Top
Best
New

Posted by ColinWright 8 hours ago

The primary purpose of code review is to find code that will be hard to maintain(mathstodon.xyz)
250 points | 130 commentspage 2
mjd 6 hours ago|
The author is a mathematician, so when he says “it is not in general possible to find bugs by examining the code” he does not mean it is completely impossible to find bugs. He means only that it is not possible to find all bugs or even any particular bug.
d-us-vb 5 hours ago||
User names match... are you the original author? Why commenting in the third person?
dolmen 5 hours ago||
Because it was him... 10 months ago?
dijksterhuis 4 hours ago|||
it's still weird. if i'm talking about something i wrote 10 months ago i'd say something like, "when i originally wrote this i was trying to say ...".

not "when the author wrote this, he was trying to say"

saghm 51 minutes ago|||
saghm still thought this was a weird explanation when he wrote this comment
saghm 52 minutes ago|||
I guess that makes sense. Based on my math lectures during college, mathematicians can often be terrible at communication to other humans, so that would explain why they think what they said is different from how pretty much everyone else reads it.
jibal 33 minutes ago|||
Apparently the mathematician author doesn't understand the meaning of his own natural language quantifiers. “it is not in general possible to find bugs by examining the code” means “it is not in general possible to find ANY bugs by examining the code”, not “it is not in general possible to find ALL bugs by examining the code”.

And the first interpretation is relevant but wrong, whereas the second interpretation is true but irrelevant.

P.S. It seems that the author meant to say “it is not in general possible to find a given bug by examining the code”, i.e., "not (for all bugs B it is possible to find B)", which again is true but not relevant.

whilenot-dev 21 minutes ago||
Thank you, I thought I was getting crazy! The self-proclaimed amateur mathematician[0] who quotes his own writing in 3rd person has some stuff to work on I guess.

[0]: https://blog.plover.com/meta/about-me.html

jonahx 5 hours ago|||
Ofc you're correct in that sense.

I would add that (related to your "maintainability" point) ensuring the code is as simple as possible, and thus much more likely to be "debuggable by review", is a goal of review. Even that won't prevent bugs in the absolute sense, as you rightly say, but it boosts your probabilities.

silva97 5 hours ago||
The author seens to misunderstand the purpose of code review. The purpose is, literally, review the code. Review means basically to think/talk about something again in order to make or not changes on it. When you review something (including code), you are basically asking for yourself: "Should it be changed or it's okay to stay like this?"

In order words, the purpose of code review is to or not ask for changes on the code.

pessimizer 1 hour ago|
> Review means basically to think/talk about something again

The rest is not part of the definition; critics don't review movies in order to change them.

But just accepting that at face value, making code more readable is a "change." I don't know what you're trying to say here.

silva97 32 minutes ago||
To criticize is, basically, to say what should have been different. It is in the past, yet it is still about what should be changed.

> making code more readable is a "change." I don't know what you're trying to say here.

Yes and this is exactly what I am trying to say. The author limited what is the purpose of a code review like it's has really this limitation but, in practice, the code review is widely about what you think it should changed on the code by multiple reasons: readability, manutenibility, performance, security, bugs, use cases, test coverage etc.

Making code more readable is just one of the reasons why you want the code to be changed on a pull request, it's not the primary purpose.

brimtown 5 hours ago||
The best writing on this is the "agent principal-agent" problem, which correctly frames the problem of agents and code review in terms of trust.

This is why the solutions for high-trust environments (small teams) and low-trust environments (big companies, open source projects) will be different.

https://crawshaw.io/blog/agent-principal-agent

dirkc 5 hours ago|
Thanks, this articulates something that I've been struggling to put a finger on. You can't review agent generated code the same way you would review a PR, someone needs to fine comb it to make sure everything is fine. And doing that for something like 100,000 lines of code over a few weeks just doesn't sound realistic to me.
jdw64 5 hours ago||
It seems the form that code review takes depends on the structure of the organization. In practice, some places use code review as a way to assert hierarchy and tear someone down, while in others it's a friendly, knowledge-sharing exchange. Code review varies depending on the organization's shape and the manager.

