% Patch Review Usability
Alexis Beingessner Bheesham PersaudUsability doesn't matter if the system is insecure.
Any error can become a security vulnerability.
- Have a computer look at it
- Have a human look at it
- Before merging: continuous integration (Travis)
- After merging: program analysis (Coverity, AFL)
- Good for catching common errors
- Good for preventing expected regressions
- Lacks semantic understanding of the domain
- Before merging: patch review
- After merging: system audits
- Can understand semantic issues
- Error-prone
- First defense against errors
- Frequently performed
- Good interfaces important
Patches are usually presented as a diff
but diffs can be difficult to understand
One can emphasize parts that "really" changed:
Easier to understand => better review
We performed a heuristic walkthrough of three different systems for reviewing patches:
- Github;
- Bitbucket; and
- Reviewable.
Several real patches submitted to the Rust standard library's code base were selected, ranging from trivial to complex:
- A change that adds tests
- A small update
- A significant refactor
First, several scenarios were considered:
- View the proposed change
- View updates to the proposed change
- View the current reviews of the change
- View the outstanding issues with the change
- View results from continuous-integration
For each type of patch and scenario, one expert reviewed and one submitted.
ITSM Heuristics:
- Visibility of activity status
- History of actions and changes on artifacts
- Flexible representation of information
- Rules and constraints
- Planning and dividing work between users
- Capturing, sharing, and discovery of knowledge
- Verification of knowledge
After completing tasks with the heuristics in mind, we compare results.
Some low hanging fruit (URL toggle for whitespace, history sometimes not well represented)
- Programming is hard.
- Code reviews mitigate errors.
- Interfaces for code reviews are... 💩.
- We want to make things better.