Sep 4, 2010

Defensive programer , code analysis, and code review.

I was born in China, English is not my native language, and I still have difficulties in writing in English. Once, I sent an email to my boss. In his reply he highlighted my typo and grammatical error. At first I felt embarrassed, but I immediately appreciated his effort of doing so. I am sure sometimes my email is confusing, but nobody has ever done that to me before. I guess it is because they don't want to hurt my feeling or save the time to correct me. I do use spelling check and grammar check functions of email app, and I never felt embarrassed, isn't that strange?

I have been a programmer for years, I have made all the programming mistakes that can be made, and I still make, but less. Some developers correct my error, some don't. I felt embarrassed in early time, but I gradually accept the fact that my code sucks and appreciate their effort. Compilers also correct my mistake, I was frustrated in earlier time, but I never felt embarrassed by compilers.

As I got more experience, I found that it was never easy to tell my fellow developers about their mistakes in coding or design. I was working in a software company. One of the senior developer resigned for a new job and my boss asked me to take over his project which I never touched. Firstly, I reviewed his code, I felt sick and wondered how a senior developer can write such crap. During the later knowledge transfer, I asked lots of critical question, I knew I hurt his feeling and he was unhappy. Personally, I think he is nice and funny guy, and I regret about that. From then, I try to be careful about my words when I express my opinion of others' code. Even then, it is still inevitable to hurt someone's feeling some time, if my opinion is too radical to him.

Is this just my unique experience. In the book Debugging Microsoft .NET 2.0 Applications, author John mentions his experience in Chapter 3, "Assert, Assert, Assert, Assert". He argued with his boss about a section of code, which misused "Assert", and he said "Whoever wrote this needs to be fired! I can't believe we have an engineer on our staff who is this incredibly and completely stupid!". His boss got very quiet, grabbed the paper out of his hands, and quietly said, "That's my code." . And John resigned from the company later.

Although it is not so new book, I find that it is still very useful. The author discusses some proactive tools to improves code quality, one of them is code analysis, and a chapter 8 is dedicated to topics "Writing Code Analysis Rules". I think code analysis is quite effective, because no matter how defensive you are as developer, you seldom can be embarrassed by a machine. Machine always reports the warning or error if you break the rules.

For a while, I suspected the effectiveness of code review. My previous experience tells me that developers tend to be defensive for themselves. Why? If there is a large gap in coding quality and experience between the author and the expectation of the reviewer, the reviewer may ask the question like "How can a senior developer write such crap?", this make the author looks incompetent, so it is natural to for him to be defensive. In such case, code review will not be necessary. Maybe it will be more effective for the company to send the author for some crash course to close the gap, or the recruitment process needs to be reviewed to to find out why this gap is not caught in the first place. If the gap is small, generally, the code review is powerful software quality tool. It has been adopted by many good software companies. It is said that some company go to the length that code developed by junior developer can not be merge into trunk until it has been reviewed by senior developer. I am not sure if that is true, but code review not only improve quality but also transfers knowledge, and it can become an company culture that attract people. However we developers are still human, we should be very clear that, code review is review of code, but not performance review of employee. And we should not use words that target for people but not code. One senior developer once reviewed my code and said "You don't understand what object oriented programming is." I was upset for a while. Am I too vulnerable? Maybe, I am a human.