|
| 1 | +<!-- SPDX-License-Identifier: CC-BY-4.0 --> |
| 2 | +<!-- Copyright Contributors to the Open Shading Language Project. --> |
| 3 | + |
| 4 | + |
| 5 | +Code Review Procedures |
| 6 | +====================== |
| 7 | + |
| 8 | +### Why do we code review? |
| 9 | + |
| 10 | +Code review is a process where someone other than the author of a patch |
| 11 | +examines the proposed changes and approves or critiques them. The main |
| 12 | +benefits are to: |
| 13 | + |
| 14 | +- Encourage submitters to ensure that their changes are well thought out, |
| 15 | + tested, and documented so that their intent and wisdom will be clear to |
| 16 | + others. |
| 17 | +- Directly find shortcomings in or suggest improvements to the proposed |
| 18 | + changes, and ensure that the changes are consistent with the project's best |
| 19 | + practices. |
| 20 | +- Minimize the amount of the code base that has only been seen or is only |
| 21 | + understood by one person. |
| 22 | +- Improve security and robustness of the code base by assuring that at least |
| 23 | + two people (submitter and reviewer) agree that every patch is reasonable and |
| 24 | + safe. |
| 25 | + |
| 26 | +### Reviewer guidelines -- what you should be looking for |
| 27 | + |
| 28 | +Code review is not difficult, and it doesn't require you to be a senior |
| 29 | +developer or a domain expert. Even if you don't particularly understand that |
| 30 | +region of the code and are not a domain expert in the feature being changed, |
| 31 | +you can still provide a helpful second pair of eyes to look for obvious red |
| 32 | +flags and give an adequate review: |
| 33 | + |
| 34 | +- This may seem too obvious to say explicitly, but a big part of review is |
| 35 | + just looking at the PR and seeing that it doesn't appear to deface, |
| 36 | + purposely/obviously break, or introduce malware into the project. |
| 37 | +- Does the explanation of the PR make logical sense and appear to match (as |
| 38 | + near as you can tell) the changes in the code? Does it seem sensible, even |
| 39 | + if you don't understand all the details? |
| 40 | +- Does the test pass all of our existing CI tests? (If it does, at least we |
| 41 | + are reasonably sure it doesn't break commonly used features.) |
| 42 | +- Is there any evidence that the changes have been tested? Ideally, something |
| 43 | + already in, or added to the testsuite by this PR, exercises the new or |
| 44 | + altered code. (Though sometimes a patch addresses an edge case that's very |
| 45 | + hard to reproduce in the testsuite, and you have to rely on the submitter's |
| 46 | + word and the sensibility of their explanation.) |
| 47 | +- Not required, but nice if we can get it: You're an expert in the part of |
| 48 | + the code being changed, and you agree that this is the best way to achieve |
| 49 | + an improvement. |
| 50 | +- Any objections should be explained in detail and invite counter-arguments |
| 51 | + from the author or other onlookers. A reviewer should never close a PR |
| 52 | + unless it fails to conform to even the basic requirements of any submitted |
| 53 | + PR, or if enough time has passed that it's clear that the PR has been |
| 54 | + abandoned by its author. It's ok to ultimately say "no" to a PR that can't |
| 55 | + be salvaged, but that should be the result of a dialogue. |
| 56 | + |
| 57 | +Obviously, you also want any review comments you give to be constructive and |
| 58 | +helpful. If you don't understand something, ask for clarification. If you |
| 59 | +think something is wrong, suggest a fix if you know how to fix it. If you |
| 60 | +think something is missing, suggest what you think should be added. Follow the |
| 61 | +expected kind and constructive tone of the project's community. |
| 62 | + |
| 63 | +### Submitter guidelines -- how to encourage good reviews and timely merges |
| 64 | + |
| 65 | +A few tips for submitters to help ensure that your PRs get reviewed and merged |
| 66 | +in a timely manner and are respectful of the reviewers' time and effort: |
| 67 | + |
| 68 | +- Aim for small PRs that do a specific thing in a clear way. It is better to |
| 69 | + implement a large change with a series of PRs that each take a small, |
| 70 | + obvious step forward, than to have one huge PR that makes changes so |
