Code Review

General approach to code review

• Style

  • many engineers focus on whether the style of PR(pull request) is consistent with an organisation, this regularly are marked as nits and there is agreement to disagree, unless there is company/community level style guide

  • there is one case when style of the code actually matters and it is when you can apply design pattern

  • Some so called patterns are anti-patterns and they are arguable between developers. You need strong arguments to vote for or against when you apply them. Some arguments will work in certain situations while they will be dismissible in other cases.

• Tests

  • most of code must be covered with test, no matter what code it is. You can do it for either backend, frontend or deployments.

  • Sometimes it might be difficult to implement tests for some parts of the system. However, always check if reviewee did manual testing of their stuff. Expect that described in pull request description.

  • Presence of tests does not imply that they are being run. Async tests?

  • If you do not understand the code then write your own and run the tests provided by PR's author. Either you will understand the code or you will simplify it.

  • Refactoring requires presence of tests.

Specific approach to code reiview

• when you are doing code review in a specific area (backend, etc.) then you need to search for engineering sins

C++ review

• memory leaks, exploding memory

• ineffective implementation:

  • bit masks

Backend review

• missing load tests

• missing table indexes will make queries slow over time

• inconsistent state of db

• deadlocks/livelocks

• race conditions

• proper handling of interruption signals in child threads

• lazy/eager evaluation compromise

• handling error codes from subprocess

• is logging present? metrics dispatch?

Frontend review

• missing load tests for APIs

• missing/incorrect authentication(authn)/authorization(authz)

• possibility of injection attack (e.g. SQL injection)

API Review

• load tests

• 
  

• https://cloud.google.com/apis/design

UI reivew

• Event driven model have potential infinite loops (cycles)

• Code was not tested on different platforms/devices which makes the app inaccessible

• Coherence with UI/UX design

• Storing external service API keys on client side

Deployments review

• missing health checks

• missing env-secret mappings

• host volumes vs persistent volumes

ML review

• missing information about performance metrics

Myths about good code review

• Design

  • It is questionable. Some people will claim that "certain code has great design", some will oppose that.

  • Code should be the simplest implementation that satisfies the tests. If it is not then you can questions that.

  • Design is not about the code, it is about satisfying project's functional and non-functional requirements.

  • Design is done before code is written.