Merken

Automatic code reviews

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
In this session we have a call telling us about automatic code reviews which I'm very interested in college the refugee from Java and works as a system administrator so if you all please make how feel very welcome if if if he won the so welcome to my talk which is
about automatic produce this is the long title which they would let me put on the program uh the general gist of this is that this really really cool tools out there and that people are willing to put a little bit of effort you can really get a lot of benefit from static analysis and warnings before become problems in production so it's traditional the cell slide about me and I am the system administrator comes software janitor accurate which means that do
apart from panicking about Open SSL I also do things like continuous integration kinds all continues to fall kind and as a side project around landscape that which I'll come to in a 2nd and then I can e-mail Twitter get so landscape is um code
abuse in automatic and static analysis is a service and the idea is that if it's really super easy like you can click with unit of account just log in and a lot stuff out straight away that a lot of people will use it and this is being going uh is sort officially launched in November encoding it for more than a year and about 1500 open source code repositories around there right now being checked all the time and it's free for open source and it looks like this may be using this sort of health badge in the top corner there and some get propose occasionally
so the majority of this talk is going to lessons I've learned while building this are specifically how pertains to static analysis code reuse that kind of thing so and in 1st of all this 1 about what's the point countries in general and just in case you sort of not really into it but current is a really cool because you can even catch
errors before problems especially if you have new developers people new to language for example maybe they come from different backgrounds for example as said I come from a general background and so my Python at the beginning was all like uh you know the classes everywhere interfaces everywhere until a colleague in my little when the day so and and as well like some people new to the company you may be to understand how you do things in this company and that's kind cool but it's also it's a really good learning experience you can see how other people do things you can kind of see the things that their interests and and the way they do things the the techniques they learned you know about all the other around you can teach and something that maybe there no and then business logic errors of pretty important like you don't want someone put a 15 % discount were 5 % discount is can the right thing you want and accidentally financially crippled company that comes so that the whole idea there was a kind of keep an eye on the codebase think and that's what automatic code reviews can give you almost all this stuff so they won't give you the business logic side of things all these tools always command line tools as far as their concerns and into
the net bit carrycots 15 5 % but everything else they can pretty much do and the great thing is that happens automatically after every code if you put it into your you know continues integration Use traversal Jenkins or whatever then this happens all the time and every pushing a little the feedback to see what you used it and whether it was better or worse which is comical I can get them you know pectates compliance 2nd stuff and for me I really learned of by doing pilots and running time especially all these are all my code I really learned a few things and yet so I'm gonna come back to this sort of number to track In the end because that men also got a so of hands up who knows roughly what's going to happen based on this slide OK that's that's a fair
amount so this is a very common type induction you have a keyword
argument with a default value which is a list or a dictionary you do something to the argument against and then you return so let's say you call upon 1 with no arguments uses this list depends 120 days to get a list of 1 great you do it again now you got 2 things OK that sucks and it's really annoying to debug right so this is a fairly common Python gotcha but 20 % repositories of landscape checks have this error in someone so out of 1 thousand 500 yeah 20 % those actually happens this is a really you know something you shouldn't do and yeah I'm not gonna go into why because you can you can find pile and it will find this for you and interestingly even pie chart which I think is a fantastic idea and has the best static analysis of any idea I tried will not warn you about this so here's an example of automatic agrees can help you find bugs before they come bucks this is another 1 this is something I really want and if you call logging that the but with a string and wanna see the values of true and Bob you will have the string with
