SubMain.com
YouTube
RSS

CodeIt.Right

Home Category: CodeIt.Right (Page 4)
Code review vs pair programming (as shown here): which should your team pick?

Code Review vs Pair-Programming: Which One Should Your Team Pick?

Carlos Schults3 Comments

Some weeks ago, I was browsing Twitter when I saw this:

This prompted a brief discussion between the author and me. He made good arguments, but I left unconvinced that pair programming was the obvious winner.

As someone who’s implemented code review with success and also paired to some extent, I could see how both practices can be valuable. But is one of them clearly better than the other? Are code review and pair programming interchangeable, or are there scenarios in which one clearly shines?

That’s what I’m going to answer today. Let’s dive in.

(more…)

Released: CodeIt.Right v3.2

Serge BaranovskyNo Comments

A new CodeIt.Right update is available now – version v3.2 – includes VS2017 performance improvements, minor enhancements, and bug fixes:

  • Resolved: Improved performance loading solutions in VS2017 by moving it to an async thread
  • Resolved: Code quality hints now showing up correctly in VS2010-2015 Editor
  • Resolved: DoNotCatchSpecifiedExceptionTypes rule in VB now works correctly when the Catch clause has a When section
  • Resolved: Exception when “Analyze checked out files” is ON and a source file renamed or removed from disk
  • Resolved: AsyncMethodShouldHaveAwaitStatement rule no longer shows a violation when the await statement is on right side of assignment
  • Resolved: Now don’t run new version check when in Debug mode
  • Added: Support for StyleCop VSIX v5.0

For the complete and detailed list of the v3.2 changes see What’s New in CodeIt.Right v3.0

How do I try it?

Download the v3.0 at http://submain.com/download/codeit.right/

Feedback is what keeps us going!

Let us know what you think of the new version here – http://submain.com/support/feedback/

 

CodeIt.Right Rules Explained, Part 12

CodeIt.Right Rules Explained, Part 12

Erik Dietrich1 Comment

This week, we bring you another post in the CodeIt.Right Rules Explained series.  In case this is new for you, with each post in the series, I take you through three CodeIt.Right rules in detail.  CodeIt.Right is an automated code review tool, making use of static code analysis.

As I always do with these posts, I’ll start with two solid rules of thumb for static analysis.

  • Never implement a suggested fix without knowing what makes it a fix.
  • Never ignore a suggested fix without understanding what makes it a fix.

And, as I always do, I’ll explain that I don’t phrase it this way to play some sort of game.  You might wonder why I don’t just tell you to learn every suggested fix and call it a day.

Well, I phrase it this way to make it clear that you face a specific choice each and every time you encounter an analysis warning: fix it or ignore it.  And when you make that choice, you should make it for the right reasons.  “I don’t know what this means,” isn’t the right reason.  I also approach it this way because trying to learn all of the rules at once would prove extremely daunting.

So let’s dive deep into understanding another three rules today.

(more…)

An entire large team arguing over the coding standard.

What’s Your Worst Experience with a Coding Standard?

Erik Dietrich9 Comments

I remember the first time I encountered GhostDoc.  It was an oasis in a professional desert of soul-sucking conformity.

Okay, wait. Let me back up and explain.

I was working in a custom app dev shop at the time.  While working there, I worked on an assortment of apps, big and small, and I delivered to an assortment of clients, big and small.  Some had their own internal maintenance devs, and some did not.  And yet, in spite of this disjoint, hodgepodge arrangement, the company maintained a single and relatively involved coding standard for dozens of folks on dozens of projects.

The “Professional” Coding Standard

Most aspects of the standard were unremarkable and understandable.  So, on the whole, this didn’t bother me.  But there was an edict floating around in there that said every method and class, no matter what, needed XML doc comments.

This applied to code being maintained by client developers and to code that nobody would ever look at again.  It applied to both API deliverables and to GUI crud apps that nobody would touch again.  Why comment everything in this fashion, no matter what?  Because it makes us “look professional,” that’s why.

