What is code review)

Source: Internet
Author: User
Tags coding standards

Code review is a reviewCodeThe process of improving code quality plays an extremely important role in the XP method and has become an indispensable part of software engineering. This article discusses some concepts and experiences of code review, and provides some suggestions on how to conduct code review and code review. Most of the problems involved in this article are for Java code. This document does not involve the code review process and organization.

Key words: Code Review, Java, XP, code quality, Software Engineering

I. Introduction to code review
1 Purpose of code review
We need to know what code review is and what purpose we use it. Code review is a quality assurance mechanism used to confirm the solution design and code implementation. Through this mechanism, we can check the code, test process, and comments. Code review is mainly used to improve the Code Quality in the software engineering process. The Code review can achieve the following objectives:

Bugs in code can be found early in the project

Helps junior developers learn the experience of senior developers to achieve knowledge sharing

Avoid common and common errors made by developers

Ensure good communication among project team members

Code of a project or product is easier to maintain

2 prerequisites for code review
Now that we know the purpose of code review, we can see how to do code review. But before we do code review, we still have something to do. The so-called pre-determination is not required, that is to say, if we do not make preparations before entering the code review, the code review will easily become meaningless or flow in the form. There are many examples around us. To enter code review, you must check the following conditions:

A) does the Code review personnel understand the concept of code review and what code review will do?

If the code review personnel cannot understand the importance of code review to project success or failure and code quality, their practices may be handled.

B) whether the code has been correctly built. The purpose of the build is to prevent the code from having a basic syntax error.

We do not want senior developers or supervisors to waste their time checking code that is not even compiled.

C) Is the function correct during code execution?

The Code review personnel are not responsible for checking whether the code function is correct, that is, the code to be reviewed must be responsible for the correctness of the Code function by the developer or quality personnel.

D) Does the review personnel understand the code?

Review personnel need to have a basic understanding of the Code, what is its function, is to take one aspect of the Code, involves the database or communication, in order to take targeted checks

E) Did developers Perform unit tests on the code?

This is also to ensure that some of the previous syntax and functional problems of code review have been solved. Code review personnel can focus on the quality of code.

3 code review
Now, the entry condition is ready. Some people will not be responsible for seeing code review in these conditions. If they do not check the code review, they will ask, what is code review doing? In fact, code review mainly checks whether the Code has the following problems: code consistency, coding style, code security issues, code redundancy, correct design to meet requirements (performance, functions, and so on). Here we will go one by one. See the code check section in Software Quality Assurance: Documentation and reviews.

3.1 integrity check (completeness)
Whether the Code fully meets the functional requirements in the design document

Whether the code has been integrated and debugged according to the design document

Whether the Code has created the required database, including the correct initialization data

Is there any variable, constant, or data type that is not defined or referenced in the code?

3.2 consistency)
Whether the code logic complies with the design document

Are the formats, symbols, structures, and other styles used in the Code consistent?

3.3 correctness)
Whether the Code meets the standards

All variables are correctly defined and used.

All comments are accurate.

AllProgramThe call uses the correct number of parameters.

3.4 Modifiability)
Whether the constants involved in the Code are easy to modify (such as using configurations, defining them as class constants, and using specialized constant classes)

Whether the Code contains a cross description or data dictionary to describe how the program accesses variables and constants.

Whether the Code has only one exit and one entry (except for serious exception handling)

3.5 predictability)
Does the development language used by the Code have well-defined syntax and semantics?

Whether the code avoids relying on the default features provided by the development language

Whether the code is accidentally in an endless loop

Does the code avoid infinite recursion?

3.6 robustness check (robustness)
Does the Code take measures to avoid runtime errors (such as array boundary overflow, Division by zero, out-of-bounds value, stack overflow, etc)

3.7 structuredness)
Does each function of a program exist as a recognizable code block?

Does a loop have only one entry?

3.8 Traceability)
Does the code uniquely identify each program?

Is there a cross-reference framework that can correspond to each other between code and development documents?

Indicates whether the Code contains a revision history. The changes and causes of the Code are recorded.

Are all security functions identified?

3.9 comprehension check (understandability)
Whether the annotation is clear enough to describe each subroutine

Whether to use ambiguous or unnecessary complex code and whether they are clearly annotated

Use unified formatting techniques (such as indentation and white space) to enhance the definition of code.

Whether the naming rules are easy to remember and reflect type

Each variable defines a valid value range.

In the codeAlgorithmWhether it meets the mathematical model described in the development document

3.10 verifyability)
Is the Implementation Technology in the code easy to test?

Ii. Code review experience check items
The following is a checklist created in practice. By classification and targeted check items, code review can be targeted.

1. Java coding specification check items
For details about the check items, see Java coding standards (Java code conventions).

2. Check items for Object-Oriented Design
These points have a large scope and cannot be discussed in this article. There are special books to introduce this issue. Of course, in code review, we mainly rely on experience to judge.

A) is class design and abstraction appropriate?

B) Is it in line with the idea of interface-oriented programming?

C) is appropriate design paradigm adopted?

3. Performance Check items
Performance Check is a serious concern in most code, and it is also the most prone to problems. After programmers write code with no function or Syntax problems, during the formal operation, the performance was not good, so we had to do a lot of rework, or even re-launch.

A) Check whether problems occur in transmission, upload, and other aspects of the queue, tables, files, and massive data, and whether there are any control parameters, such as the allocated memory block size and queue length.

