the paper Phase 3: Investigated Factors of review effectiveness 36
Recommendations • Include new developers for training • Include experienced developers for useful feedback • Select reviewers based on their past history with the changed files • Avoid submitting large changes for review 37
Why do Code Review? “The human eye has an almost infinite capacity for not seeing what it does not want to see [...] Programmers, if left to their own devices will ignore the most glaring errors in the output -- errors that anyone else can see in an instant.” Weinberg 38
Code Reviews Do Not Find Bugs: How the Current Code Review Best Practice Slows Us Down Jacek Czerwonka, Michaela Greiler, Jack Tilford 39
Why Code Review? 40 Reason for Code Reviewing Rank Code improvement 1 Find defects 2 Increase knowledge transfer 3 Find alternative solutions 4 Improve the development process 5 Avoid breaking builds 6 Build team awareness 7 Shared code ownership 8 Team assessment 9
What do we achieve in practice? 41
Study: Comments Classification Adapted from : M. Mäntylä and C. Lassenius. What Types of Defects Are Really Discovered in Code Reviews? IEEE Transactions Software Engineering, 35(3):430–448, 2009 By: Amiangshu Bosu (U of Alabama), Michaela Greiler (TSE), Christian Bird (Microsoft Research Redmond), Characteristics of Useful Code Reviews: An Empirical Study at Microsoft (MSR 2015) 15% of all ~50% of all 42
Study: Code Review Usefulness Adapted from : M. Mäntylä and C. Lassenius. What Types of Defects Are Really Discovered in Code Reviews? IEEE Transactions Software Engineering, 35(3):430–448, 2009 By: Amiangshu Bosu (U of Alabama), Michaela Greiler (TSE), Christian Bird (Microsoft Research Redmond), Characteristics of Useful Code Reviews: An Empirical Study at Microsoft (MSR 2015) 43
Which challenges do developer face? 44
Observations, Interviews and Survey 45
Observations, Interviews and Survey Observations & Interviews • 4 teams • 18 develops/managers • Interviews during or shortly after code review (situated insights) • Witness interactions not visible in the trace data • Highlighting cultural and social issues 46
Observations, Interviews and Survey Observations & Interviews • 4 teams • 18 develops/managers • Interviews during or shortly after code review (situated insights) • Witness interactions not visible in the trace data • Highlighting cultural and social issues Follow-up Survey • Total Respondents: 911/4,300 • Years of Experience in the Software Industry: • 2+: 87% • 6+: 70% • 10+: 40 % • Time Employed at Microsoft • 2+ years: 72% • 6+ years: 43% • 10+ years: 17% • Experience Code Reviewing • 2-5 years: 80.3% • 10+: 22% 47
Challenges 48
“Usually you write up some code and then you send it out for review, and then about a day later you ping them to remind them... and then about half a day later you go to their office and knock on their door." (Participant 7) Getting feedback in a timely manner 49
Large reviews & understanding motivation and purpose of code “It's just this big incomprehensible mess... then you can't add any value because they are just going to explain it to you and you're going to parrot back what they say." (Participant 13) 50
Challenge during Code Reviewing Overall Rank Receiving feedback in a timely manner 1 Review size 2 Managing time constraints 3 Understanding the code's purpose 4 Understanding the motivations for the change 5 Obtaining insightful feedback 6 Bikeshedding (disputing minor issues) 7 Understanding how the change was implemented 8 Maintaining code quality 9 Reaching consensus 10 Finding relevant documentation 11 Managing communication channels 12 Identifying who to talk to 13 51
Best practices 52
Receive feedback in a timely manner 53 “Usually I try to get the person who I'm going to have review the thing to actually sit down and talk with them before I put out the code review'' (Participant 7)
Receiving Feedback in a timely manner & Managing time constraints • Author: • Aim for small, incremental changes • Allow reviewers to volunteer to perform a review • Notify potential reviewers in advance • Know when to skip a review • Run tests and analysis before • Reviewer: • Set dedicated but bounded time aside for the review • Review frequently, fewer changes but more often • Provide feedback as soon as possible 54
Better understanding. ddetter feedback. 55 “A bad reviewer tries to force their preference on you. A good code reviewer makes your code conform to certain principles, but not opinion" (Participant 4) “Typically [a good code review] has a good description of what the problem was, what the solution is, and if it's a big change, it has [documentation explaining] what it's doing and how it's integrated with everything else.“ (Participant 4) Better feedback.
Better understanding. Better feedback. • Author: • Aim for small, incremental changes • Cluster related changes and submit changes with context • Document the motivation • Select reviewers with the right expertise • Show gratitude & carefully consider feedback • Reviewer: • Use richer communication channels, e.g. face-to-face meetings • Use tools that provide traceability for non-contentious or sensitive issues • Give constructive and respectful feedback • Justify and explain the reasons for rejecting a change • Focus on core issues first 56
As an organization, establish a review policy that promotes: • Build a positive review culture that sets the tone for feedback • Ensure time spent reviewing is “counted" and “expected" • Watch for negative impacts of employee assessment or incentives • Ensure appropriate tools are used • Make sure tools integrate well • Ensure sufficient training (e.g. junior working alongside senior) • Develop, reflect on, and revise code reviewing policies and checklists. • Resolve bottlenecks • Identifying inappropriate or aggressive communication 57
Tool improvements • Enforce a reviewing workflow • Support finding right experts • Show test coverage of code under review • Automatic clustering of changes into groups of related entities • Automate feedback • Traceability support • Dashboards for metrics and pending reviews • Management for notifications • Integration with other communication tools 58
Tool integration • Trigger static analysis / inspect analysis output • Trigger testing / inspect test output • Overlay code with test coverage • Trigger builds / inspect build output • Automatic reviewer selection • Check-in code 59
Code review video (3:40) 60
Michaela Greiler @mgreiler www.michaelagreiler.com http://research.microsoft.com/tse 61 Challenge during Code Reviewing Rank Receiving feedback in a timely manner 1 Review size 2 Managing time constraints 3 Understanding the code's purpose 4

