6.102
6.102 — Software Construction
Spring 2023

Code Reviewing

In this course, you will read your classmates’ code and give them comments about it. This document describes the whys and hows of the 6.102 code reviewing process.

You can’t learn how to write without learning how to read – and programming is no exception. Code reviewing is widely used in software development, both in industry and in open source projects. Many companies have instituted review-before-commit as a required policy. For example, you can’t get a line of code into the Google source code repository unless another Google engineer has read it, given feedback on it, and signed off on it.

There are several benefits of code review in practice. Reviewing helps find bugs in a way that’s complementary to other techniques (like static checking, testing, assertions, and reasoning). Reviewing uncovers code that is confusing, poorly documented, unsafe, or otherwise not ready for maintenance or future change. Reviewing also spreads knowledge through an organization, allowing developers to learn from each other through explicit feedback and by example. So code reviewing is not only a practical, important skill that you will need in the real world, but also a learning opportunity.

What to look for

Although you can make comments about anything you think is relevant, the primary goal of this class is to learn how to write code that is safe from bugs (SFB), easy to understand (ETU), and ready for change (RFC). Read the code with those principles in mind. Here are some concrete examples of problems to look for:

Bugs or potential bugs.

  • Repetitive code (remember DRY, Don’t Repeat Yourself).
  • Disagreement between code and specification.
  • Off-by-one errors.
  • Global variables and other too-large variable scopes.
  • Magic numbers.
  • Code that could be written more defensively or written to fail faster.

Unclear, messy code.

  • Bad variable or method names.
  • Inconsistent indentation.
  • Convoluted control flow (if and while statements) that could be simplified.
  • Packing too much into one line of code, or too much into one method.
  • Failing to comment obscure code.
  • Having too many trivial comments that are simply redundant with the code.
  • Variables used for more than one purpose.

Misunderstandings of the programming language.

  • Use of == instead of ===.
  • Use of var instead of let.
  • Use of for ... in instead of for ... of.

Misusing (or failing to use) essential design concepts we have previously discussed in class. (If you’re not sure what some of these concepts mean, you can look them up in Topics and Terms, and we may not have discussed them in class yet.)

  • Incomplete or incorrect specification for a method or class.
  • Representation exposure for a data abstraction.
  • Immutable data types that expose themselves to change.
  • Invariants that aren’t really invariant, or aren’t even stated.

Positive comments are also a good thing. Don’t be afraid to make comments about things you really like, for example:

  • Unusually elegant code.
  • Great name choices.
  • Creative solutions.
  • Great design.

Process

We will be using a web-based code-reviewing system called Caesar, built here at MIT. Caesar is different from other code review tools (like GitHub, Rietveld, and Review Board) in several ways. It’s designed for reviewing whole programs, rather than changesets. It divides up a program into pieces, assigns them to multiple reviewers, and supports discussion-based reviewing with threaded comments and up and down votes. It automatically ignores widely-repeated code, like boilerplate or library code, in order to focus attention on code that’s worth the reviewers’ time. With this system, you will read small bits of code written by several other students, and many other students will each read a small bit of yours.

Here’s how the process will typically go. Only problem set code will be reviewed. Team projects will not go through this process.

Problem set deadline: first iteration (alpha) of problem set is due.

Morning after deadline: submitted code is loaded into Caesar, and an announcement goes out by email to all reviewers that the reviewing process is open.

If you took slack days on the deadline: you have to wait until the morning after your deadline before you can start code reviewing.

During code review: you should visit Caesar, read the code that you were assigned, and make comments on it. For each piece of code you review, you can:

  • Make a comment
    by clicking on a line of code or selecting a range of lines, and typing your comment.

  • Reply to another comment
    by clicking on Reply. You can use this to clarify, expand on, or disagree with comments made by other reviewers.

  • Upvote a comment
    by clicking the thumbs-up icon. Use this to agree with a comment made by another reviewer.

  • Downvote a comment
    by clicking on the thumbs-down icon. If you’re disagreeing with a human, then it’s polite and helpful to also reply to explain why.

Course staff (TAs, LAs, instructors) will be reviewing the reviews: upvoting, downvoting, replying, and commenting as appropriate.

After code review deadline: Look at the comments on your own code, and start revising your code for your beta resubmission.

How should I address my code reviews?

Your beta resubmission must address all the code reviews you received – all the human comments plus all the automated checkstyle comments that are marked #important. You can address a code review either by changing your code to reflect the review, or by replying to the review (with a source code comment or a reply in Caesar) to explain why the code was not changed. A grader will check your beta submission and deduct points if it hasn’t addressed the code reviews.

Needless to say, if you didn’t get any code review comments – which sometimes happens – then you don’t have to address any code review comments. Positive comments don’t need to be addressed, either.

How can I see whether I fixed my Checkstyle comments?

