Code ReviewWhat is it?Why?When and how oftenPhilosophyPotential MisusesLightweight vs Formal ReviewFagan Inspection (1)Fagan Inspection (2)A Simplified ProcessWhoWhat to look for (1)What to look for (2)Tips - StatisticsTips - ManagementTips - ReviewersTips - DevelopersDontThe Seven Deadly SinsTool SupportSummarySoftware Testing and Maintenance 1Code Review Introduction How to Conduct Code Review Practical Tips Tool Support SummaryWhat is it?A systematic examination of source code to ensure sufficient code qualityCorrectness: Try to detect faults that may exist in the codeMaintainability: Try to make the code easier to understand and maintainSoftware Testing and Maintenance 2Why?Help to find and fix bugs earlyTwo brains are better than one brain!Help to improve code structureEnforce coding standardsSpread knowledge among team membersGood training opportunities for new hiresWhat if the original author leaves?Developers know their code will be reviewed, so they will work harder.Software Testing and Maintenance 3When and how oftenNot too soon, not too lateTypically after unit testing has been done, and after basic features have been testedWeekly, or after each major featureSoftware Testing and Maintenance 4PhilosophyA forum to discuss and learn from everyoneNot an opportunity to criticize peopleNot to demonstrate who is a better programmer Software Testing and Maintenance 5Potential MisusesA waste of time and effort, if not performed effectivelyHarsh reviews may destroy a less experienced developerMay create social problems if ego and/or politics are involved Software Testing and Maintenance 6Lightweight vs Formal ReviewLightweight review: over-the-shoulder, email pass-around, and tool-assisted reviewFormal review: a well-defined process, physical meetings, prepared participants, documented resultsSoftware Testing and Maintenance 7Fagan Inspection (1)PlanningPreparation of materialsArranging of participantsArranging of meeting placeOverviewGroup education of participants on the materialsAssignment of rolesPreparationThe participants review the item to be inspected and supporting materialsThe participants prepare their rolesSoftware Testing and Maintenance 8Fagan Inspection (2)Inspection meetingActual finding of defects and opportunities for refactoringReworkResolve the comments made the reviewFollow-upVerification that all the comments are addressedSoftware Testing and Maintenance 9A Simplified ProcessPreparationEstablish the review group (the programmer, two reviewers, a recorder, and a leader)Make the materials availableCome preparedReviewThe leader opens with a short discussion (goals and rules)The programmer explains the code (what it is supposed to accomplish, what requirements it contributes to, and what documentation it affects)Each participants raises questions, comments, and suggestsThe programmer responds (explain the logic, and problems, and choices Follow upSoftware Testing and Maintenance 10WhoLeader: technical authority, experienced, supportive and warm personalityRecorder: keep a written recordReader: summarize the code segments, could be the authorIn general, participants should have a balanced mixAn architect, a peer of the contributor, someone in the middle, new hiresPeople should not be there: non-technical people, system testers, and managersSoftware Testing and Maintenance 11What to look for (1)Logic errors: programming mistakes, incorrect assumptions, misunderstanding of requirementsAdherence to coding standardsUse of common code modulesRobustness – adequate error handlingSoftware Testing and Maintenance 12What to look for (2)Readability: meaningful names, easy-to-understand code structureBad smells: opportunities for refactoringTests: make sure unit tests are provided, and sufficient coverage is achievedComments: adequate comments must be provided, especially for logic that is more involvedSoftware Testing and Maintenance 13Tips - StatisticsSize: 200 ~ 400 lines of uncommented codeReview time <= 1 hourInspection rate <= 300 LOC/hourExpected defect rates around 15 per hour# of reviewers: 3 to 7Software Testing and Maintenance 14Tips - ManagementCode reviews cannot be optionalBut it can be selectiveCritical and/or complex code, code that is written by less experienced people, e.g., new hiresRequire separate code reviews for different aspectsSecurity, memory management, and performanceSoftware Testing and Maintenance 15Tips - ReviewersCritique the code, not the personAsk questions rather than make statementsPoint out good things, not only weaknessesRemember that there is often more than one way to approach a solutionRespect, be constructiveSoftware Testing and Maintenance 16Tips - Developers Remember that the code isn’t youTry to maintain coding standardsCreate a checklist of the things that the code reviews tend to focusRespect, and be receptiveSoftware Testing and Maintenance 17DontShould not use it for performance measurementAvoid emotions, personal attacks, and defensivenessAvoid ego and politicsNo code changes after the review copy is distributedSoftware Testing and Maintenance 18The Seven Deadly SinsParticipants don’t understand the review processReviewers critique the producer, not the productReviews are not planned, and reviewers are not preparedReview meetings drift into problem-solving.The wrong people participate.Reviewers focus on style, not substance.Software Testing and Maintenance 19Tool SupportTools that try to automate the workflowRietveld (Google), Review Board (reviewboard.org), Code Striker (Sourceforge), Java Code Reviewer (Sourceforge), Code Collaborator (SmartBear), and many others Tools that try to automate the actual inspectionCheckstyle: check compliance with coding standardsSplint: check C programs for security vulnerabilitiesBLAST: a software model checker for C programsAnd many othersSoftware Testing and Maintenance 20SummaryOne of the most effective ways to improve code qualityIt is the code that is being reviewed, not the developer.A good opportunity for knowledge sharing and team building. Code review should be an integral part of the development process.Software Testing and Maintenance
View Full Document