| 71 | + extensive that nobody quite knows how to evaluate it. |
| 72 | +- Make sure your PR commit summary message clearly explains the why and how of |
| 73 | + your changes. You want someone to read that and judge whether it's a |
| 74 | + sensible approach, know what to look for in the code, and have their |
| 75 | + examination of the code make them say "yes, I see, of course, great, just as |
| 76 | + I expected!" |
| 77 | +- Make sure your PR includes a test (if not covered by existing tests). |
| 78 | +- Make sure your PR fully passes our CI tests. |
| 79 | +- Make sure your PR modifies the documentation as necessary if it adds new |
| 80 | + features, changes any public APIs, or alters behavior of existing features. |
| 81 | +- If your PR alters public C++ APIs for which there are also Python bindings, |
| 82 | + make sure that the changes are also reflected in the Python bindings and any |
| 83 | + other language bindings we support. |
| 84 | +- If you are adding new language features or behaviors, make sure they are |
| 85 | + implemented and tested in all of the back-ends: single point shading, |
| 86 | + batch shading, GPU/OptiX. |
| 87 | + |
| 88 | +### Code review procedures -- in the ideal case |
| 89 | + |
| 90 | +In the best of circumstances, the code review process should be as follows for |
| 91 | +**EVERY** pull request: |
| 92 | + |
| 93 | +- At least one reviewer critiques and eventually (possibly after changes are |
| 94 | + made) approves the pull request. Reviewers, by definition, are not the same |
| 95 | + person as the author. |
| 96 | +- Reviewers should indicate their approval by clicking the "Approve" button in |
| 97 | + GitHub, or by adding a comment that says "LGTM" (looks good to me). |
| 98 | +- If possible, reviewers should have some familiarity with the code being |
| 99 | + changed (though for a large code base, this is not always possible). |
| 100 | +- At least a few work days should elapse between posting the PR and merging |
| 101 | + it, even if an approving review is received immediately. This is to allow |
| 102 | + additional reviewers or dissenting voices to get a chance to weigh in. |
| 103 | +- If the reviewer has suggestions for improvement, it's the original author |
| 104 | + who should make the changes and push them to the PR, or at the very least, |
| 105 | + the author should okay any changes made by the reviewer before a merge |
| 106 | + occurs (if at all practical). |
| 107 | + |
| 108 | +Not all patches need the highest level of scrutiny. Reviews can be cursory and |
| 109 | +quick, and merges performed without additional delay, in some common low-risk |
| 110 | +circumstances: |
| 111 | + |
| 112 | +- The patch fixes broken CI, taking the project from a verifiably broken state |
| 113 | + to passing all of our CI builds and tests. |
| 114 | +- The changes are only to documentation, comments, or other non-code files, |
| 115 | + and so cannot break the build or introduce new bugs. |
| 116 | +- The code changes are trivial and are obviously correct. (This is a judgment |
| 117 | + call, but if the author or reviewer or both are among the project's senior |
| 118 | + developers, they don't need to performatively pretend that they aren't sure |
| 119 | + it's a good patch.) |
| 120 | +- The changes are to *localized* and *low risk* code, that even if wrong, |
| 121 | + would only have the potential to break individual non-critical features or |
| 122 | + rarely-used code paths. |
| 123 | + |
| 124 | +Conversely, some patches are so important or risky that if possible, they |
| 125 | +should be reviewed by multiple people, preferably from different stakeholder |
| 126 | +institutions than the author, and ensure that the approval is made with a |
| 127 | +detailed understanding of the issues. In these cases, it may also be worth |
| 128 | +bringing up the issue up at a TSC meeting to ensure the attention of many |
| 129 | +stakeholders. These include: |
| 130 | + |
| 131 | +- *New directions*: Addition of major new features, new strategic initiatives, |
| 132 | + or changes to APIs that introduce new idioms or usage patterns should give |
| 133 | + ample time for all stakeholders to provide feedback. In such cases, it may |
