Some Thoughts on Code Reviews

by Jim Dec 10, 2009 12:26 PM

We’ve been having a little difficulty around the office with code reviews. We want to do them more often. There are all the usual conflicts about finding the time and charging the client for it, but additionally there’s a whole lot of confusion about what constitutes a code review.

So here are a few of my thoughts.

1.) Code reviews are about fixing code.
They can and should help the people involved learn from their errors, adopt better practices, and write better code. But what's the point of examining a piece of code and finding its weak points, and then leaving that bad code in your project? Fix it! Fix it now! Fixing the code while the code review is fresh in you mind will help make the review's lessons more concrete, and teach you how to implement any abstract concepts. It will help you remember what you've learned, for the next time you need it.

2.) Code reviews are not post-mortems.
This follows from point one. If you do a code review near the end of the project, when QA is well into their testing, then you can't go in and fix the code. Though the point is to make it better, you can always introduce new bugs. Thorough Unit tests greatly reduce the risk of refactoring, but it's always there.
Do code reviews early, so code can be refactored before problems propagate, and before QA has tested affected areas. If the code is off-track, finding and fixing the problem early reduces the effort needed to fix it, and greatly increases the likelihood that the fixing will get done. Management is not going to let you refactor the whole data layer when QA is almost done.

3.) A code review is a discussion, not a report.
A code review might find bugs, or clear violations of company coding policies, which are unequivocally wrong. But mostly it's about best practices and design principles. Very often there are pros and cons and underlying reasons, that aren't immediately obvious. And often these are matters of opinion. It's not about imposing rules and telling people what to do. It's about learning the reasoning, the "why," so that we can apply these lessons to new situations.
For this reason, a code review isn't just an enumerated list of things that were done wrong. It's a discussion about how everyone can improve their code.
And the more people in the room, the better, on both sides of the table. If we're going to talk about best practices, let's all benefit from it.

Tags:

Code

Permalink | Comments (3)

Comments

2/7/2010 1:00:07 PM #

Jesse Gibbs - Atlassian

Great article!  I'll pre-disclose that I work for a code review tool vendor (Atlassian).  That said, the points you made are the perfect arguments for using a tool to assist in code reviews.  Consider:

* Code review tools can be integrated into your daily workflow, the same way you check your email.  This allows you to perform reviews in incremental steps, such as on a per-commit basis.

* Code reviews are absolutely more effective when they are done as the code is being written, not late in the project or even after you've shipped.  Code review tools make it easy to initiate a review before or after you commit changes to the source code repository.

* Code reviews are discussions, and not just for finding bugs.  They can be a great way to 'on-board' new members to the team, cross-train developers on the entire codebase, and create an easily searchable historical record of important design decisions.

* Code reviews with a bunch of people in a room are useful, but often impractical because it is difficult to schedule and has a high opportunity cost.  With a code review tool, the benefits of code reviews can be achieved without requiring meetings.

Jesse Gibbs - Atlassian

2/7/2010 1:00:07 PM #

Jim

Feels a little spammy to have code review tool vendors commenting on my post. Biased, a little?

I've worked with Atlassian's Jira and Bamboo and they're good products. The code review tool might be good for some people in some situations. I think what I'm looking for as a senior developer is higher-level feedback on architecture and the like, and these sorts of issues are rarely reflected in a single check-in.

Jesse mentions making design decisions as part of the code review, and the screenshot on their website shows users debating one. I make design decisions before I write the code. That doesn't mean BUFD - the decision might be made 5 minutes before.

Come to think of it, the project I used Jira on worked that way - write some code based on the vaguest of requirements, and then we'll decide how the app should work. That project slowly circled the drain of indicision, and was abandoned after many hours of development.

Jim

2/7/2010 1:00:07 PM #

gsporar

Great post - just one comment: "... the more people in the room, the better...."

You don't have to have a meeting in order to conduct a code review.  Admittedly, I'm biased because I work for a company that sells a code review tool that makes it possible to do code reviews without meetings.  In many cases, it is possible to find the time for code review if meetings are not required.

gsporar

Add comment


(Shows Gravatar icon; will not be displayed)

  Country flag
Click to change captcha
biuquote
  • Comment
  • Preview
Loading