The document outlines an approach to code review that includes precommit code reviews, in-depth code reviews, and the use of checklists. Precommit code reviews ensure that every line of code is reviewed before being committed. In-depth code reviews select important code for deeper inspection based on analysis, complexity, or issues. The process involves preparing a review guide, conducting inspections using various techniques, and creating follow-up tasks to address observations. Checklists are used to focus reviewers on common issues and evolve over time.
1. Code Review: An Approach
Presented by Steve Essich
https://www.linkedin.com/in/sessich/
2. Code Review Highlights
• Code Review Checklist
– Provide reminders about common issues
– Shorten code reviews with changing focus over time
• Precommit Code Review
– Ensure every line of code is reviewed at least once.
– Jira task is created to represent the PCR
– Code is inspected prior to being committed
– Informal (over the shoulder) (consider tool assistance)
• In-Depth Code Review
– A selection process identifies code to be reviewed
– Author prepares a review guide
– Review team conducts inspection
Code Review: An Approach linkedin.com/in/sessich
3. Code Review Checklist
• Remind developers of common issues as they
write and maintain code
• Focus reviewers attention as they conduct
reviews
• Evolve over time as the issues change.
• Different checklists will be required for
different kinds of code.
Code Review: An Approach linkedin.com/in/sessich
4. Precommit Code Review
• Ensure all new or changed code is reviewed.
• Reviewer(s) will tend to be part of author’s team
• Conducting the review…
– Informal: Over the shoulder, walkthrough style
• Author explains the code / changes
• Code review pace is largely driven by author
• Can be done remotely using screen sharing
• Author responds in real-time to comments, suggestions and
questions
Code Review: An Approach linkedin.com/in/sessich
5. Code Review: An Approach
In-Depth Code Review
linkedin.com/in/sessich
6. In-Depth Code Review
(continued)
• The IDCR process is triggered by an event that is
TBD.
• Assumption:
– Candidate files have changed since the last
triggering event.
• Connect Tech Leads…
– Choose files for IDCR
– Assign review team members.
– Determine the inspection technique
• Tool assisted, facilitated group inspection, etc.
– Schedule the inspection
Code Review: An Approach linkedin.com/in/sessich
7. In-Depth Code Review
(continued)
• Files are chosen for IDCR based on:
– Static code analysis results
– Core / framework logic
– Interface between subsystems
– Complexity
– Issue prone
– Tech lead recommendation
Code Review: An Approach linkedin.com/in/sessich
8. In-Depth Code Review
(continued)
• An issue / story is created in Jira for each file
chosen for IDCR. The description includes:
– The reason for selection
– Specific issues or code segments that require closer
inspection.
• Schedule a task…
– Assigning the author to prepare a review guide
– Assigning reviewers to prepare for and conduct the
inspection
Code Review: An Approach linkedin.com/in/sessich
9. In-Depth Code Review
(continued)
• Author prepares a review guide prior to the
inspection.
– The review guide materials are linked to the task.
– The author updates the status of the associated
task.
– Identify stories, defects (or other requirements)
– Identify related design work products
– Other documentation as necessary to put the file
into context
Code Review: An Approach linkedin.com/in/sessich
10. In-Depth Code Review
(continued)
• Inspection techniques may vary…
– Facilitated group meeting
• Reviewers prepare prior to the meeting.
• Facilitator conducts the inspection
• Observations are discussed and recorded
• Author participates
– Reviewers conduct inspection and record
observations.
• Consider tool assistance
Code Review: An Approach linkedin.com/in/sessich
11. In-Depth Code Review
(continued)
• Status of review tasks are updated.
• Post-review tasks are created to address
observations…
– For the author to acknowledge, address or
mitigate observations
– Re-inspection tasks for subset of review team to
ensure observations have been mitigated.
Code Review: An Approach linkedin.com/in/sessich
12. In-Depth Code Review
(continued)
• Status of post-review tasks are updated
• Additional tasks may be created.
• Best Practices
– Limit review to <400 lines of code
– Limit review length to <90 minutes
Code Review: An Approach linkedin.com/in/sessich
13. Next Steps
• Code Review Checklist
– Create checklist(s)
• Precommit Code Reviews
– How do we ensure compliance?
• In-Depth Code Reviews (IDCR)
– Identify triggering event(s)
– Create code selection process
– Identify reviewer selection guidelines
– Specify code inspection process
• Investigate use of Tools
Code Review: An Approach linkedin.com/in/sessich
Editor's Notes
This will improve the effectiveness of the review. Too much code or too long a review will not result in the identification of additional issues.
This will improve the effectiveness of the review. Too much code or too long a review will not result in the identification of additional issues.
This will improve the effectiveness of the review. Too much code or too long a review will not result in the identification of additional issues.
Identify triggering event(s)
Code Complete is one, are there others?
Create code selection process
Criteria for the selection of code
What’s the steps in the process? Who executes the process? Is there a meeting?
Should be a mix of objective (SonarQube) and subjective (nomination)
Identify reviewer selection guidelines
How many reviewers? Does it depend on the module, type of code, size, etc?
Specify code inspection process
There may be multiple processes, for example review meeting vs reviewers working independently
No matter what the process it needs to be specified
Investigate use of Crucible to do IDCR