What is a Code Review, what approaches exist and what are the advantages?
Ensuring software quality
A code review is a systematic investigation of source code with the aim of finding errors and deficiencies in the code and/or improving the quality of the code and thus the software. A code review – also known as a code check – is therefore a quality assurance measure for software development.
There are different approaches for a code review:
- With automatic e-mail dispatch, the version or configuration management system automatically sends a message with a link to the new or changed lines of code to a predefined reviewer.
- In pair programming, two developers work together on the same code and thus continuously check each other’s work. The code review is directly integrated into the software development process and the quality of the software could at least in theory be higher than with a separate development. A disadvantage is the possible lack of objectivity of the development partners.
- When “looking over the shoulder” or “walking through” the developer looks for a qualified colleague after the completion of his code, who checks the implementation, while he receives explanations about the code and the functionality from the author. This approach is considered informal, but is also very simple and lightweight, especially since the findings can be implemented and versioned directly in the code.
- The software-based code reviews are either browser-based or directly in a development environment. They follow a formal approach in which, among other things, they document comments and proposed solutions so that they can be reproduced at a later point in time. In addition, they also enable asynchronous notifications, the definition of responsibilities or the execution of checks from your own workstation.
Functional reliability, correctness and specification
Which contents are examined and improved in a code review cannot be answered universally. Some teams prefer to review each change, while others define a threshold level where a review is not required. On the one hand, organisations should try to find a good balance between effectively using stakeholders’ time and maintaining or improving code quality. In certain regulatory environments, code reviews may even be required for minor changes. On the other hand, it is also not sufficient to check the code only for functional reliability and freedom from errors, because the present code is not the benchmark, but the task it is supposed to fulfil. A comparison with the specification is necessary here.
Regardless of the experience and reputation of the developers, it makes sense to perform code checks, because even lines of code from experienced developers can often be optimised and freed from code smells. Ideally, a code review is also a good opportunity for mentoring or improving collaboration among colleagues.
Best Kept Secrets of Peer Code Review, published in 2006, describes a case study that states that lightweight, non-formal code reviews reveal as many bugs as formal reviews, but are faster and cheaper.
Smartbear Software published the results of a 2018 survey of 1,100 software developers on the benefits of code reviews:
- improved software quality 90% 90%
- sharing knowledge within the team 73% 73%
- compliance with code standards/conventions 59% 59%
- ability to mentor less experienced developers 57% 57%
- improved collaboration 52% 52%
- Reduced project costs and times 37% 37%