What are the types of code reviews?
There are two types. (1) Static and (2) Logic. Static code reviews ensures that the naming conventions are followed or not, syntax checks, common mistakes etc. And today, the static code reviews are done by the tools since its more of standard rules. Some examples of static code review tools are FindBug, PMD, CheckStyle etc. For the second type of code review, i.e., Logic, the program logic is reviewed such as logical errors, code smells, requirements to design and design to coding defect review, dead codes etc
What is dead code and how dead code is identified?
Dead code is not reachable code. The code is simply present in the source files but does not have any execution path, in other words there is no test case that can be defined to test the code. Hence the dead code is identified and eliminated during the code reviews. Identifying the dead code is tricky unless there are 100% test cases written. Code coverage reports are one way to find dead code however as I said there must be hundred percent test coverage. Just by looking at the references for a given method in the entire source project does not suffice. Some methods are not at all referenced but still get called via reflection mechanisms. And there will be callback methods, callbacks get called based on certain events.
Some examples of dead code are: int n = 3+1; if (n==5) { //some code }, unused variables. Best way to identify these kind of code is to look for warnings given by the IDEs. We may have to increase the warning level in the IDEs (Every IDE has the option of increasing the warning level) to find out all possible code warnings. By default some warnings are ignored by the IDEs.
What else to look for in the code review?
Global states: Typically global variables are, singletons, static variables are the global states in the code. The problems with the global states are (1) Non-locality -Global states can be read and modified by any other part of the program making it difficult to remember or reason about every possible use and side effects. So change at one place can affect a seemly unrelated code (2) Implicit Coupling - Between global state and other modules. (3) Concurrency Issues - Any change in the global states affects all the concurrency issues. So minimize the use of global states
1. No global variables
2. Minimize class static variables
3. Minimize singletons
Magic Numbers: Consider the declarations such as int TWENTY_FIVE = 26, int ONE = 1 etc
Code Smells: Intuitive feeling that something is wrong with the code is what is called code smells. Highly experienced and knowledgeable developers have a feeling for good design. They routinely practice good design without thinking about it too much.
The following diagram summarizes the effective code review (Click on the image to zoom)
ASSUMPTIONS
There are two types assumptions while developer is coding. (1) Implicit Assumption and another (2) Explicit Assumption. Assuming something during while code development will definitely have side effects. Lets take a simple example to better understand the types of assumptions. Say a developer codes the instruction as char filename[256]. Here it is assumed that file length is always up to 256 characters and this is an example of explicit assumption. And this also has a side effect, this code works only with English Operating Systems, when the code has to run in Japanese OS, this will crash since it does not implement Unicode and this is an example for implicit assumption.
Typical implicit assumptions
1. User is expected to call function X() only once.
2. User is expected to call function X() before calling function Y().
3. There are no side effects of overwriting the value of Z
4. Assumptions about underlying OS (Supported OS, file name sizes, path separators etc)
Great blog. There are lots of code review tools are available. It is always a challenge to pick right code review tools. This blog nicely explain what to look for in the code review and principles of code review.
ReplyDelete