Code Review (EXT)

Code review is a process by which code quality is improved by reviewing codes, which occupies an extremely important position in the XP method, and has become an indispensable part of software engineering. This paper discusses some concepts and experiences of code review, and puts forward some suggestions on how to pay attention to the code review and Code review. Most of the issues covered in this article are for Java class code. At the same time, this article does not involve code review process and organization.

Keywords: code review,java, XP, coding quality, software engineering

First, Code review introduction
1 Purpose of Code review
Knowing what to do, we first need to know what code review is and what we want to use it for. Code review is a quality assurance mechanism that verifies the design of the program and the implementation of the code, which allows us to examine the codes, test procedures, and annotations. Code review is primarily used in software engineering to improve the quality of codes, through code review can achieve the following purposes:

Bugs in code can be discovered early in the project

Help junior developers learn the experience of advanced developers and achieve knowledge sharing

Prevent developers from committing common, common mistakes

Ensure good communication between project team members.

Project or product code easier to maintain

2 The premise of Code review
Knowing the purpose of code review, we can see how to do code review, but before we do code review, we have something to do, so-called pre-set, not pre-waste, that is, if we do not do some preparatory work before entering code review, code Review can easily become meaningless or mere formality, there are many examples around us. The conditions for entering code review need to be checked as follows:

A) Does the code review people understand the concept of code review and what code review will do

If the person doing code review doesn't understand the importance of code review to the success of the project or the quality of the code, their approach might be to deal with it.

b) Whether the code has been properly build,build to make the code no longer has a basic syntax error

We don't want senior developers or supervisors to waste their time checking out code that doesn't even compile.

c) Whether the code is functioning correctly when executed

The code review personnel are also not responsible for checking the correctness of the function, that is, the code that needs to be reviewed must be the responsibility of the developer or quality officer for the functionality of the code.

D) Does the review personnel understand the code

The person doing the review needs to have a basic understanding of the code, its function is to take the one hand code, involving the database or communication, so as to take targeted inspection

e) Whether the developer has done unit testing of the code

This is also to ensure that some of the syntax and functionality issues before code review have been resolved, and code review can focus on the quality of the code.

3 Code Review what to do
Well, the entry conditions are ready, someone in these conditions see Code review This is not responsible, that also do not check, can not help asking, what Code review exactly do? In fact, code review mainly check whether there are problems in the following aspects: Code consistency, coding style, code security issues, code redundancy, the correct design to meet the requirements (performance, functionality, etc.), below our one by one channel. The following sections refer to the Code Review section of the article Software quality assurance:documentation and reviews.

3. 1 integrity Check (completeness)
Does the code fully implement the functional requirements presented in the design document?

Whether the code has been integrated and debug according to the design document

Whether the code has created the required database, including the correct initialization data

Whether there are any variables, constants, or data types that are not defined or are not referenced in the code

3. 2 consistency Check (consistency)
Whether the logic of the code conforms to the design document

is the format, symbol, structure, and style used in the code consistent

3. 3 correctness Check (correctness)
Does the code conform to established standards

All variables are correctly defined and used

All the notes are accurate.

All program calls use the correct number of arguments

3. 4 modifiable Check (modifiability)
Whether the constants involved in the code are easy to modify (such as using configurations, defining class constants, using specialized constant classes, etc.)

Whether the code contains a cross-description or a data dictionary to describe how the program accesses variables and constants

Whether the code has only one exit and one entry (except for serious exception handling)

3. 5 predictability Check (predictability)
Whether the development language used by the code has well-defined syntax and semantics

Whether the code avoids the ability to rely on the default provided by the development language

Does the code inadvertently fall into a dead loop

Does the code avoid infinite recursion

3. 6 robustness Check (robustness)
Whether the code takes steps to avoid run-time errors (such as array boundary overflow, divide by 0, value out of bounds, stack overflow, etc.)