Recommended

Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Code Review
Code ReviewCode Review
Code ReviewMikalai Alimenkou
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualityDmytro Patserkovskyi
 
Code review
Code reviewCode review
Code reviewAleksey Solntsev
 
How to successfully grow a code review culture
How to successfully grow a code review cultureHow to successfully grow a code review culture
How to successfully grow a code review cultureNina Zakharenko
 
Devops and git basics
Devops and git basicsDevops and git basics
Devops and git basicsSourabh Saxena
 
API testing - Japura.pptx
API testing - Japura.pptxAPI testing - Japura.pptx
API testing - Japura.pptxTharindaLiyanage1
 
Clean architecture
Clean architectureClean architecture
Clean architecture.NET Crowd
 

Recommended

Code Review Best Practices
Code Review Best PracticesCode Review Best Practices
Code Review Best PracticesTrisha Gee
 
Code Review
Code ReviewCode Review
Code ReviewMikalai Alimenkou
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualityDmytro Patserkovskyi
 
Code review
Code reviewCode review
Code reviewAleksey Solntsev
 
How to successfully grow a code review culture
How to successfully grow a code review cultureHow to successfully grow a code review culture
How to successfully grow a code review cultureNina Zakharenko
 
Devops and git basics
Devops and git basicsDevops and git basics
Devops and git basicsSourabh Saxena
 
API testing - Japura.pptx
API testing - Japura.pptxAPI testing - Japura.pptx
API testing - Japura.pptxTharindaLiyanage1
 
Clean architecture
Clean architectureClean architecture
Clean architecture.NET Crowd
 
Jira fundamentals and bug tracking tool Guide
Jira fundamentals and bug tracking tool GuideJira fundamentals and bug tracking tool Guide
Jira fundamentals and bug tracking tool GuideMayank Solanki
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
The Art of Clean code
The Art of Clean codeThe Art of Clean code
The Art of Clean codeVictor Rentea
 
Getting Git
Getting GitGetting Git
Getting GitBrian Arnold
 
Code Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityCode Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityLuis Fraile
 
Trunk-Based Development and Toggling
Trunk-Based Development and TogglingTrunk-Based Development and Toggling
Trunk-Based Development and TogglingBryan Liu
 
SonarQube
SonarQubeSonarQube
SonarQubeGnanaseelan Jeb
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentMireia Sangalo
 
Clean code
Clean codeClean code
Clean codeifnu bima
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...Databricks
 