Ugh.

And so I found myself laboriously going back and brainlessly adding comments to dozens of files.  You see, I hadn’t known about this standard when I started, so I didn’t bother commenting this forms-over-data thing for which we weren’t even delivering source code.  So I had a lot of “work” to do.

Initially, I contemplated writing my own commenting engine.  I honestly think I could have done that in less time than it would take to hand comment.  But then I figured something like this had to exist already, and my search led me quickly to GhostDoc.

Once I discovered that, I sprayed my code with comments like an exterminator taking care of an ant problem.  Then I called it a day.

As I’ve discussed previously, this is NOT how I’d use GhostDoc today or how I’d approach commenting in general.  But it got the “job” done, and the powers that be considered “my” comments completely acceptable.  Project finished.

(more…)

CodeIt.Right Rules Explained, Part 11

Erik DietrichNo Comments

It’s time for another post in the CodeIt.Right Rules Explained series.  I daresay it’s becoming a pretty predictable post series, with a pretty predictable cadence.  And that’s a good thing!  CodeIt.Right offers automated code review, and this series of blog posts gives you a detailed tour of the what and also the why of the code review rules.

As has become custom, I’ll start with two solid rules of thumb for static analysis.

  • Never implement a suggested fix without knowing what makes it a fix.
  • Never ignore a suggested fix without understanding what makes it a fix.

Every month, I explain that I don’t phrase it this way to play some sort of game.  After all, I could just declare that everyone should learn every suggested rule and be done with it.  But I phrase it this way to make it clear that you face a specific choice each and every time you encounter an analysis warning: fix it or ignore it.  And when you make that choice, you should make it for the right reasons.  “I don’t know what this means,” isn’t the right reason.

So let’s dive deep into understanding another three rules today.

(more…)

You don't need a code review template like the one shown here.

You Don’t Need a Code Review Template

Erik Dietrich1 Comment

What do you have in mind when you search or hope for a code review template?  I’ll bet I can guess.

You’re looking for something to guide you through the process.  In your mind, this probably takes the form of a worksheet of some kind.  The appropriate document should have a checklist of items for you to tick off and perhaps some free-form text spaces for you to make notes.  It will also guide you through the process in general.

I get it.  But you really don’t need this, even though it seems perfectly reasonable and inviting.

The Actual Life of a Code Review Template

Before I dive into the meat of why you don’t need this document, let me talk about what will happen to it when you acquire it.

First, you’ll go searching and find something like this.  Then you’ll find a few more of those and put it together into your own list.  It will include items like the following:

  • Each method should have a clear responsibility.
  • Each method should also have no more than three parameters.
  • Close any connections you open and dispose of any resources that need disposing.

And so on.

You’ll put this document together, and then you’ll stick it on your group’s SharePoint site, where everyone can see it and add to it if need be.  “It’s a living document,” you’ll assure everyone.

Your brand-new code review process will get off to a good start, with people participating and faithfully following the code review template.  They’ll check the checkboxes, fill out the text for the questions, and generate adjustments to the code where needed.  For a while, anyway.

But where you’d eventually expect the efficiency of these reviews to improve, the opposite happens.  The document grows. Code reviews get longer and more mind-numbing, and people start to hate them.  Then, they start to avoid them altogether, when possible.  The group’s collective dissatisfaction eventually leads to an overhaul of the process.

And the code review template sits there on SharePoint, untouched, like a digital fossil.

(more…)

CodeIt.Right Rules Explained, Part 10

CodeIt.Right Rules Explained, Part 10

Erik Dietrich1 Comment

Like any good habit, I’ve settled into a cadence with the CodeIt.Right Rules Explained posts.  They’re coming about once per month or so, and each one offers a deep dive into three of CodeIt.Right’s rules.  As always, I’ll start by citing my two personal rules about static analysis, along with a brief explanation.

  • Never implement a suggested fix without knowing what makes it a fix.
  • Never ignore a suggested fix without understanding what makes it a fix.