formatting parameters in your can squash them in there and then you will call locking up the bad thing is this is
apparently turns out this is the wrong way to do it what happened here is that you will interpolate the string and then equal loading the and if you look the the is In the future logging level is info morning above whatever then deadlocking that the because this monopoly board a waste of time doing string interpolation and it turns out that you can pass through and buys arguments learning that the button and it'll interpolate string that's critical and I certainly do not and again 10 % repositories do this of the 10 % of landscape checks then of course the style guide so you know maybe you maybe work with the monster like a like this like this is horrible this present probably uses tabs
instead of spaces and so and
you know it's nice to have this conformity and style and again this talk reason about why but if you want that you can run capital PY to enforced conformity with the Patriots and style guides style the Advisory because it's so next slide so up until now we talked about the things that you can find by checking your code for errors but a project isn't just the code especially for Web applications having old versions of um requirements for example can be a vulnerability ask anyone in the rails community how that can go horribly wrong and fortunately Django hasn't had so many problems but there are consistently security and um editions so libraries in history but fixes the come up so way you can check this is if you have a virtual environment with all the dependence installed your pipelist Hivatal on a fairly new thing it's it version 1 . 4 can remember exactly they'll tell you what the requirements you have the wrong and this is kind useful if you want slightly more involved this requires that Ireland gymnasium . com which will take your code I think they only work get up so he requires that does it will
take you would article to get other look at your requires the textile set of the PY and it will tell you which libraries using that are out of date and it will tell you OK this one's a security problem this one's a you know just regular mine update that constant so this is pretty important especially for women and there are up so many tools that there like they're really have time to go into all of and pikelets is kind the big ones that I'm not gonna have time to talk about and chances are if use of money matching problem using a plugin that uses placated which uses pi flakes again frost a new fork of pi flakes which is a little more maintained and McCabe is really cool and it will it takes a code kind of looks for too many branches an obvious sorry I forgot to mention you see this little tiny link at the bottom the known density is too small this is
called crowded becomes such pp 14 at all the things and talking about right now there's links to them on this page so you don't have to worry about some finding these afterwards you can discover page and look at all and so on and gets out and is always 0 tools and genocide is pretty interesting new thing which is the guy who does it is doing a talk on July straight out of this talk and I think it's easier 7 it's 1 of the rooms and their health is going to be doing a talk on the Pyramus pre-final checks a set of PY to make sure you during the you're a good citizen if you want to have an open source library so this the so many tools but the souls exist why don't people use them more how can you get the most out of it obviously you have a brand project and
setting this kind of stuff at the beginning is really and even as as your project evolves you can evolve how you doing always checking that kind of stuff but most of us don't have the luxury of starting a new project um you you have met you know you have an existing codebase we have mature codebase and you run time and for the 1st time in get like a thousand there's and you look at anything 0 my god I can't deal with this and so way to get the most out of it is well step number 1 is understanding what these tools it's not a list of areas it's a list of suggestions it is like a coded you sometimes you can have errors you gonna find problems in units OK that's a good point and about but sometimes unifying things that are is this right it's like someone looking over your shoulder during the show which is you know that that that's the attitude have we're looking at the output of these tools they don't be intimidated by a thousand hours of them doesn't mean you have a thousand years the 2nd thing is spend time training the tools the or configurable and all of them have very low levels of you know how how how much you care about this maybe you don't care about a specific area you can just kind of and it's it's worth doing this radius and come back to that in a 2nd and then again measure and track over time is my next slide to some this for me this is the most important slide of all most important concept of this whole thing
