Code review

Code review is systematic examination (often as peer review) of computer source code. It is intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers' skills. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections.[1]

Contents

Introduction

Code reviews can often find and remove common vulnerabilities such as format string exploits, race conditions, memory leaks and buffer overflows, thereby improving software security. Online software repositories based on Subversion (with Redmine or Trac), Mercurial, Git or others allow groups of individuals to collaboratively review code. Additionally, specific tools for collaborative code review can facilitate the code review process.

Automated code reviewing software lessens the task of reviewing large chunks of code on the developer by systematically checking source code for known vulnerabilities.

Capers Jones' ongoing analysis of over 12,000 software development projects showed that the latent defect discovery rate of formal inspection is in the 60-65% range. For informal inspection, the figure is less than 50%.[citation needed] The latent defect discovery rate for most forms of testing is about 30%. [2]

Typical code review rates are about 150 lines of code per hour. Inspecting and reviewing more than a few hundred lines of code per hour for critical software (such as safety critical embedded software) may be too fast to find errors. [3] Industry data indicate that code review can accomplish at most an 85% defect removal rate with an average rate of about 65%. [4]

Types

Code review practices fall into three main categories: pair programming, formal code review and lightweight code review.[1]

Formal code review, such as a Fagan inspection, involves a careful and detailed process with multiple participants and multiple phases. Formal code reviews are the traditional method of review, in which software developers attend a series of meetings and review code line by line, usually using printed copies of the material. Formal inspections are extremely thorough and have been proven effective at finding defects in the code under review.

Lightweight code review typically requires less overhead than formal code inspections, though it can be equally effective when done properly.[citation needed] Lightweight reviews are often conducted as part of the normal development process:

  • Over-the-shoulder – One developer looks over the author's shoulder as the latter walks through the code.
  • Email pass-around – Source code management system emails code to reviewers automatically after checkin is made.
  • Pair Programming – Two authors develop code together at the same workstation, such is common in Extreme Programming.
  • Tool-assisted code review – Authors and reviewers use specialized tools designed for peer code review.

Some of these may also be labeled a "Walkthrough" (informal) or "Critique" (fast and informal).

Many teams that eschew traditional, formal code review use one of the above forms of lightweight review as part of their normal development process. A code review case study published in the book Best Kept Secrets of Peer Code Review found that lightweight reviews uncovered as many bugs as formal reviews, but were faster and more cost-effective.

Criticism

Historically, formal code reviews have required a considerable investment in preparation for the review event and execution time.

Some believe that skillful, disciplined use of a number of other development practices can result in similarly high latent defect discovery/avoidance rates.

Use of code analysis tools can support this activity. Especially tools that work in the IDE as they provide direct feedback to developers of coding standard compliance.

See also

References

  1. ^ a b Kolawa, Adam; Huizinga, Dorota (2007). Automated Defect Prevention: Best Practices in Software Management. Wiley-IEEE Computer Society Press. p. 260. ISBN 0470042125. http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470042125.html. 
  2. ^ Jones, Capers; Christof, Ebert (April 2009). "Embedded Software: Facts, Figures, and Future". IEEE Computer Society. http://doi.ieeecomputersociety.org/10.1109/MC.2009.118. Retrieved 2010-10-05. 
  3. ^ Ganssle, Jack (February 2010). "A Guide to Code Inspections". The Ganssle Group. http://www.ganssle.com/inspections.pdf. Retrieved 2010-10-05. 
  4. ^ Jones, Capers (June 2008). "Measuring Defect Potentials and Defect Removal Efficiency". Crosstalk, The Journal of Defense Software Engineering. http://www.stsc.hill.af.mil/crosstalk/2008/06/0806jones.html. Retrieved 2010-10-05. 
  • Jason Cohen (2006). Best Kept Secrets of Peer Code Review (Modern Approach. Practical Advice.). Smartbearsoftware.com. ISBN 1599160676. 

External links


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Code-Review — Mit dem Review werden Arbeitsergebnisse der Softwareentwicklung manuell geprüft. Jedes Arbeitsergebnis kann einer Durchsicht durch eine andere Person unterzogen werden. Das Review ist eine statische Testmethode und gehört in die Kategorie der… …   Deutsch Wikipedia

  • Code Review — Mit dem Review werden Arbeitsergebnisse der Softwareentwicklung manuell geprüft. Jedes Arbeitsergebnis kann einer Durchsicht durch eine andere Person unterzogen werden. Das Review ist eine statische Testmethode und gehört in die Kategorie der… …   Deutsch Wikipedia

  • code review — 1. noun a) (uncountable) The practice of identifying and verifying the choice of algorithms, coding styles and compliance with the software design. After several painful episodes, weve decided to adopt code review for all major changes. b)… …   Wiktionary

  • Code review — Инспекция кода или рецензия кода или ревизия кода от (англ. Code review или англ. Code inspection)  систематическая проверка исходного кода программы с целью обнаружения и исправления ошибок, которые остались незамеченными в… …   Википедия

  • Automated code review — software checks source code for compliance with a predefined set of rules or best practices. The use of analytical methods to inspect and review source code to detect bugs has been a standard development practice. This process can be accomplished …   Wikipedia

  • Code Reading — (ISBN 0 201 79940 5) is a 2003 software development book written by Diomidis Spinellis. The book is directed to programmers who want to improve their code reading abilities. It discusses specific techniques for reading code written by others and… …   Wikipedia

  • Code reviewing software — is computer software that helps humans find flaws in program source code.In can be divided into two categories: * Automated code review software checks source code against a predefined set of rules and produces reports. * Different types of… …   Wikipedia

  • Review (Softwareentwicklung) — Mit dem Review werden Arbeitsergebnisse der Softwareentwicklung manuell geprüft. Jedes Arbeitsergebnis kann einer Durchsicht durch eine andere Person unterzogen werden. Das Review ist eine statische Testmethode und gehört in die Kategorie der… …   Deutsch Wikipedia

  • Review (Softwaretest) — Mit dem Review werden Arbeitsergebnisse der Softwareentwicklung manuell geprüft. Jedes Arbeitsergebnis kann einer Durchsicht durch eine andere Person unterzogen werden. Das Review ist eine statische Testmethode und gehört in die Kategorie der… …   Deutsch Wikipedia

  • Code refactoring — Refactor redirects here. For the use of refactor on Wikipedia, see Wikipedia:Refactoring talk pages. Code refactoring is disciplined technique for restructuring an existing body of code, altering its internal structure without changing its… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.