A number of studies have been conducted on the benefits of code reviews. And the results have been somewhat conflicting and surprising. While they do agree that code reviews are essential to ensuring high quality of the code, statistics have been giving mixed reviews.
One study states that formal code reviews found close to 80% defects, while a study by Microsoft revealed that only 15% of defects were found. Shull et al came to the conclusion that formal reviews found about 60% of the bugs with a high range of variance between projects.
In order to bridge the gap and make the best use of code reviews, the best practices outlined in this blog can be helpful.
If you know about code reviews, you can skip the introduction and go directly to the practices that will ensure your code reviews are top notch.
What is a code review?
Code reviews are performed to improve the quality of the code. The code review which is sometimes also referred to as peer review is a time-tested and tried-out method for examining the software source code. It involves testing the source code to catch any bugs at an early stage. It is typically conducted before merging with the codebase. Here, the source code is reviewed for the correctness of code, formatting issues, and inconsistencies with system requirements that might lead to bigger issues during software integration.
The reviewers usually look for four main areas during the review process:
- Code issues
- Formatting consistencies
- Documentation quality
- Checking if the coding matches the project requirements
The process of code review has evolved over a while with the new developments in the software development cycle, however, the core intention remains the same. The basic idea is to inculcate the sense of collective ownership in the software development team which develops when they inspect the code as a team.
Benefits of peer reviews:
Code reviews offer many benefits which include:
- Improves code quality: Code reviews help in catching the errors before they get out of control and help in the seamless integration of software and functionality.
- Maintains consistent standards: Code review helps maintain consistent coding style and standards across all the applications being developed within the company. It essentially helps faster response to errors
- Better software security: With multiple takes on building a high-security application, targeted security reviews help in offering better security.
- Gains stakeholders’ confidence: Peer reviews help in gaining better confidence of the stakeholders while it also improves the general perception of the team in a refined way.
- Works as a team-building exercise: Code review essentially helps in balancing the team and saves team members from isolation by sharing each others’ skillsets and weaknesses.
- Enables developer time off: If an original developer is the only one involved then they become the solely accountable resource for the development. Code reviews help knowledge sharing which means a single developer need not be tied down to the desk and they can take time off as needed. Freedom to take a vacation or spend time working on different areas is possible with peer reviews.
- Enables knowledge transfer: Code that is under review helps the developers in coming up with reliable methods and best practices.
- Mentors new engineers: When new engineers review the code, it gives a fresher perspective on the codebase. Code reviews facilitate knowledge-filled conversations with experienced members.
- Improves the software documentation process: Peer reviews help in creating better documentation for every feature new feature added after the code review it is documented as well.
- QA testing gets easier: If the code standard is not up-to-the-mark, it becomes difficult for the QA engineers to test the code and thus yielding in poorer tests. It can lead to software development delays due to persistent testing and reworking.
Code review – Best practices
With peer reviews, the ultimate goal is to ensure that there is no room for errors. These best practices will ensure how well the code review process can be optimized for maximum results.
Review less than 400 lines of code at a time
According to a study, peer review should not be for more than 400 lines of code in a single stretch as the brain can process the information effectively only so much. If the peer review is done for more than this limit, the ability to detect the bugs is reduced.
Plan it well
The code reviews conducted in a well-spaced manner with enough time on hand are found to produce better results. A reasonable quantity of code should be reviewed in a limited amount of time, say 60-90 minutes.
Set tangible goals and metrics
List down what you hope to achieve with peer review. This will give you a quantifiable picture of how your code is improving.
Record the key metrics
Maintain a record of the metrics such as the number of lines inspected in a certain time, defect identification rate, how many defects are identified per 60 minutes of review, defect density rate, the average number of bugs detected in every line, etc.
Authors to annotate
Before the peer review starts, the authors should direct notes to the peer reviewers to simplify the process. They should leave notes as to which files should be reviewed first, the order, the reason for code modification, etc.
Maintain a code review checklist
Checklists help in removing the commonly made errors. It helps in setting clear expectations as to what the reviewers hope to detect, which can help in the reporting and improvement process.
Log and fix the defects instantly
Using a collaborative tool to log the errors is highly recommended as it allows for a detailed discussion of bugs and enables approved code changes.
Build accountability
The peer-review inculcates a sense of responsibility in the code authors. It provokes the developers to build cleaner code as they are aware of the fact that their peers will review it. Spot checking is found to detect 20-30% of defects right away.
Authors to leave comments
Leave no scope for ambiguity. Even professional coders sometimes get confused about what the code is for and take significant time to understand that piece of code. It is especially recommended to leave comments for checking variables, functions, loops, and conditional statements.
Decentralize information
All the team members should be on the same page when the code review is conducted. A uniform understanding of the code is essential which is possible through sharing of information down the line.
Different code review tools
An effective code review process prevents bugs and errors from creeping into the project. As the primary objective of peer review is to increase the efficiency of the code, the code review tools enhance the efficiency multifold. The code review tool essentially automates the code review process while the reviewer can focus on the code alone.
In this section, we will discuss various code review tools that help in peer review.
Review Board
- Open-source code review tool that enables pre-commit and post-commit code reviews based on the requirements.
- You can either integrate the version control system (Git, Mercurial, CVS, Subversion, and Perforce), else you can upload the Diff file with changed code to the tool for review.
- Graphically compare changes in the code.
Read more https://www.reviewboard.org/
Crucible
- Crucible is another code review tool developed by Atlassian.
- It is a commercial suite of tools that enables code review, log plan changes, and identifying bugs across the version control systems.
GitHub
- GitHub has an inbuilt code review tool which is a part and parcel of the GitHub core service.
- It is a great tool that does not require any installation or configuration.
- There are free and paid plans for leveraging the tool.
- GitHub allows the reviewer to review the code in the code repository by assigning themselves to a pull request.
Read more https://github.com/features/code-review
Phabricator
- Open-source set of tools that you can download and install on your server.
- It is offered by Phacility which also provides the cloud-based version for code review.
Read more https://www.phacility.com/phabricator/
Collaborator
Collaborator is another code review tool offered by SmartBear.Offered by SmartBear.
- Allows the reviewers to review design documents as well.
- Commercial product that can meet your business requirements after the free trial period.
- It can integrate with a wide range of version control systems, project management tools, and IDEs like Eclipse, Jira, and Visual Studio.
- Helps in audit management alongside bug tracking.
For code review that involves enterprise software, Collaborator could be your go-to tool. Read more https://smartbear.com/product/collaborator/overview/
Do keep in mind that…
Code review is crucial and indispensable in the software development process. Early and often feedback is the secret to writing better code – so don’t shy away from involving others, whenever the need be. This means, if you need feedback earlier in the development cycle, do not wait for a code review.
This will make your work better and, in turn, makes your colleagues better code reviewers – and the cycle continues!
For fault-free application development using Agile methodologies and high-quality software, just holler!