Code Review Tool Evaluation
Code Review Tool EvaluationCode Review Tool Evaluation
Code Review Tool EvaluationKate Semizhon
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
 
Coding standards
Coding standardsCoding standards
Coding standardsMark Reynolds
 
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Atlassian
 
Robot Framework Dos And Don'ts
Robot Framework Dos And Don'tsRobot Framework Dos And Don'ts
Robot Framework Dos And Don'tsPekka Klärck
 
Scrum and DevOps training
Scrum and DevOps trainingScrum and DevOps training
Scrum and DevOps trainingAlberto Gonzalez
 
Software development best practices & coding guidelines
Software development best practices & coding guidelinesSoftware development best practices & coding guidelines
Software development best practices & coding guidelinesAnkur Goyal
 
Agile code quality metrics
Agile code quality metricsAgile code quality metrics
Agile code quality metricsGil Nahmias
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...JeffCarver32
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisMikalai Alimenkou
 

More Related Content

What's hot

Jira fundamentals and bug tracking tool Guide
Jira fundamentals and bug tracking tool GuideJira fundamentals and bug tracking tool Guide
Jira fundamentals and bug tracking tool GuideMayank Solanki
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelinesLalit Kale
 
The Art of Clean code
The Art of Clean codeThe Art of Clean code
The Art of Clean codeVictor Rentea
 
Code Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityCode Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityLuis Fraile
 
Trunk-Based Development and Toggling
Trunk-Based Development and TogglingTrunk-Based Development and Toggling
Trunk-Based Development and TogglingBryan Liu
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentMireia Sangalo
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? Geeks Anonymes
 
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...Databricks
 
Code Review Tool Evaluation
Code Review Tool EvaluationCode Review Tool Evaluation
Code Review Tool EvaluationKate Semizhon
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
 
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Atlassian
 
Robot Framework Dos And Don'ts
Robot Framework Dos And Don'tsRobot Framework Dos And Don'ts
Robot Framework Dos And Don'tsPekka Klärck
 
Software development best practices & coding guidelines
Software development best practices & coding guidelinesSoftware development best practices & coding guidelines
Software development best practices & coding guidelinesAnkur Goyal
 
Agile code quality metrics
Agile code quality metricsAgile code quality metrics
Agile code quality metricsGil Nahmias
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
 

What's hot (20)

Jira fundamentals and bug tracking tool Guide
Jira fundamentals and bug tracking tool GuideJira fundamentals and bug tracking tool Guide
Jira fundamentals and bug tracking tool Guide
 
Code review guidelines
Code review guidelinesCode review guidelines
Code review guidelines
 
The Art of Clean code
The Art of Clean codeThe Art of Clean code
The Art of Clean code
 
Getting Git
Getting GitGetting Git
Getting Git
 
Code Security with GitHub Advanced Security
Code Security with GitHub Advanced SecurityCode Security with GitHub Advanced Security
Code Security with GitHub Advanced Security
 
Trunk-Based Development and Toggling
Trunk-Based Development and TogglingTrunk-Based Development and Toggling
Trunk-Based Development and Toggling
 
SonarQube
SonarQubeSonarQube
SonarQube
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Clean code
Clean codeClean code
Clean code
 
SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ? SonarQube - Should I Stay or Should I Go ?
SonarQube - Should I Stay or Should I Go ?
 
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
Behavior-Driven Development (BDD) Testing with Apache Spark with Aaron Colcor...
 
Code Review Tool Evaluation
Code Review Tool EvaluationCode Review Tool Evaluation
Code Review Tool Evaluation
 
SonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code Inspection
 
Coding standards
Coding standardsCoding standards
Coding standards
 
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
Code Review for Teams Too Busy to Review Code - Atlassian Summit 2010
 
Robot Framework Dos And Don'ts
Robot Framework Dos And Don'tsRobot Framework Dos And Don'ts
Robot Framework Dos And Don'ts
 
Scrum and DevOps training
Scrum and DevOps trainingScrum and DevOps training
Scrum and DevOps training
 
Software development best practices & coding guidelines
Software development best practices & coding guidelinesSoftware development best practices & coding guidelines
Software development best practices & coding guidelines
 