This isn’t a rhetorical game.  I could condense the statements and say “learn the reasoning behind all suggested fixes.”  But I say it the way that I do to call your attention to a decision that you face when it comes to static analysis warnings.  Every time you encounter a warning, you must either choose to ignore the feedback or to address it.  And regardless of which you chose, you should really understand the logic behind the suggestion.  Otherwise, how can you possibly make the right call?

In that spirit, I’m going to offer up explanations for yet another three CodeIt.Right rules today.

(more…)

Using CodeIt.Right at Scale on Large Codebases

Using CodeIt.Right at Scale on Large Codebases

Erik DietrichNo Comments

If you’ve worked with Visual Studio for any length of time, you’ve probably noticed an inverse relationship between convenience and performance.  Visual Studio is powerful on its own.  And it gets a whole lot more powerful once you start adding plugins.  But sometime between that clean Visual Studio install and your 20th helpful plugin, a noticeable slowdown occurs.  The user experience starts to suffer.

Of course, this isn’t unique to Visual Studio.  It applies to pretty much anything with a plugin ecosystem, such as a WordPress website or your browser.  In all of these cases, you have to weigh the value of the plugin against the performance hit you suffer.  But in the world of Visual Studio plugins, you often have more and better options than just disabling the plugins.  You can manage them.

This is true of CodeIt.Right, SubMain’s automated code review tool.  With a tool that provides code analysis, you might think your only lever to pull comes from turning warnings on and off.  Not so.  CodeIt.Right supports the concept of profiles, which let you set up different sets of rules to execute at different times.  And this can really help the efficiency of your development efforts.

The Rationale for Profiles

Over the years, I’ve helped a lot of shops adopt the practice of automated unit tests.  One of the most critical pieces of advice I give often surprises people initially.  I tell them that a fast test suite is absolutely critical.  And I’m far from alone in giving this advice.

Now, this may seem obvious in a sense.  All things being equal, faster is, of course, better.  But I go so far as to argue that your unit test suite becomes extremely ineffective if it takes a while.  In fact, a long-running test suite becomes nearly useless.  Why?  Because it actively discourages people from using it.  If your unit test suite takes minutes or even hours to run, how frequently will you really run it?

You hear about this a lot in the context of unit testing — not as much in other situations.  But it’s just as important elsewhere.  If your automated code review tool takes a long time to run, people will stop running it.  This isn’t laziness on their part.  Quite the contrary, in fact.  They stop running it because it slows them down and prevents them from getting their work done.

So to get the most out of a tool like this, it’s extremely important that you pay close attention to how efficiently you’re using it.  The world of automated unit tests has the notion of a “test pyramid,” in which you have quick tests that you run all of the time and longer running ones that you run less frequently.  Let’s take a look at different strategies for achieving the same thing with CodeIt.Right.  How can you segment your analysis to get the best of both worlds: speed and thoroughness?

(more…)

CodeIt.Right Rules, Explained 9

CodeIt.Right Rules Explained, Part 9

Erik DietrichNo Comments

In what has become roughly a monthly affair, I’ll do another CodeIt.Right Rules Explained post today.  This marks the ninth such post and roughly nine months of the series.  In a now-familiar refrain, I’ll start off by citing my two personal rules about static analysis followed by a brief explanation.

  • Never implement a suggested fix without knowing what makes it a fix.
  • Never ignore a suggested fix without understanding what makes it a fix.

It might seem I’m playing rhetorical games here.  After all, I could condense this to say “learn the reasoning behind all suggested fixes.”  But I say it the way that I do to call your attention to a decision that you face when it comes to static analysis warnings.  Every time you encounter a warning, you must either choose to ignore the feedback or to address it.  And regardless of which you chose, you should really understand the logic behind the suggestion.  Otherwise, how can you possibly make the right call?

In that spirit, I’m going to offer up explanations for another three CodeIt.Right rules today.

