Yuk! Yep, talk to developers about code reviews and they tend to divide themselves into 2 camps.
Camp 1 loves them, can’t get enough of them.
Camp 2 hates them, they’re a complete waste of time.
That second camp exists because no-one seems to have had the time or been able to explain what code reviews are and what they are not.
In all honesty the reasons for and against are wide and varied and can even be specific to an organisation, i.e. for purposes of auditing and compliance.
Personally it never bothered me why and how I was involved with code reviews, the important thing, for me at least, was having clear goals and upfront agreement as to what the code review was trying to achieve.
So here are a few things that made my life much easier when holding code reviews:
- DO code reviews at someone’s desk
- DO NOT code review in unfamiliar surroundings, such as in a meeting room
- DO keep reviews focused
- DO NOT use code reviews as an excuse to look at every single line of code in the entire solution
- DO keep code reviews to just a few methods or functional units
- DO always be positive when providing feedback
- DO NOT ever blurt out comments such as “That sucks”
I don’t pretend to be some expert on this subject, I haven’t spent years, or even more than a few hours, carrying our any kind of scientific study. All I can offer is that I’ve done it and these work out fine in the majority of code reviews I’ve been involved with.
So let’s break those bullet points apart a little and attempt to explain what I mean by each.
- DO code reviews at someone’s desk
If you’re going to perform a code review of a colleague then do it in their own environment, i.e. sat at their desk, with their software and, therefor, a familiar environment. They are most comfortable the, they may be a little nervous if they’re a “Code Review Virgin” so by sitting at their desk you are using a little psychology to help them be comfortable and will then be able to work with you in the review session much easier.
- DO NOT code review in unfamiliar surroundings, such as in a meeting room
See the notes above. It’s important to allow the person that wrote the code that is under review to start in the most comfortable situation possible, don’t let them worry about having to move into a meeting room, log on to a computer they may not be familiar with, or use a development environment that isn’t theirs.
With the above said it is important, no actually it’s vital, that you talk with the person to see which environment they would be more comfortable with, i.e. are they happy to sit at their desk or would they rather go off to a meeting room? Sometimes egos get the better of people and the worst thing that could happen is them thinking that they are gong to look bad in front of their peers.
- DO keep reviews focused
Try your best to keep on track. Don’t go off talking about what you did over the weekend, how the football is going, etc. Keep to the plan. Focus in on a business critical part of the code under review, or the bug fix, or (if they are a developer that is new to your organisation) the coding style.
- DO NOT use code reviews as an excuse to look at every single line of code in the entire solution
Don’t get distracted by other code. Keep your eyes on the code under review, if you find other code that you feel you need to comment on, make a note and do so outside of the review. The only exception to this is where you may be aware of similar code or functionality that has previously passed code review and you want to use as a positive example. Never, ever, go off to find more bad code to use as an example of what bad code is.
- DO keep code reviews to just a few methods or functional units
Keep it short and sweet. If there is a lot to cover think about having a further code review later in the day or the following day. The chances are that you will start losing focus and stop adding any value to the process. Think about time boxing review sessions to 15 or 30 minutes, whatever works for you. 45 minutes is about my limit.
- DO always be positive when providing feedback
Hopefully this goes without saying. You should try as hard as you can to educate in a positive way. If something works then it can’t be wrong. If it doesn’t work then there is a bug. If you find a bug try and get the developer to run a pen test through the code to validate it does what they think it does. This way you assist them finding the bug and, maybe, give them a new tool that they may not have thought about, i.e. pen testing.
- DO NOT ever blurt out comments such as “That sucks”
When you are providing feedback to another developer be positive. Ask questions and try to understand their approach so that you understand what processes result in the code you are reviewing. You will, on occasions, find that they copied a similar block of code from the existing source and adapted it to solve their problem. The code may have been floating around for sometime, i.e. prior to you investing in code reviews, and – you know what? – the chances are you wrote it. So be a little cautious with what you say.
Only by asking questions can you discover the developers though process and competence. You may discover a solution that you hadn’t thought about. If you can think of a “better” way of solving the problem then rather than saying “That sucks, do it like this” it is far better to ask “Did you think about doing it like this?” They may surprise you and say “Yes I did” and then give you reasons as to why they dismissed that idea and implemented the code you are reviewing. And yes that does happen.
Remember that code review are about education, consistency, but most of all it’s about education.
That’s about it for now. Thanks for reading and see you next time.