Agile code quality metrics
Agile code quality metricsAgile code quality metrics
Agile code quality metrics
 
Track code quality with SonarQube - short version
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short version
 

Similar to On to code review lessons learned at microsoft

Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...JeffCarver32
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisMikalai Alimenkou
 
Code reviews: a short introduction
Code reviews: a short introductionCode reviews: a short introduction
Code reviews: a short introductionFreekDB
 
Publish or Perish: Questioning the Impact of Our Research on the Software Dev...
Publish or Perish: Questioning the Impact of Our Research on the Software Dev...Publish or Perish: Questioning the Impact of Our Research on the Software Dev...
Publish or Perish: Questioning the Impact of Our Research on the Software Dev...Margaret-Anne Storey
 
Auditing Design Systems for Accessibility - Anna E. Cook
Auditing Design Systems for Accessibility - Anna E. CookAuditing Design Systems for Accessibility - Anna E. Cook
Auditing Design Systems for Accessibility - Anna E. CookWey Wey Web
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Maven Logix
 
Software engineering practices and software quality empirical research results
Software engineering practices and software quality empirical research resultsSoftware engineering practices and software quality empirical research results
Software engineering practices and software quality empirical research resultsNikolai Avteniev
 
Purpose Before Action: Why You Need a Design Language System
Purpose Before Action: Why You Need a Design Language SystemPurpose Before Action: Why You Need a Design Language System
Purpose Before Action: Why You Need a Design Language Systemcreckling
 
Spca2014 sp buy orbuild goedhart
Spca2014 sp buy orbuild goedhartSpca2014 sp buy orbuild goedhart
Spca2014 sp buy orbuild goedhartNCCOMMS
 
Software engineering -core topics
Software engineering -core topicsSoftware engineering -core topics
Software engineering -core topicsAmnah_Ch
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptxcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptxsarah david
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdfcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdfsarah david
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?Michaela Greiler
 
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...Lionel Briand
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
softwareengineeringpractice-141002214920-phpapp02 (1).pdf
softwareengineeringpractice-141002214920-phpapp02 (1).pdfsoftwareengineeringpractice-141002214920-phpapp02 (1).pdf
softwareengineeringpractice-141002214920-phpapp02 (1).pdfSanRock2
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextPerfecto by Perforce
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionJosh Gough
 

Similar to On to code review lessons learned at microsoft (20)

Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
Process Aspects and Social Dynamics of Contemporary Code Review: Insights fro...
 
Code Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysisCode Review tool for personal effectiveness and waste analysis
Code Review tool for personal effectiveness and waste analysis
 
Code reviews: a short introduction
Code reviews: a short introductionCode reviews: a short introduction
Code reviews: a short introduction
 
Publish or Perish: Questioning the Impact of Our Research on the Software Dev...
Publish or Perish: Questioning the Impact of Our Research on the Software Dev...Publish or Perish: Questioning the Impact of Our Research on the Software Dev...
Publish or Perish: Questioning the Impact of Our Research on the Software Dev...
 
Auditing Design Systems for Accessibility - Anna E. Cook
Auditing Design Systems for Accessibility - Anna E. CookAuditing Design Systems for Accessibility - Anna E. Cook
Auditing Design Systems for Accessibility - Anna E. Cook
 
Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening Capability Building for Cyber Defense: Software Walk through and Screening
Capability Building for Cyber Defense: Software Walk through and Screening
 
Software engineering practices and software quality empirical research results
Software engineering practices and software quality empirical research resultsSoftware engineering practices and software quality empirical research results
Software engineering practices and software quality empirical research results
 
Purpose Before Action: Why You Need a Design Language System
Purpose Before Action: Why You Need a Design Language SystemPurpose Before Action: Why You Need a Design Language System
Purpose Before Action: Why You Need a Design Language System
 
Code Reviews
Code ReviewsCode Reviews
Code Reviews
 
Spca2014 sp buy orbuild goedhart
Spca2014 sp buy orbuild goedhartSpca2014 sp buy orbuild goedhart
Spca2014 sp buy orbuild goedhart
 
Software engineering -core topics
Software engineering -core topicsSoftware engineering -core topics
Software engineering -core topics
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptxcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pptx
 
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdfcode_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
code_review_checklist_6_actions_to_improve_the_quality_of_your_reviews.pdf
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?
 