Avoid Unsealed Attributes

Let’s start off with something conceptually easy to understand, at least in terms of the problem.  You’ve no doubt encountered the attribute construct before, whether you realize it or not.  Here’s a quick code example.

[TestMethod]
public void Adding_10_And_15_Returns_25()
{
    var calculator = new Calculator();

    int result = calculator.Add(10, 15);

    Assert.AreEqual<int>(25, result);
}

That thing at the very top?  TestMethod?  That’s called an attribute.

In .NET, attributes amount to declarative metadata about the code element they describe.  For instance, we use the attribute in the code sample to declare that this is a test method.  You write this code to opt into the MS Test framework.  The framework then looks for that attribute and treats any method decorated with it as a unit test method.

How do you get access to this magic?  Let’s look at a trivial, ridiculous, and hopefully memorable example.  First, I declare the attribute.

public class ApprovedByErikAttribute : Attribute
{

}

With that on the books, I can now meander through the codebase, making my opinion felt.  Let’s say I encounter a class called Circle.  It’s a bit simplistic, but it’s off to a good start.  I approve this class!  Let’s let everyone know.

[ApprovedByErik]
public class Circle
{
    private readonly int _radius;

    public Circle(int radius)
    {
        _radius = radius;
    }
}

Alright, everything looks great here.  Except I run a CodeIt.Right analysis on this and I see a warning: “avoid unsealed attributes.”  Well, inheritance is certainly less fashionable these days, but CodeIt.Right flags this as a performance issue.  What gives?

Well, you access this attribute metadata via reflection, which, as it turns out, is expensive in and of itself.  You have to pay the piper for this magic.  But doing this with unsealed attributes is even more expensive since the .NET framework methods for accessing attribute information search the entire inheritance hierarchy by default.  Sealing your class basically tells them not to bother looking any further.  It’s also a really easy fix: just add the keyword “sealed” to your attribute class and call it a day.

Avoid Excessive Complexity

Let’s change gears here and switch over to a CodeIt.Right rule under the heading “maintainability.”  This one counsels you to “avoid excessive complexity,” and I won’t include a code sample here.  Why?  Because in order to do that, I’d have to come up with a ridiculous method that would take up half of the space of this post.  I’ll come back to that, though.

When CodeIt.Right refers here to “complexity,” it’s not offering some vague, subjective take.  Rather, it refers to something measurable and specific.  I’m talking about the idea of cyclomatic complexity.  Cyclomatic complexity measures the number of independent paths through a method.  So if you have a method that just returns the sum of two integers, then you have cyclomatic complexity of one.  But if you add a guarding if condition, you now have a cyclomatic complexity of two.

To conceptualize the idea, think in terms of control flow logic.  If and else conditionals add to a method’s cyclomatic complexity.  So do while loops, for loops, ternary operators, and switch statements.  The more decision logic occurring in a method, triggering different ways to step through it, the higher the cyclomatic complexity.

Out of the box, CodeIt.Right will flag methods with cyclomatic complexity of more than 25.  That means it will flag any methods with more than 25 independent paths through them.  Make no mistake — that is an insanely complex method that will cause you maintenance headaches.  And now you can understand why I wouldn’t want to dream up and post such a thing.  It’d just be a tortured rat’s nest of nested loops, conditionals, and perhaps even some goto logic for good measure.

Enforce Warning Level 4

Last up today, let’s look at something a bit off the beaten path.  This falls under the heading of “general” in CodeIt.Right’s rule categorizations.  And it speaks to properties of your project, rather than of your code.

If you right click a project in Visual Studio and select “project properties” (or use keyboard shortcut alt + enter), you get a screen that lets you modify aspects of the project itself.  Select the “build” tab, and you can modify settings about how MS Build compiles the project.  Of interest today, we have the “Warning Level” setting under “Errors and warnings,” as shown here.

By default, your projects come with warning level 4 pre-selected.  And 4 is also the highest level of warnings.  You can check out the details of each warning level here.

The warning messages to which it refers show up in your “errors” window when you build your project.  That window will show you any compiler errors, but also compiler warnings, such as unreachable code or unused variables.