you really need to be concentrating on how you
improved or make things worse than last time you can't just look at the absolute value so if today is better than yesterday then you've improved in in doing well on that's all that so In order to do that you need to measure and track the output of these things so as an example and um some CI service like Jenkins have applied like a needle can a graph over time of how many errors pilot finds that if you have a graphic SI graphites looks to be set up which you may already have maybe Austin have this kind of setup and you can that and to use it or whatever and it's really great simple way to pass in numbers and then track these numbers over time and you have a nice bashful in front of this like tests refined you beautiful prepaid everyone enjoys looking at which gives you a little graphic as were a little graphic because that and it goes down you can think OK maybe we need spend time refactoring because maybe we need to concentrate on this and together they can feel good about yourself at the very least just just to something like pipe the output into word counts and see how many errors he had this time compared to last if you if all you have is a number goes up and down just still going to be doing pretty well and then treating so
again all these tools have a way to configure things I think that the the majority of people when they
try pilot for the 1st time and mature codebase all of
all these new tools but especially because as it's the most involved 1 it's kind of the most which you want to find the most bugs because it actually does a whole bunch more stuff and say flexed and that you can sit there and you can tweak it and you can spend a long time doing this and it's again it's really worth it if you spend 4 hours digging through the conflict digging through all of the the 19 pp accounts of try to figure out what's going on and then apply your policy so that the output is actually relevant your project you know maybe it's for hours maybe today but it almost certainly will save you 4 hours a day in the future because it'll find bugs or the major project more maintainable and that means that future problems feature features will be much easier to actually do and so it's worth spending the time and yet again don't really have time to come to go into exactly what you can do but for example if you google around you'll find client files that people have already created and typically so the 2nd 1 here and I created as a while ago because it annoyed me the pilots and warn about things and Django that's what really warnings so if you have a gender model you have a dog objects and model manager that's so that happens at runtime it's part of the metaprogramming agenda so it doesn't exist 1 pilot looks at it and therefore punishable water will say my model of objects does not exist in a unit those so you can write your own custom plug-ins or you can tune this with C so the benefit of the plug approach which takes a little more time is a little more involved but you can control exactly what kind of things and you can pilot will turn off 10 on you can come and say OK I'm going override this specific error in this specific instance rather than having to turn off all examples of this is that specific so if you're interested in running a plane at the documentation part and the world will help you and uses this kind of reference a little happy but that's that's nothing and yet again spending time of friends is it'll make things more useful I believe so by this point I hope you're all kind of thinking 1 is reciprocal um
uh but if you still not willing to you know spend little time and I suggest you try perspective which is a tool that came out of landscape the original point of landscape was uh like a state to to try and make things super easy for people to get it
started but um there was a part of that which is bringing together always tools configuring them in a kind of best guess kind way and adapting them slightly if you're running gender and so on and I pulled up it out and move it into a separate open source project called perspective which is a command line tool and it's it's really a layer on top of pilots and uh apply flakes and patent most chemist it's it's itself it does its best to kind of guess what you want so for example in terms of a boundary picky errors by default which in turn on but spanned by default it tries to address the needs of the 1st time you run it on a big codebase you will get something out of it which is actually useful to you and you not sort of swamped by a little picky areas you can really see that the core of the problem and and yet it tries to from your requirements of text if you're running Django it'll try and figure out and try and use of so hopefully I'm going create small planes for things like twisted another frameworks and trying improves further further so if you really this this is sort of up to steal a phrase from Our Python requests its static analysis for humans and trying to make it super easy to start with and if you need the power you can have it by just doing it yourself and but going from 0 to now I have static analysis hopefully this will help so I kind of expected
