goksn

 Profile Answers by goksn 

• Aug 13th, 2009

 

Code review should be unbiased (should not be against the programmer)
Code review should cover the following aspects also,
      -Security
      -Performance
      -scalability
      -Portability
-Review comments should be precise, practically possible to implement and unambiguous

mathan_vel

 Profile Answers by mathan_vel Questions by mathan_vel

• Aug 14th, 2009

 

Code review is systematic examination (often as peer review) of computer source code intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers' skills. Code reviews can often find and remove common vulnerabilities such as format string exploits, race conditions, memory leaks and buffer overflows, thereby improving software security.

Code review practices fall into two main categories: formal code review and lightweight code review.

Formal code review, such as a Fagan inspection, involves a careful and detailed process with multiple participants and multiple phases. Formal code reviews are the older, traditional method of review, in which software developers attend a series of meetings and review code line by line, usually using printed copies of the material. Formal inspections are extremely thorough and have been proven effective at finding defects in the code under review. However, some criticize formal reviews as taking too long to be practical.

Lightweight code review typically requires less overhead than formal code inspections, though it can be equally effective when done properly. Lightweight reviews are often conducted as part of the normal development process:

    * Over-the-shoulder – One developer looks over the author's shoulder as the latter walks through the code.
    * Email pass-around – Source code management system emails code to reviewers automatically after checkin is made.
    * Pair Programming – Two authors develop code together at the same workstation, such is common in Extreme Programming.
    * Tool-assisted code review – Authors and reviewers use specialized tools designed for peer code review.

Some of these may also be labeled a "Walkthrough" (informal) or "Critique" (fast and informal).

Many teams that eschew traditional, formal code review use one of the above forms of lightweight review as part of their normal development process. A code review case study published in the book Best Kept Secrets of Peer Code Review found that lightweight reviews uncovered as many bugs as formal reviews, but were faster and more cost-effective.