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
softwareengineeringpractice-141002214920-phpapp02 (1).pdf
softwareengineeringpractice-141002214920-phpapp02 (1).pdfsoftwareengineeringpractice-141002214920-phpapp02 (1).pdf
softwareengineeringpractice-141002214920-phpapp02 (1).pdf
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps Next
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous Inspection
 
software project management
software project managementsoftware project management
software project management
 

Recently uploaded

A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 

Recently uploaded (20)

A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 

On to code review lessons learned at microsoft

  • 1. On to code review: Lessons learned @ Microsoft Michaela Greiler
  • 2. Team: Tools for Software Engineers (TSE) • Build • Code review • Testing • Static analysis • Branch health • Software Development Practices • Empirical Software Engineering 2
  • 3. Tools for Software Engineers(*) • TSE’s mission is to shorten the development cycle without impacting quality • TSE’s customers are developers (*) http://research.microsoft.com/tse Ideas Build Product Measure Data Learn
  • 4. Code reviewing @Microsoft • Do code reviews make a difference? • How do we ensure an effective and efficient review process? • Does each code change need a review? • Can we automate parts of code reviews? MSR Redmond/TSE: Michaela Greiler Jacek Czerwonka Wolfram Schulte Suresh Thummalapenta Kim Herzig MSR Redmond: Christian Bird Nachi Nagappan Thomas Zimmermann MSR Cambridge: Brendan Murphy 4
  • 5. Code Review is Everywhere 5
  • 6. Zoom in @ Microsoft 6
  • 7. Code Reviews in Engineering Workflow Code Review • Select reviewers • Review • Check-in Coding • Version control • Branch/Packages • IDE & Dev Tools Local/Buddy Build • Unit testing Pre-checkin Validation • Private test env • Functional tests • Static analysis E2E Validation • Pre-prod deploy • Scenario tests • Build drop Deploy to Production • Deployment targets Production Validation • Watchdogs • Flighting Rolling/Official Build • Buid verification • Unit testing OUTER LOOP Check-in INNER LOOP Insights 7
  • 10. Common code review steps: • Preparation of the code to be reviewed • Selection of reviewers • Notification of the selected reviewers or stakeholders • Feedback provided by reviewers • Iteration involving communication between the author and reviewer • Signoff by reviewers • Check-in of the code change to the target system 12
  • 11. 13
  • 12. 14
  • 13. 15
  • 14. 16
  • 15. Code Review at Microsoft is Big • Great tool experience • Viral adoption • High user satisfaction • Natural tool consolidation • Data consolidation • 5.5M+ Code Reviews by all products since 2010 • Engineers spend more than 30 minutes a day in code reviews 17
  • 16. Code Reviews Are Not Free Potential Benefits • More maintainable designs • More consistent code base • Knowledge sharing • Better awareness of changes • Additional defects found Potential Costs • Time spent by reviewers • Time spent by author addressing feedback • Time spent by change waiting in process 18
  • 17. Monitoring and improvement • Several questions arise: • Is the time reviewing wise spend? • Do we find bugs in code reviews? • What is useful code review feedback? • Which issues are found during code review? • How long do engineers spend on a code review? • Which circumstances lead to more effective code reviews? • … • Drive tool improvement • New features • Tool integration • … 19
  • 18. Seeking answers • Interview engineers • Perform ethnographical observations • Survey the engineers • Look at the data traces left by engineers Qualitative approach Quantitative approach 20
  • 19. Mixed Method Research Is a research approach or methodology • for questions that call for real-life contextual understandings; • employing rigorous quantitative research assessing magnitude and frequency of constructs and • rigorous qualitative research exploring the meaning and understanding of constructs; DR. MARGARET-ANNE STOREY Professor of Computer Science University of Victoria All methods are inherently flawed! Generalizability Precision Realism 21
  • 21. • What is codemine? What data does codemine have? 23
  • 22. • What is codemine? What data does codemine have? 24
