In software development, the code review process stands as a crucial checkpoint for ensuring code quality, fostering collaboration, and promoting knowledge sharing among team members. Despite the importance, many engineers lack a clear mental map of how effective reviews work. This is my attempt to ...
Whether you're steering an open source project or leading full-time a software development team, the key to maximizing productivity lies in efficient code reviews.
I think a lot of these are opinions stated as facts.
The nitpicking one seems to be using a different definition of "nitpick". To me, a nitpick is to pick on something entirely meaningless (eg. Fullstops at end of comments, slight incorrect variable names, code alignment). If i see a review full of those I assume the reviewer skipped the correctness checks, and phoned in the review.
The git push --force is definitely a controversial suggestion, im personally happy with doing that, but I have also personally accidentally force pushed dev/main and seen others do it. Squash on merge is probably a safer habit to have. Also, gitlab and bitbucket both get a bit confused if you forcepush to a branch that is part of a MR.
Reviewer fixing problems is also situational. For open source stuff, if you rely on the submitter, youll frequently jusy end up with an abandonned PR. For team stuff, the original author may have already moved on to another ticket, so pushing it back may stretch out the development cycle and cause the code to become stale, and potentially unmergable. Our solution is to just communicate. "This is wrong, I am going to fix and merge. Cool?"
The article is very light on how to actually review for correctness, which in my experience is the thing people struggle with most.
Things to look for (Non-exhaustive):
C: Allocations, and deallocations.
Are there leaks in any codepaths?
Are scopes used correctly?
API usage: return values checked? API called correctly? Safe API should be used over unsafe
Thread safety: Are there locks? If yes, focus on these paths, locks are hard to get right. If not, is there anything that should be protected? Some APIs are not threadsafe.
Loops: Are bounds correct, do they terminate correctly.
Comments: Do the match the code? Do they add value? (This is subjective, and down to team preferences)
The git push --force is definitely a controversial suggestion, im personally happy with doing that, but I have also personally accidentally force pushed dev/main and seen others do it. Squash on merge is probably a safer habit to have. Also, gitlab and bitbucket both get a bit confused if you forcepush to a branch that is part of a MR.
You can add branch protections that will prevent you from accidental force pushing to main or dev.
IMO when I see a PR with "WIP" commits, I just assume that minimal effort was put into keeping the commits organized, and I squash all commits to review the PR. If I see many meaningful commit messages, I will try reviewing one commit at a time.
When I make a PR, I force push to keep my commits organized. If there are changes I want to make as a result of feedback, and they would create significant churn to rebase all of the patches, then I will apply the feedback in a follow-up commit.
I do almost exactly that workflow as well, but I just know its bitten me before. Protecting main/dev is fine, but I have also accidentally force pushed to the wrong branch and wiped out its work as well.
Yeah, or sprint to your colleague and ask them to force push their branch again :D
Another tactic for for getting clean git commits is to do all your messy commit work in a scratch branch, and then when your happy, create a new branch, and with meld, organise your changes into complete logical commits. We do that a little bit.
You listed points for technical implementation correctness. Depending on context, a review is also an important evaluation or confirmation of intention and concept correctness, and of correct conclusive reasoning (in finding reasonable solutions in an ambiguous and diffuse problem and solution space).