When you select something less than 4, you’re telling your build to show you fewer warning messages.  If you go all the way down to 0, you’re telling it show you no warnings at all: “If you’re technically able to build this, then build it and tell me nothing.”  CodeIt.Right warns you about this practice because it’s generally a bad idea to ignore compiler warnings.  The vast majority of the time, they’re warning you about something legitimately wrong with your code.

If, on occasion, the compiler warning system yields some false negatives, you have other recourse to ignore them.  You don’t need to engage in blanket disabling.  CodeIt.Right warns you about this course of action because it’s almost certainly overkill for what you want to accomplish.

Until Next Time

I’ve tried to offer yet another eclectic mix of code issues in this post.  I started with a lesser known bit about defining your own attributes that actually relates to performance.  Then I took you through the general issue of high cyclomatic complexity and wound up with a general suggestion not to ignore wholesale warnings in your codebase.

And that last bit of advice, in fact, parallels my general advice on static analysis.  The compiler is yet another form of static analyzer, and you should probably heed its advice or else have a very, very good reason not to.

Learn more how CodeIt.Right can help you automate code reviews and improve the quality of your code.

Some styles of code analyzer make use of the abstract syntax tree.

The Different Styles of the Code Analyzer

Erik DietrichNo Comments

Perhaps you’ve heard of the concept of a source code analyzer before.   I expect that many reading have, at least in passing.  But I’d also be willing to bet that the term strikes you as somewhat vague and that everyone reading will picture slightly different things when they hear the term.  So today I’ll do what I can to clear that vagueness up.

Static Code Analyzer: the Backstory

Let’s start with origin and motivation.  As software developers, we automate things for a living.  This gives us the unique ability not only to make others more efficient at doing their jobs but also to turn this same idea on our own work.  We constantly seek to automate our own processes.

The code analyzer represents this exact idea.  Boiled down to its essence, you can think of it quite simply.  I’ll give a hypothetical example.  Say you spend a lot of time looking through your code, making sure that all methods and properties have Pascal casing.  As you waste another hour doing this, it occurs to you that you could probably write a program to do it automatically, taking your source files as input.  And it then occurs to you that such a program would actually be better and more efficient than you at this task.  Well, you’ve just conceived of the static code analyzer, if a very rudimentary one.

Code analyzers emerged as a result of this exact sentiment.  In the late 1970s, engineers at Bell Labs created a utility called Lint.  Its mission?  To parse C code, looking for “likely bugs.”  This concept had such a profound effect on the industry and such staying power that you’ve undoubtedly heard about a “linter” for your language of choice.  These all descended, conceptually, from this original built nearly four decades ago.

The Proliferation of Code Analyzers

During the time between the release of the original Lint and now, the code analyzer has evolved considerably.  Lint and similar programs were known as “first generation” static analyzers.  These are characterized by usefulness, but also by suffering from problems of low signal-to-noise ratio.

Years later, as processing power improved considerably, the second generation of static code analyzer emerged.  In the second generation, tools stopped treating the source code as simply text.  Instead, these tokenized the code and stored it in semantically contextual representations.  In other words, these tools grokked the source code.  And they used this understanding to do much more sophisticated vulnerability analyses.  But while this cut down considerably on the signal-to-noise ratio problems, it didn’t scale terribly well.

As processing power continued to grow by leaps and bounds, a third generation emerged.  This generation used abstract syntax trees, better hardware, and more nuanced heuristic approaches to do deeper analysis than generation 1, and with better scale than generation 2.  And it’s these third generation tools with which you are familiar.

These generations, however, represent a fairly shallow categorization in and of themselves.  They address the advancing state of the art, but not the breadth of tools that we have at our disposal.  Today’s static code analyzer has different flavors, and I’ll speak to some of those here.  With an industry full of people looking to automate as much as possible, it should come as no surprise that a diverse ecosystem of code analysis options has emerged.

(more…)

Menu