Best Code Review Techniques

Code review standards

Code review is a process in software quality assurance where one or more persons examine and evaluate a program mostly by looking at and reading selected portions of its source code. As part of the software quality assurance process, the source code of the product is examined manually or automatically using a code review tool. 

This is done for finding bugs, fixing errors, examining compliance with accepted coding standards, readability, and maintainability of the code, availability of duplicates, etc. Every piece of software or new feature created within the firm is checked for quality using this process. 

Creating a robust code review procedure lays the groundwork for ongoing development and stops insecure code from being released to users. In order to increase code quality and make sure that every piece of code has been reviewed by some other team member, code review techniques should be incorporated into the routine of teams working on software.

When performing code reviews, here are the things to keep in mind for effective review.

• Code review should be quick with timely responses and feedback. Code review analysis should be done immediately after a new code is committed/pushed so the developer can have immediate feedback.
• Code Review should be educative and inspirative. Since the main objective of the process is to improve code quality, the reviews conducted then should be a means of sharing knowledge and experience among co-workers.
• Code review should accompany tests. Reviewing a code without performing the necessary test may leave bugs and security flaws within the code unresolved.
• Comment and encourage good coding after code review. It is worthwhile to let the owner of the code know he is doing a good job. Code review is not only for finding mistakes but also to encourage programmers.
• Code reviews must follow standard coding practices. A review should not be based on individual assumptions but must follow generally accepted principles that can be referenced and cited. This is to ensure that everyone adheres to the coding standards, style guides, and principles of the language adopted for software development.
• The results of the review can often cause disagreements between the reviewer and the developer. The programmer may not accept the correctness or relevance of the comments made. Such disputes should be resolved by adhering to common practices outlined in the coding style standards manual, and by taking into account the opinions of experts who have extensive experience in the field in question. 

Examples of code review comments

1. Improving code efficiency
   • "Consider using a dictionary instead of a loop to check if an item exists in the list."
   • "This section of the code can be refactored to use a generator expression."
2. Improving readability
   • "The variable name 'temp' is not descriptive enough, please consider a more meaningful name."
   • "The function can be made more readable by adding a docstring explaining its purpose."
3. Error handling
   • "This code does not handle exceptions properly, please add a try-except block to handle possible errors."
   • "It is not appropriate to return None in this case, consider throwing an exception instead."
4. Security
   • "Make sure to properly sanitize user input to avoid XSS and SQL injection attacks."
   • "Consider using a library like hashlib to securely hash passwords instead of the sha256 module."
5. Test coverage
   • "This code needs more test cases to ensure full coverage and prevent regressions."
   • "Please add negative test cases to verify the code's behavior in unexpected conditions."
6. Code standards and best practices
   • "The function should not have a side effect, please refactor it to only return a value."
   • "Avoid using global variables, consider using class properties or function arguments instead."

Best practices for code review

Here are the best practices for code review to be effective and productive.

• Set Company’s Goals and Standards. Prior to starting a code review process, it is crucial to choose key indicators and establish clear objectives. The company's goals include having appropriate programming standards. By establishing standards, the company can ensure that any software product it develops complies with those requirements. 

• Create a Checklist for Code Review. A code review checklist is an established collection of guidelines and questions that your organization will adhere to throughout the code review procedure. This gives you the advantage of an organized approach to the necessary quality checks before you approve code into the codebase.

• Put some metrics in place for code review. Code quality cannot be corrected without measurement. By using objective metrics, you may examine the effects of change requests and assess the effectiveness of your evaluations.

• Limit the number of lines of code to review at a time. This is to ensure that the review is done at the same level of efficiency.

• Adopt an automation tool for code review. Each software organization should take use of automated code review technologies. Code review times can be cut down to a few seconds with the use of tools like these. They are able to scan the entire codebase in less than a minute, discover errors, and code duplicates, and offer fixes. Among the tools we can list are PVS-Studio (detects typos, dead code, and potential vulnerabilities), SonarQube (checks for errors, coding standards compliance, and technical debt), AppRefactoring (detects duplicates and intersections of code fragments, providing information for refactoring), Codacy (detects errors in code, security issues) and others.

• Give positive feedback on code reviews. The source code can be a result of pair programming, therefore, it is beneficial to give feedback for positive changes and recommendations.

Sample code review checklist

1. Code structure
   • Proper indentation and formatting
   • Naming conventions and clear code organization
   • Commenting and documentation
2. Performance
   • Code efficiency and optimization
   • Avoidance of resource-intensive operations
3. Security
   • Input validation and sanitization
   • Secure coding practices (e.g. avoiding SQL injection)
   • Protection against common threats (e.g. XSS)
4. Functionality
   • Correct and expected behavior of code
   • Error handling and debugging
5. Test coverage
   • Adequate testing and code coverage
   • Proper test cases and conditions
6. Code standards and best practices
   • Adherence to industry standards and conventions
   • Reusability, maintainability, and scalability
   • Proper error and exception handling.

Duplicated code analysis

One of the most important features of code review is analyzing code for the presence of duplicates and overlaps. The code review team should keep duplicate code under control so that it is easier to make necessary changes in the future and reduce technical debt. 

The percentage of lines of duplicate code to the total number of lines of code can be used as a metric. You can find and remove duplicate code by using tools like AppRefactoring, which speeds up code analysis. This application helps to remove duplicate code and perform software refactoring.

Conclusion

The main objective of code review is for the overall quality and security of the software system. Reviewing peers' codes should not be intimidating or discouraging. Set standards for code review, introduce metrics, and adopt an automation tool, to assist in the process of analyzing the source code for changes and improvements.