| 134 | + be worth having the PR open for comments for weeks, not just days. |
| 135 | +- *Risky changes*: Changes to core classes or code that could subtly break |
| 136 | + many things if not done right, or introduce performance regressions to |
| 137 | + critical cases. |
| 138 | +- *Compatibility breaks*: changes that propose to break backward API |
| 139 | + compatibility with existing code or data files, or that change the required |
| 140 | + toolchain or dependencies needed to build the project. |
| 141 | +- *Security*: Changes that could introduce security vulnerabilities, or that |
| 142 | + fix tricky security issues where the best fix is not obvious. |
| 143 | + |
| 144 | +### Code review compromises -- because things are rarely ideal |
| 145 | + |
| 146 | +We would love to have many senior reviewers constantly watching for PRs, doing |
| 147 | +thorough reviews immediately, and following the above guidelines without |
| 148 | +exception. Wouldn't that be great! But in reality, we have to compromise, |
| 149 | +hurry, or cut corners, or nothing would ever get done. Some of these |
| 150 | +compromises are understandable and acceptable if they aren't happening too |
| 151 | +often. |
| 152 | + |
| 153 | +- Lack of reviews: If no reviews are forthcoming after a couple days, a "are |
| 154 | + there any objections?" comment may be added to the PR, and if no objections |
| 155 | + are raised within another few days, the PR may be merged by the author if |
| 156 | + they are a senior developer on the project. This is a fact of life, but |
| 157 | + should be minimized (with a rigor proportional to where the patch falls on |
| 158 | + the "low risk / high risk" scale described above). If this is done, you |
| 159 | + should leave an additional comment explaining why it was merged without |
| 160 | + review and inviting people to submit post-merge comments if they |
| 161 | + subsequently spot something that can be improved. |
| 162 | +- Time-critical patches: urgent security fixes, broken CI or builds, critical |
| 163 | + bugs affecting major stakeholders who are waiting for a repaired release, |
| 164 | + fixes that are blocking other work or preventing other PRs from advancing. |
| 165 | + In such cases, it is understandable for senior developers to try to speed up |
| 166 | + the process of getting the changes integrated (though the very nature of |
| 167 | + their criticality also indicates that it's worth getting a review if at all |
| 168 | + possible). |
| 169 | +- Failing tests: Sometimes a PR must be merged despite failing CI tests. |
| 170 | + Usually this is for one of two reasons: (1) spurious CI failures are known |
| 171 | + to be occurring at that time and are unrelated to the PR; (2) the PR is part |
| 172 | + of a series of patches that are only expected to fully pass CI when the last |
| 173 | + piece is completed. |
| 174 | + |
| 175 | +These changes are understandable, but we still are striving to reduce their |
| 176 | +frequency. It is the responsibility of the senior developers, TSC members, and |
| 177 | +major stakeholders to be monitoring the incoming PRs and helping with reviews |
| 178 | +as much as possible, to ensure that review exceptions are rare. |
| 179 | + |
| 180 | +### Code review pathologies -- things to avoid |
| 181 | + |
| 182 | +These are anti-patterns that generally are indications of an unhealthy open |
| 183 | +source project: |
| 184 | + |
| 185 | +* An author merging their own PR without any review comments that indicate |
| 186 | + meaningful scrutiny or approval from another party, and without giving |
| 187 | + adequate warning that a merge will occur if no reviews are received. |
| 188 | +* PRs languishing for weeks or months without any review or merge. |
| 189 | +* PRs that don't adequately test their changes (basically crossing your |
| 190 | + fingers and hoping it works). |
| 191 | +* PRs that are merged despite failing CI that might be related or, if |
| 192 | + unrelated, that might be masking problems with the PR being evaluated. |
| 193 | + |
| 194 | +Again, sometimes these things happen out of necessity to keep the project |
| 195 | +moving forward under constrained development resources. But we strive as much |
| 196 | +as possible to ensure that they are rare exceptions. |
0 commit comments