And I agree to some extent with what the OP's tweeter said. these days, bugs can look perfectly fine on the surface, but when combined with the existing system, entirely new types of bugs emerge. This is an especially common pattern in the AI era: the added code itself isn't the problem, but it becomes a bug once it interacts with the existing codebase.

k3vinw 2 hours ago||
I appreciate the perspective, but code reviews are subjective. The tooling and the language can be so good that it shifts to this kind of utopian state, where all bugs are caught and eliminated by guarantees in the language and tooling. Or they could be dismal to the point a human needs to check for mundane issues like bugs in the code.
Splice9160 2 hours ago||
Maintainability is incredibly important, but acting like bug-catching is just a "happy little accident" of code review is an over correction. A good code review should make sure the code is readable and that it actually does what it’s supposed to do without breaking the system. You need to do both.
hakunin 3 hours ago||
I think the author is right.

There are many peripheral nice-to-haves you can get from a code review. Bugs, security, performance, correctness issues are all possible bonus findings you may get sometimes.

But there is only one _must_ in reviews: another person reading and understanding the code, possibly suggesting architectural improvements, or asking questions that should be answered by rephrasing the code for clarity, or by adding code comments. In other words: maintainability. That's the one thing that's not a bonus point, and is a constant for all code reviews.

trentnix 5 hours ago||
> The primary purpose of code review is to find code that will be _hard to maintain_.

In some organizations, maintainability may be the biggest risk being mitigated in a code review. But for me, that's selling code reviews short.

In my experience, code reviews are the single most important quality control process in the entire development life cycle. Engineers often don't have a lot of influence over the quality of requirements. Engineers often don't have a lot of influence over the competence and thoroughness of the QA process (and it often doesn't exist at all). But engineers frequently have total control over code reviews.

If I can't depend on the rest of the organization for QC, code reviews are the first place I look to mitigate that risk. That means code reviews find bugs. That means code reviews identify code smells. That means code reviews pressure test requirements and whether the implementation matches the assignment. That means code reviews transfer knowledge and serve as a teacher for both the PR author and the reviewer. And so on.

Thorough and pedantic code reviews are challenging and tedious, at least at first, but the team adapts and both the code and the review process gets better.

khurs 5 hours ago||
"The purpose of code review is not for the reviewer to find bugs"

Well kinda - code review needs to identify any missing tests? And without the tests more likely a bug could exist.

david422 5 hours ago|
I work with someone who tends to rejects PR suggestions. I also work with someone else who accepts suggestions.

I think that the for the person who accepts suggestions, it's made me wonder if they accept them in part to share ownership with me. I feel like we both maintain and understand the code, and are on the same page.

For the person who rejects PR suggestions, it makes me less inclined to participate in those PRs. Why spend the time doing a thorough review if it's going to get rejected anyways.

clates 4 hours ago||
Our team tends to prefix all our comments with one of

* thought: Maybe foo'ing is more common in the future - we can refactor if that happens.

* change: This is a leaky abstraction, would prefer to see this modeled like bar instead.

* nit: Naming seems a little unintuitive, consider "Baz", "Boo" maybe?

* fix: This unit test is validating the wrong field.

* chat: This is a big decision and would dictate how solutions of this category look like going forward. Let's bring this to the team first.

----

With the idea that some of those prefixes are stopping the PR until they are changed, and some are just a "take it or leave it" type comments. It makes it unambiguous to the opener that you consider these X things as "We've gotta get on the same page" and these Y things as "Stated preferences" or "just an observation".

word of warning - don't feel bad if you leave a nit, the other person disagrees and ignores it. If you felt strongly about it, it shouldn't have been a nit.

acedTrex 5 hours ago||
> For the person who rejects PR suggestions, it makes me less inclined to participate in those PRs. Why spend the time doing a thorough review if it's going to get rejected anyways.

This is why you leave blocking suggestions and force the conversation if you think it is important enough.

More comments...