3. 7 Structural Inspection (structuredness)
Does each function of the program exist as a block of code that can be identified

Does the loop have only one entry

3. 8 traceability Check (traceability)
Whether the code uniquely identifies each program

Is there a cross-referenced framework that can be used to correspond to each other between the code and the development document

Does the code include a revision history that records the changes and reasons for the code in the record

Whether all security features are identified

3. 9 Comprehensible Examination (understandability)
Is the annotation sufficiently clear to describe each subroutine

Whether to use ambiguous or unnecessary complex code, whether they are clearly annotated

Use some uniform formatting techniques (such as indentation, whitespace, and so on) to enhance the clarity of your code

Whether the naming rules are defined by means of easy memory, reflection type, etc.

Each variable defines a valid range of values

Whether the algorithm in the code conforms to the mathematical model described in the development document

3. 10 verifiable check (verifiability)
is the implementation technology in the code easy to test

Second, Code review experience check
The following is a list of checklists (checklist) established in practice, which ensures that code review can be targeted by classification and targeted checks.

1 Java coding Specification aspects check
Check reference Java encoding specification execution, see Java Code Specification (Java code Conventions)

2 Object-oriented design facet checks
The range of these points is very large, it is impossible to discuss this article, there is a special book to introduce this aspect of the problem, of course, in code review mainly rely on experience to judge.

A) Whether class design and abstraction are appropriate

B) Whether it conforms to the idea of interface-oriented programming

C) Whether the appropriate design paradigm is used

3 Performance Aspect checks
Performance checking is a major concern in most code and is the most prone to problems, and often programmers write code that doesn't have the slightest problem with functionality and grammar, and the formal runtime performs poorly on performance, forcing a lot of rework and even re-starting.

A) in the presence of massive data, queues, tables, files, transmission, upload and other aspects of whether there will be problems, there is no control, such as allocated memory block size, queue length and other control parameters

B) Whether the selection and setting of the collection class data structure such as hashtable,vector is appropriate, such as the correct setting of parameters such as Capacity,load factor, whether the data structure is synchronous

C) There is no abuse of the string object phenomenon

D) Use cache technology such as a common thread pool, object pool module to improve performance

E) The interfaces of the class are well-defined, such as parameter types, to avoid internal conversions

F) Whether memory or hard disk buffering is used to improve efficiency

G) Coping Strategies for concurrent access

H) Whether an appropriate class is used in the I/O aspect or a good method is used to improve performance (such as reduced serialization, using buffer class encapsulation flow, etc.)

I) The use of synchronous methods is appropriate, whether excessive use

J) Whether the number of iterations in the recursive method is appropriate and should be guaranteed within a reasonable range of stack space

K) If the blocking method is called, do you consider the measures to ensure performance

L) Avoid over-optimization, whether the code with high performance requirements uses the profile tool, such as jprobe, etc.

4 Resource leak handling aspects check items
For Java, because of the garbage collection mechanism, so the memory leak is not too obvious, but improper use, there is still a memory leak problem. For other languages, such as C + +, there is a serious concern in this regard. Of course, the database connection resources do not release the problem is also the majority of programmers most common, I believe there are many PM by this problem tortured.

A) Whether the allocated memory is freed, especially on the error-handling path (for non-Java classes)

B) Whether all objects are released when an error occurs, such as database connections, sockets, files, etc.

C) Whether the same object is freed multiple times (for non-Java classes)

D) Whether the code holds the exact object reference count (for non-Java classes)

5 Thread Safety Aspect checker
Thread safety issues actually involve two aspects, one is performance, the other is the consistency of resources, we need to make a trade-off between these two aspects, now is the time to weigh the pros and cons.