  • 23. Code Review Analytics Architecture More information? See article: Lessons Learned from Building and Deploying a Code Review Analytics Platform (Christian Bird, Trevor Carnahan,Michaela Greiler) Established in June 2012 as “Garage Project” • 200GB Raw (compressed) • 500GB Curated (compressed) • > 5000 Projects • > 5M Reviews by 50K Distinct Authors • > 8M Iterations • > 8M Review Participants • > 15M Comment Threads • Running in Microsoft Azure • Won 3 internal engineering awards • Funded by Tools for Software Engineers as part of Codemine 25
  • 24. CodeFlow Analytics Project Leaderboard 26
  • 25. A few studies on code reviews 27
  • 26. Characteristics of Useful Code Reviews: An Empirical Study at Microsoft Amiangshu Bosu, Michaela Greiler, Christian Bird 28
  • 27. “Was this an impactful review, a useful comment? You know, not just a comment, but did it result in a change that wouldn’t have been there before.” - Development Team Manager 29
  • 28. Study Goals •Identify factors that impact feedback usefulness • Question: What makes a code review comment useful? •Recommendations for effectiveness improvements • What factors are related to usefulness feedback? 30
  • 29. Methodology: Three Phases    Interview Developers Build Comment Classifier Quantitatively Investigate Factors 31
  • 30. Asked author what makes code review comments useful Asked code review author to rate 20-25 comments ?  Phase 1: Interview Developers 32
  • 31. Useful: Pointing out defects Validation issues Info about execution environments API/tool suggestions Team conventions Designs to follow Somewhat Useful: Code formatting Typos Questions that make code more comprehensible Not Useful: Comments not in the changed code Praise Future work/Not immediately actionable Which comments are useful? 33
  • 32. Positive sentiment? Is status won’t fix? Is status won’t fix? Only one comment in thread? Change within one line? Third iteration? Is status closed? Not Useful Not Useful Not Useful Not Useful Useful Useful Useful Useful 85% Recall 89% Precision Phase 2: Build Comment Classifier 34
  • 33. Phase 3: Investigated Factors of review effectiveness • Classified 1.5 million reviews • Related comment usefulness to: • Characteristics of the reviewer • Characteristics of the team • Characteristics of the change under review 35
  • 34. • After four reviews of a file, a developer’s knowledge reaches mastery and plateaus • It takes between six months and a year to become a high quality reviewer at MS • Quality of feedback degrades when there are more twenty files in a change More results in the paper Phase 3: Investigated Factors of review effectiveness 36
  • 35. Recommendations • Include new developers for training • Include experienced developers for useful feedback • Select reviewers based on their past history with the changed files • Avoid submitting large changes for review 37
  • 36. Why do Code Review? “The human eye has an almost infinite capacity for not seeing what it does not want to see [...] Programmers, if left to their own devices will ignore the most glaring errors in the output -- errors that anyone else can see in an instant.” Weinberg 38
  • 37. Code Reviews Do Not Find Bugs: How the Current Code Review Best Practice Slows Us Down Jacek Czerwonka, Michaela Greiler, Jack Tilford 39
  • 38. Why Code Review? 40 Reason for Code Reviewing Rank Code improvement 1 Find defects 2 Increase knowledge transfer 3 Find alternative solutions 4 Improve the development process 5 Avoid breaking builds 6 Build team awareness 7 Shared code ownership 8 Team assessment 9
  • 39. What do we achieve in practice? 41
  • 40. Study: Comments Classification Adapted from : M. Mäntylä and C. Lassenius. What Types of Defects Are Really Discovered in Code Reviews? IEEE Transactions Software Engineering, 35(3):430–448, 2009 By: Amiangshu Bosu (U of Alabama), Michaela Greiler (TSE), Christian Bird (Microsoft Research Redmond), Characteristics of Useful Code Reviews: An Empirical Study at Microsoft (MSR 2015) 15% of all ~50% of all 42
  • 41. Study: Code Review Usefulness Adapted from : M. Mäntylä and C. Lassenius. What Types of Defects Are Really Discovered in Code Reviews? IEEE Transactions Software Engineering, 35(3):430–448, 2009 By: Amiangshu Bosu (U of Alabama), Michaela Greiler (TSE), Christian Bird (Microsoft Research Redmond), Characteristics of Useful Code Reviews: An Empirical Study at Microsoft (MSR 2015) 43
  • 42. Which challenges do developer face? 44
  • 44. Observations, Interviews and Survey Observations & Interviews • 4 teams • 18 develops/managers • Interviews during or shortly after code review (situated insights) • Witness interactions not visible in the trace data • Highlighting cultural and social issues 46
