Code Reviews (Peer Reviews)
This is step 6 in a series of articles, starting with Seven Steps To Quality Code – Introduction.
Code reviews seem to me to be the aspect of software development that every organisation incorporates into their “standard process”. Very few organisations appear to actually do it. Unfortunately, when deadlines are tight and the pressure’s on, the code review is the first thing to get dropped. All too often, when deadlines aren’t so tight and the pressure is less, it is still the first thing to get dropped.
In my view, this is a great shame as it is a real opportunity to reap massive benefits. Benefits such as:
- Encourages better code
- Catching bugs early
- Spreading knowledge about code
- Improving code reuse
- Improving maintainability
- Validating requirements are met
- Reinforcing, creating or evolving team standards
These lead to the more general benefits that we are trying to achieve by increasing code quality:
- Reduced costs
- More reliable software
- Happier customers
I’ll discuss each of the direct benefits individually.
Encourages Better Code
If you are writing some code that you know will never be seen by anyone else, there will always be the temptation to take a few shortcuts – it doesn’t matter that I spelt that variable name wrong, it’s OK that I just copied and pasted that bit of code. However, if you are coding in a situation where you know that someone else will be looking at your code, you will take more care to do it right. No one wants to look like the lazy guy that couldn’t be bothered.
Catching Bugs Early
As we already know, the earlier a bug is caught the cheaper and easier it is to fix. At code review time, fixing a bug is an awful lot easier and cheaper than when the software is live and in use by multiple customers.
Spreading Knowledge About Code
Keeping code hidden and secret is a “Bad Thing”. Code should be exposed and available to other members of the team so that several people understand it and therefore can maintain and/or extend it.
The term “Bus Factor” is used to indicate the extent at which knowledge is spread in a team – it is the number of people that would need to be hit by a bus before a project could not continue. A high bus factor is therefore something to aim for and code reviews will help in this regard, reducing the risk in the project.
Improving Code Reuse
Spreading knowledge also leads to improved code reuse. When a reviewer sees the same pattern of code that has been used elsewhere, this can be raised as a review point and refactored to make use of a shared method or component or whatever.
More subtly, during a code review the participants will become aware of code that may be reused in the future. For example, when Sally reviews John’s code she sees that he has created a method to remove the tax from a sales price. Next time she wants to do the same thing, she’ll know that the feature has already been written.
For code to be maintainable, it has to be understandable. A code review is an excellent way to determine if this is the case. If another developer can’t make sense of the code that has been written, then it should be refactored to be more understandable.
Validating Requirements are Met
The code review is an ideal opportunity to check that the code under review actually does what it is supposed to do. Just like catching bugs earlier, if this kind of defect can be caught earlier, they are easier and cheaper to fix.
Reinforcing, Creating or Evolving Team Standards
The more that code is shared and discussed, the more concensus will form around the standards that the team expects. When code doesn’t adhere to the standards, it can be discovered and corrected or perhaps it can prompt a change in the standard. This cannot happen without reviews.
Relationship to the Other Steps in the “Seven Steps”
This is step 6 in the Seven Steps and is heavily dependent on the previous steps. Traditionally, code reviews are often peppered with lots of points about stylistic differences, casing issues etc. Because these sort of issues will have been addressed automatically by StyleCop and other detectable issues will have been addressed by Code Analysis, a review can focus on more important things like efficiency and understandability and whether or not the code actually satisfies the requirements.
OK, So How Do We Do It?
A critical thing to remember is that it’s an area where diplomacy and sensitivity need to play a big part. A lot of the time, there will be deep emotional attachment to the code that has been written. Recognise that this is the case – you know how it feels when someone criticises that piece of work that you’ve been lovingly crafting for the last 2 weeks.
So, in light of this, I would suggest that it isn’t made into a big event. It shouldn’t be the whole team doing the review. This is a recipe for stress, humiliation and unhappy developers. Make it a conversation. A conversation between 2 people about the code in front of you. Whenever possible, make it in person, sharing a workstation.
It is better to view it as working together to produce better software, rather than viewing it as a superior performing an inspection on a subordinate’s work.
It’s also important to remember that when reviewing someone else’s code, the fact that you “would have done it differently” doesn’t necessarily mean the code is wrong. In fact, exposure to different ways of thinking or of solving the problem is one of the extra benefits of code reviews.
We’re nearly there. We have one last step to discuss – automated tests.