A) Whether all global variables in the code are thread-safe

B) Whether the object that needs to be accessed by multiple threads is thread-safe, check if there is no synchronization method to protect

C) Whether the locks on the synchronization object are obtained and released in the same order to avoid deadlocks, note error handling code

D) If there is a possible deadlock or competition, when multiple locks are used, avoid a similar situation: Thread A obtains the lock 1, then locks 2, thread B obtains the lock 2, and then locks 1

E) while ensuring thread safety, be careful to avoid excessive use of synchronization, resulting in degraded performance

6 program flow Aspects Check Items
A) Whether the cycle end condition is accurate

B) Whether to avoid the generation of a dead cycle

C) Whether the processing of the loop is appropriate, such as cyclic variables, local objects, cycle times, etc. to take into account the performance implications

7 Database processing aspects
Many code review people in the face of the data involved in the database portability and improve database performance conflicts when the performance of the confusion, everything is difficult to both.

A) Whether the database design or SQL statements are portable (attention and performance conflicts)

B) Whether database resources are properly shut down and released

C) Whether the database access module is properly encapsulated for ease of management and performance improvement

D) Whether the appropriate transaction isolation level is used

E) whether to use stored procedures to improve performance

F) Whether PreparedStatement is used to improve performance

8 Communication Aspects Check
A) Whether the socket communication has A long-term blocking problem

B) Whether to send the received data stream using buffering mechanism

C) Socket timeout processing, exception handling

D) flow control issues for data transmission

9 Java Object processing facet check items
This checklist is based on a deep understanding of Java objects, but the reality is that many programmers who have seen "thinking in Java" are still unable to distinguish between values and references in the program, as well as the difference between objects and reference. This is perhaps the problem that the theory and practice are difficult to combine. The so-called know and not, non-genuine knowledge also.

A) object life cycle processing, whether the object's reference has been invalidated, can be set to NULL, and is recycled

B) Whether there is a problem with the object's transmit value and the parameter, the object's Clone method is used excessively

C) Whether a large number of frequently created temporary objects

D) whether to use local objects (stack objects) as much as possible

E) Whether a new object instance is created where only the object reference is needed

10 exception handling aspects check items
Java provides a convenient exception handling mechanism, but it is common for exceptions to be caught, but not processed. We can open a piece of code, the most common phenomenon is that after entering a method, a large try/catch encloses all the lines of code, and then prints the exception to the console in the catch, and the exception is the exception object.

A) The exception is handled correctly each time the method returns, such as the simplest processing, logging to the log file

B) Check whether the value and scope of the data are valid, including using assertions (assertion)

C) Whether all resources and memory have been released on the wrong path

D) All thrown exceptions are handled correctly, especially the exceptions thrown by the child method, which must be able to be captured and processed throughout the call stack

E) When a call causes an error to occur, the caller of the method should get a notification

F) do not forget to test the error-handling part of the code, a lot of code in the normal execution of good, and once the error, the entire system crashed

11 Method (function) Aspect Check item
A) whether the parameters of the method have been verified

B) Whether the array class structure does boundary check

C) Whether the variable was initialized before use

D) return the reference of the heap object and do not return the reference of the Stack object

E) Whether the method API is well-defined, that is, whether to interface programming as far as possible, easy to maintain and reconstruct

12 Security aspect checks
A) code that executes on the command line requires a detailed check of the command line arguments

B) The Web class program checks whether access parameters are validated for legality

C) Whether the preservation of important information chooses the appropriate encryption algorithm

D) consider whether to use a secure communication method when communicating

13 Other
A) Log output and control is normal

B) How the configuration information is obtained and whether it is hard coded

Iii. Summary
Through the implementation of code review in the project will bring us a variety of benefits, performance in improving code quality, to ensure the stability of the project or product, the accumulation of development experience and so on, the specific implementation of course also depends on the actual situation of the project, because code review also need cost, this aspect belongs to code The problem of review process will be discussed in other articles.

Iv. references
Java Coding Specification (Java Code Conventions) SUN

Software quality assurance:documentation and reviews Dolores R. Wallace,wendy W. Peng, Laura M. Ippolito

Code Review (EXT)