  • 45. Observations, Interviews and Survey Observations & Interviews • 4 teams • 18 develops/managers • Interviews during or shortly after code review (situated insights) • Witness interactions not visible in the trace data • Highlighting cultural and social issues Follow-up Survey • Total Respondents: 911/4,300 • Years of Experience in the Software Industry: • 2+: 87% • 6+: 70% • 10+: 40 % • Time Employed at Microsoft • 2+ years: 72% • 6+ years: 43% • 10+ years: 17% • Experience Code Reviewing • 2-5 years: 80.3% • 10+: 22% 47
  • 47. “Usually you write up some code and then you send it out for review, and then about a day later you ping them to remind them... and then about half a day later you go to their office and knock on their door." (Participant 7) Getting feedback in a timely manner 49
  • 48. Large reviews & understanding motivation and purpose of code “It's just this big incomprehensible mess... then you can't add any value because they are just going to explain it to you and you're going to parrot back what they say." (Participant 13) 50
  • 49. Challenge during Code Reviewing Overall Rank Receiving feedback in a timely manner 1 Review size 2 Managing time constraints 3 Understanding the code's purpose 4 Understanding the motivations for the change 5 Obtaining insightful feedback 6 Bikeshedding (disputing minor issues) 7 Understanding how the change was implemented 8 Maintaining code quality 9 Reaching consensus 10 Finding relevant documentation 11 Managing communication channels 12 Identifying who to talk to 13 51
  • 51. Receive feedback in a timely manner 53 “Usually I try to get the person who I'm going to have review the thing to actually sit down and talk with them before I put out the code review'' (Participant 7)
  • 52. Receiving Feedback in a timely manner & Managing time constraints • Author: • Aim for small, incremental changes • Allow reviewers to volunteer to perform a review • Notify potential reviewers in advance • Know when to skip a review • Run tests and analysis before • Reviewer: • Set dedicated but bounded time aside for the review • Review frequently, fewer changes but more often • Provide feedback as soon as possible 54
  • 53. Better understanding. ddetter feedback. 55 “A bad reviewer tries to force their preference on you. A good code reviewer makes your code conform to certain principles, but not opinion" (Participant 4) “Typically [a good code review] has a good description of what the problem was, what the solution is, and if it's a big change, it has [documentation explaining] what it's doing and how it's integrated with everything else.“ (Participant 4) Better feedback.
  • 54. Better understanding. Better feedback. • Author: • Aim for small, incremental changes • Cluster related changes and submit changes with context • Document the motivation • Select reviewers with the right expertise • Show gratitude & carefully consider feedback • Reviewer: • Use richer communication channels, e.g. face-to-face meetings • Use tools that provide traceability for non-contentious or sensitive issues • Give constructive and respectful feedback • Justify and explain the reasons for rejecting a change • Focus on core issues first 56
  • 55. As an organization, establish a review policy that promotes: • Build a positive review culture that sets the tone for feedback • Ensure time spent reviewing is “counted" and “expected" • Watch for negative impacts of employee assessment or incentives • Ensure appropriate tools are used • Make sure tools integrate well • Ensure sufficient training (e.g. junior working alongside senior) • Develop, reflect on, and revise code reviewing policies and checklists. • Resolve bottlenecks • Identifying inappropriate or aggressive communication 57
  • 56. Tool improvements • Enforce a reviewing workflow • Support finding right experts • Show test coverage of code under review • Automatic clustering of changes into groups of related entities • Automate feedback • Traceability support • Dashboards for metrics and pending reviews • Management for notifications • Integration with other communication tools 58
  • 57. Tool integration • Trigger static analysis / inspect analysis output • Trigger testing / inspect test output • Overlay code with test coverage • Trigger builds / inspect build output • Automatic reviewer selection • Check-in code 59
  • 58. Code review video (3:40) 60
  • 59. Michaela Greiler @mgreiler www.michaelagreiler.com http://research.microsoft.com/tse 61 Challenge during Code Reviewing Rank Receiving feedback in a timely manner 1 Review size 2 Managing time constraints 3 Understanding the code's purpose 4