this a little bit quicker than expected so here's my conclusion which is essentially I've already said this several times with spending time spending time on this will really really benefit you and it's about you know develop cost and that kind of thing
if you spend the time doing it up front it may seem like it's a little bit like you not working on features that it will come back to you in the future you will do will benefit from this at some point and the most important thing is keep track of the metrics keep track of what's happening from these tools keep track of all the time you because even if you don't agree with them if the telling you last last time it's probably because you got less it's probably because you and yet so can spread through the so called what could be expected but anyway so this is the biggest of links the top 1 has links to all the stuff that I just talked about
and you know it's primitive few
well you in so so this is 1 of know what I mean
on so what do you you the on what so yeah so I was it wasn't a question exactly but and gets the 1st was the the full argument might be intentional and how you deal with intentional the things that the tools find other problems that are actually on purpose and so adding a comment for the next developers can be useful but you still that you get an error out tool and each of them have kind of a waste of time these things on or off it's a little more involved in bonding and realized landscape and perspectives have a sort of interactive mode that you can that will help you do that because you have to dig through the configuration find OK what is the error code and had a tendency yes of course yes so not just the active spreading the error but also explaining why it was the and what he so what exactly so the could sorry yeah but the question is and landscape doesn't actually deal with these with the configuration files especially for Parliament and it's kind of On the road map uh 1 of the problems with pilot is that you can and you can sort of load arbitrary plug ins and there's no real way to sort of do that so I need to spend a little time figuring out which part of the country I can apply some perspective will do its best to deal with at talks study any set CFG for you that apply 2nd stuff that you write landscape I mean it's it's still work in progress in the so lot to be done so it doesn't do that for now and so it's really for people who don't do any analysis right now and I wanna starts rather than for people who already do and want to weighted graph but it's coming of you have a role to used to by and the all but so I would say I'm a relative newbie have been doing it for like 3 years so like like you did it late III accumulated this knowledge over the the cost of doing all this stuff so I forgot to repeat the question region-specific which is how how discoverable tools and I think again this is maybe something that needs a little work but you tend to I found out about it from what now there's no centralized thing I think and matadors um forced Python mentioned yesterday that he was thinking about that in a separate section on how test how you do static analysis 2nd stuff which we think the real benefit of uh this is an what are the about this the 1 of the things we know that the you know that world so there is no you I will tell you that you could the in this 1 here behind is hiding from you the fact of the in front of that in use all of others because of their profits and as a tool for family for Figure Holger requirements of the terms yeah I imagine is that the idea is that a bunch of rules like that but I'm sure there are many many more of more than
Maschinencode
Applet
Systemverwaltung
Systemaufruf
Vorlesung/Konferenz
Code
Bit
Systemverwaltung
Kontinuierliche Integration
Zellularer Automat
E-Mail
Biprodukt
Analysis
Code
Computeranimation
Rechenschieber
Hydrostatik
Software
Twitter <Softwareplattform>
Offene Menge
Software
Maschinencode
Projektive Ebene
Optimierung
Analysis
Offene Menge
Punkt
Freeware
Dokumentenserver
Dokumentenserver
Open Source
Gateway
Quick-Sort
Code
Analysis
Computeranimation
Hydrostatik
Dienst <Informatik>
Einheit <Mathematik>
Maschinencode
Ideal <Mathematik>
Analysis
Rückkopplung
Bit
Subtraktion
Gewicht <Mathematik>
Weg <Topologie>
Kondition <Mathematik>
Formale Sprache
Klasse <Mathematik>
Zahlenbereich
Mathematische Logik
Code
Computeranimation
Polygonzug