You can run ESLint locally on your own laptop using the same rules as the checkstyle code-reviewing bot on Caesar. Instructions will be provided in the addendum to ps0. Note that Caesar’s #important tag does not appear in the ESLint messages on your laptop. Instead, issues that would be #important on Caesar are reported by ESLint tool as errors, and other issues are reported as warnings.

Privacy & visibility

As a code author, you are anonymous. The system does not display your name with any of the code you wrote. Please don’t put your full name, username, email address, or other identifying information in your source code. We try to strip out your name and username if it appears, but this process isn’t perfect, especially since some of you have names that are pretty common in source code. Yes, I’m looking at you, little Bobby Tables.

As a reviewer, you are fully identified. The system displays your name and username with every review comment, reply, upvote, or downvote that you were responsible for. All registered users can see your name and what you wrote.

All reviewers, all code, and all comments are visible to registered users. The “all users” link shows a list of all users, and each user has a profile page showing all the comments that they have made. A URL for a chunk of code or a review comment can be viewed by anybody logged in to Caesar, regardless of whether they were assigned as a reviewer for that particular chunk.

Caesar is accessible only to registered users. The system is not open to the net, nor is it indexed by Google. It is only visible to members of MIT courses that have used it.

Reputation

As a reviewer in Caesar, you have a reputation score, shown in parentheses after your name. You earn 1 reputation point for each upvote (by another user) of a comment you wrote. If you start reviewing early, then you are more likely to get upvotes. If you write good comments, then you are more likely to get upvotes.

As a student in 6.102, your numeric reputation score has no effect whatsoever on your grade. You do receive a grade for participating in code reviewing, but the reputation score is irrelevant to that grade. Instead, we will base your code review grade on the quantity and quality of the actual reviewing that you’ve done by looking at the activity history on your profile page.

Respect

Be polite. Sarcasm, insults, and belittling words have no place in a code review. It doesn’t matter whether you’re talking about a person (a fellow reviewer or a code author) or about code. Don’t call code “stupid,” because that transfers all too easily to the author of the code, whether you meant it that way or not.

Be constructive. Don’t just criticize, be helpful: point the way toward solutions. “Hopeless mess” is not a constructive comment; “name the variables more descriptively, e.g. tmp1 is not a great name” is much more constructive.

As a reviewer, you should downvote comments by others that are unconstructive or rude, and serious problems should be referred to the teaching staff.

As a code author, you should read your feedback carefully, and keep an open mind. Don’t get defensive. If your reviewers – who are fellow MIT students – find your code confusing, then you should consider what this says about its clarity and maintainability in the real world.

FAQ for reviewers

Does reviewing affect my grade?

Yes. See the Reputation section above.

Does my reviewing affect other people’s grades?

Not directly. Problem set grades do not take code reviewing into account, and other reviewers’ participation grades are not affected by your upvotes or downvotes. But your reviewing will hopefully help other students become better programmers and acquire a better understanding of the course, and indirectly improve their grades.

How many files do I need to review, and how much do I need to do on each one?

The number you are assigned will depend on the size of the problem set but will not exceed 10 files.

The Caesar system will expect you do to at least one thing on each file assigned to you – make a comment, reply to a comment, upvote, or downvote – after which the system considers that piece of code “already reviewed.”

To earn full participation credit in code review, however, you should make multiple, substantial, specific comments on each file, not just upvote or downvote comments made by others.

I don’t feel like I know anything. How can I possibly review other people’s code?

You know more than you think you do. You can read for clarity, comment on places where the code is confusing, look for problems we read about or talked about in class, etc.

What if I can’t find anything wrong?

You can write specific positive comments that relate good features of the code to ideas we are discussing in the course.

What if I think a Checkstyle comment is wrong or irrelevant?

The Checkstyle bot’s review comments are generated automatically by a style checker called ESLint. Some of these comments might be wrong or inappropriate for the situation, so please use upvoting and downvoting to review Checkstyle too.

How much of the whole program do I have to try to understand?

Caesar presents each file in isolation and asks for comments just for that file. We don’t expect you to look at anything else, or to spend time struggling to figure out whether it’s correct.

How can I find out who wrote this code?

Code authors are anonymous until they reveal themselves – e.g. by replying to a comment and stating that they’re the code author. You can write a comment asking a code author to reveal their identity or contact you, if you wish. If there is a serious situation requiring the identity of the code author – e.g. a potential case of plagiarism – then bring it to the attention of the teaching staff.

FAQ for code authors

Can somebody use my code to cheat in the class?

It’s not possible to participate in code review until after you have submitted your problem set (the alpha version).

When revising for the beta, copying code seen during code review would be a serious violation of the collaboration policy. See Problem sets, iteration, and slack days in General Info and Individual work in Collaboration and Sharing.

Is it OK to break my anonymity?

Yes, if you want to reply to a comment on your code or directly contact one of your reviewers, you can do so.