B) Select and set the data structures of the collection classes such as hashtable and vector, for example, set parameters such as capacity and load factor correctly, and check whether the data structures are synchronized.

C) whether the string object is abused

D) whether the general thread pool, Object pool module, and other cache technologies are used to improve performance

E) Whether the class interface is well defined, such as the parameter type, to avoid internal conversion

F) whether to use the memory or hard disk buffer mechanism to improve efficiency

G) policies for concurrent access

H) are I/O applicable classes or good methods used to improve performance (such as reducing serialization and using buffer classes to encapsulate streams)

I) is the synchronization method used properly or excessively?

J) whether the number of stacks in the recursive method is appropriate should be within a reasonable range of stack space

K) If the blocking method is called, whether measures to ensure performance are taken into account

L) avoid over-optimization. Do code with High Performance Requirements Use profile tools, such as Jprobe?

4. Check items for resource leakage handling
For Java, because of the garbage collection mechanism, the memory leakage is not too obvious, but improper use still causes memory leakage. Other languages, such as C ++, need to be seriously concerned in this regard. Of course, the problem that database connection resources are not released is also the most common for the majority of programmers. I believe that many PM programs are suffering from this problem.

A) whether the allocated memory is released, especially in the error handling path (for non-Java classes)

B) whether all objects are released when an error occurs, such as database connection, socket, and files

C) whether the same object is released multiple times (for non-Java classes)

D) whether the code saves accurate object reference count (for non-Java classes)

5. thread security check items
Thread security actually involves two aspects: performance and resource consistency. We need to make a trade-off between these two aspects. Now is the time to weigh the pros and cons.

A) whether all the global variables in the Code are thread-safe

B) Check whether the object to be accessed by multiple threads is thread-safe and whether it is protected by synchronous methods.

C) whether the locks on the synchronization object are obtained and released in the same order to avoid deadlocks. Pay attention to the error handling code.

D) Is there a possible deadlock or Competition? When multiple locks are used, to avoid a similar situation: thread a acquires lock 1, then lock 2, thread B acquires lock 2, and then lock 1

E) while ensuring thread security, avoid excessive use of synchronization, leading to performance degradation.

6. Check items in the program process
A) whether the cycle end condition is accurate

B) Does it avoid endless loops?

C) whether the processing of loops is appropriate, such as cyclic variables, local objects, and the number of loops, which can take into account the performance impact.

7. Database Processing
Many code review personnel are at a loss in the face of the database portability involved in the Code and the conflict in improving the database performance. It is difficult to have the best of both worlds.

A) Ease of migration of database design or SQL statements (conflicts with performance)

B) Whether database resources are normally shut down and released

C) whether the database access module is correctly encapsulated to facilitate management and improve performance

D) whether appropriate transaction isolation levels are used

E) Whether stored procedures are used to improve performance

F) Whether preparedstatement is used to improve performance

8 communications check items
A) Whether socket communication is congested for a long time

B) whether the data stream sent and received uses a buffer mechanism

C) socket timeout and Exception Handling

D) Data Transmission Traffic Control Problems

9 check items for Java object processing
This check item is based on a deep understanding of Java objects, but the reality is that many programmers who have read thinking in Java still cannot distinguish between value passing and reference passing in the program, and the differences between objects and references. This may be difficult to combine theory with practice. This is what we call knowing, but not knowing.

A) Processing the object lifecycle, whether the object's reference has expired, can be set to null, and is recycled

B) Are there any problems with object Value passing and parameter passing? Is the object clone method used too much?

C) Is there a large number of temporary objects frequently created?

D) try to use a local object (stack object)

E) Whether or not a new object instance is created where only the object reference is required

10 exception handling items
Java provides a convenient Exception Handling Mechanism. However, exceptions are caught but not processed. We can open a piece of code. The most common phenomenon is that after entering a method, a large try/catch will enclose all the code lines and print exceptions to the console in catch, the exception is an exception object.

A) whether the exception is correctly handled every time the method is returned, for example, the simplest process, logs are recorded in the log file.

B) Check whether the data value and range are valid, including assertion)

C) whether all resources and memory have been released in the Error Path

D) all thrown exceptions are correctly handled. In particular, the exceptions thrown to sub-methods must be captured and processed throughout the call stack.

E) When an error occurs due to a call, the caller of the method should receive a notification.

F) do not forget to test the code for error handling. Many codes run well under normal conditions. Once an error occurs, the entire system crashes.

11 method (function) check items
A) whether all the parameters of the method have been verified

B) Check whether the array class structure has been border checked

C) whether the variable is initialized before use

D) return the reference of the heap object. Do not return the reference of the stack object.

E) whether the method API is well defined, that is, whether it is intended for interface programming as much as possible to facilitate maintenance and restructuring

12 security check items
A) For the code executed on the command line, you need to check the command line parameters in detail.

B) Check the validity of access parameters for web programs

C) whether an appropriate encryption algorithm is used to store important information

D) whether to use a secure communication method during communication

13 others
A) log output and Control

B) how to obtain the configuration information and whether the configuration information is hard-coded

Iii. Summary
Implementing code review in a project will bring us many benefits, such as improving code quality, ensuring project or product stability, and accumulating development experience, the specific implementation depends on the actual situation of the project, because code review also requires cost, which is a problem in the code review process.Article.

Iv. References
Java code conventions sun

Software Quality Assurance: Documentation and reviews Dolores R. Wallace, Wendy W. Peng, Laura M. ippolito

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.