Maschinencode
Softwareentwickler
Ordnung <Mathematik>
Gerade
Haar-Integral
Softwareentwickler
Elektronischer Programmführer
Güte der Anpassung
Knoten <Statik>
Quick-Sort
Integral
Rechenschieber
Portscanner
Fehlermeldung
Parametersystem
Statistische Schlussweise
Dokumentenserver
Dokumentenserver
Mailing-Liste
Kreisdiagramm
Computeranimation
Programmfehler
Datentyp
Vorlesung/Konferenz
Default
Analysis
Zeichenkette
Fehlermeldung
Parametersystem
Dokumentenserver
Dokumentenserver
Dateiformat
Whiteboard
Computeranimation
Übergang
Monster-Gruppe
Zeichenkette
Interpolation
Funktion <Mathematik>
Elektronischer Programmführer
Zeichenkette
Virtuelle Realität
Dokumentenserver
Computersicherheit
Web-Applikation
Versionsverwaltung
Dienst <Informatik>
Dateiformat
Raum-Zeit
Code
Computeranimation
Portscanner
Zeichenkette
Konforme Abbildung
Rechenschieber
Mailing-Liste
Funktion <Mathematik>
Softwareschwachstelle
Programmbibliothek
COM
Projektive Ebene
Elektronischer Programmführer
Versionsverwaltung
Fehlermeldung
Computersicherheit
Open Source
Verzweigendes Programm
Plug in
Binder <Informatik>
Code
Computeranimation
Homepage
Eins
Dichte <Physik>
Data Mining
Menge
Minimum
Programmbibliothek
Vorlesung/Konferenz
Projektive Ebene
Server
Weg <Topologie>
Zahlenbereich
Ikosaeder
Mailing-Liste
Euler-Winkel
Übergang
Rechenschieber
Einheit <Mathematik>
Funktion <Mathematik>
Flächeninhalt
Rechter Winkel
Grundsätze ordnungsmäßiger Datenverarbeitung
Skript <Programm>
Projektive Ebene
Fehlermeldung
Funktion <Mathematik>
Softwaretest
Server
Graph
Weg <Topologie>
Zahlenbereich
Betrag <Mathematik>
Ikosaeder
Zählen
Computeranimation
Dienst <Informatik>
Betrag <Mathematik>
Vorlesung/Konferenz
Skript <Programm>
Wort <Informatik>
Ordnung <Mathematik>
Fehlermeldung
Funktion <Mathematik>
Ebene
Sichtbarkeitsverfahren
Punkt
Wasserdampftafel
Versionsverwaltung
Rechenzeit
Plug in
Elektronische Publikation
Computeranimation
Programmfehler
Objekt <Kategorie>
Informationsmodellierung
Client
Einheit <Mathematik>
Datenmanagement
Geschlecht <Mathematik>
Mereologie
CMM <Software Engineering>
Projektive Ebene
Instantiierung
Fehlermeldung
Funktion <Mathematik>
Trennungsaxiom
Punkt
Open Source
Term
Analysis
Framework <Informatik>
Quick-Sort
Computeranimation
Hydrostatik
Randwert
Flächeninhalt
Geschlecht <Mathematik>
Perspektive
Mereologie
Vererbungshierarchie
Vorlesung/Konferenz
Speicherabzug
Projektive Ebene
Versionsverwaltung
Default
Haar-Integral
Analysis
Aggregatzustand
Fehlermeldung
Leistung <Physik>
Weg <Topologie>
Bit
Punkt
Linienelement
Weg <Topologie>
Ablöseblase
Vorlesung/Konferenz
Binder <Informatik>
Computeranimation
Landau-Theorie
Hausdorff-Raum
Extrempunkt
Aliasing
Computeranimation
Vorhersagbarkeit
Metropolitan area network
Mailing-Liste
Diskrete-Elemente-Methode
Zustandsdichte
PCMCIA
Rippen <Informatik>
Data Mining
Gewicht <Mathematik>
Kontextfreie Grammatik
Familie <Mathematik>
Interaktives Fernsehen
Term
Hydrostatik
Mailing-Liste
Arithmetische Folge
Perspektive
Vorlesung/Konferenz
Softwareentwickler
Figurierte Zahl
Konfigurationsraum
Analysis
Softwaretest
Parametersystem
ATM
Fehlererkennungscode
Graph
Plug in
Schlussregel
Quick-Sort
Mapping <Computergraphik>
Menge
Last
Mereologie
Garbentheorie
Fehlermeldung

Metadaten

Formale Metadaten

Titel Automatic code reviews
Serientitel EuroPython 2014
Teil 56
Anzahl der Teile 120
Autor Crowder, Carl
Lizenz CC-Namensnennung 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/19951
Herausgeber EuroPython
Erscheinungsjahr 2014
Sprache Englisch
Produktionsort Berlin

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Carl Crowder - Automatic code reviews A lot of great Python tools exist to analyse and report on your codebase, but they can require a lot of initial set up to be useful. Done right, they can be like an automatic code review. This talk will explain how to set up and get the best out of these tools, especially for an existing, mature codebase. ----- Static analysis tools are a great idea in theory, but are not often really used in practice. These tools usually require quite a lot of initial effort to get set up in a way which produces meaningful output for you or your organisation's particular coding style and values. As a result, it's common to see initial enthusiasm replaced by ignoring the tools. Such tools can be incredibly beneficial however, and even go so far as to provide an automatic code review, and this talk will explain what kind of benefits you can get from the tools, as well as explain what you can and cannot expect. This talk is aimed at experienced developers who are interested in improving their coding practices but who have either never tried static analysis tools, or who have not seen the upsides. It will hopefully also be useful to people who do use the tools, perhaps introducing them to new tools or concepts they were not aware of yet.
Schlagwörter EuroPython Conference
EP 2014
EuroPython 2014

Ähnliche Filme

Loading...