Lecture 4

Code Review & Code Walkthrough

1. Software Testing - Code Review

The developed code for software needs to be reviewed in order to make it robust.
No matter how experienced a developer is, every piece of code has to be re-
checked to produce world class software.

What is Code Review?

The code review is a methodical process where a group of developers work together
to analyze and check another developers code to detect errors, give suggestions,
and confirm if the developed code is as per the standards. The objective of code
review is to enhance the quality, maintainability, stability, security etc of the software
which bring positive results to the project. Also, the findings from the code review
promote sharing knowledge and learnings among the team members.

Why is Code Review Done?

The code review is done for the reasons listed below –

• It helps to detect errors, defects, issues etc in the code prior to being deployed to
production. Thus, a code review helps to fix bugs at the initial phases of software
development life cycle (SDLC).
• It motivates developing clean, maintainable, and effective code. The reviewers pass
feedback and comments so that the code is as per the standards and best practices.
• It implements consistency in coding among all the developers which enables easy
maintenance and understanding of the code base.
• The findings from the code reviews can be shared across teams which propagate
domain knowledge and coding guidelines.
• The code reviewers take partial ownership of the code they review thereby
increasing collective responsibility towards ensuring quality.
• The code reviewers can work together and collaborate to improve the entire review
process, which helps in enhancing the overall software quality.
• It can be a part of documentation.

-2-
• It is an integral part of ensuring the software quality. By doing code reviews, the
team can confirm if the software meets all the functional and non-functional
requirements.
• It helps to adopt continuous improvement for the team. By following the suggestions,
feedback, and findings from the code review, the team can work up on them, then
gradually improve.

Types of Code Review

The types of code reviews are listed below :

Pull Requests (PR)

In Git, the developers raise a PR to incorporate changes to the code. It should be

reviewed prior to the changes being merged with the base code.

Pair-Programming

It is a type of review in which two developers work on the same computer. One of
them writes the code and the other one reviews it in real time. It is a highly
interactive form of code review.

Over the Shoulder Review

It is the type of review in which one developer in the team is requested to review the
code of another developer by sitting together and going through the code on the
computer.

Tool Aided Reviews

It is a type of review conducted by tools like Github, GitLab, BitBucket, Crucible etc.

Email Based Reviews

It is a type of review in which the code changes sent over email for review. The
feedback of the code review is also delivered in email.

-3-
Checklist Reviews

It is a type of review in which the reviewers follow the list of checklist items for the
review process.

Ad Hoc Review

It is an informal way of reviewing. A developer may be requested to have a quick

look at the code and provide feedback not formally.

Formal Inspection

It is a type of review in which an already existing process is followed. It is mostly

done by an inspection team and is guided by proper documentation.

How is Code Review Done?

The code review is done by following the processes listed below −

Step 1 :

The developers complete the code and create a review request or inform the team
about the same.

Step 2:

Single or multiple code reviewers are selected based on their experiences and skills
to review the code correctly.

Step 3:

The code reviewers have the required tools or IDE that enable them to get hold of
the code, review it and pass the feedback.

Step 4 :

The reviewers may follow checklists or guidelines while reviewing the code to
maintain consistency.

-4-
Step 5:

The reviewers perform code inspections covering the logical, syntax, performance,
security etc issues so that there is stability, scalability, and good performance in the
code.

Step 6:

The reviewers comments, feedback, and suggestions are recorded in the review
tools. They should be clear, constructive, and to the point so that the author can
easily understand them.

Step 7 :

A detailed discussion between the reviewers and author is done regarding the
expected code changes.

Step 8 :

The author incorporates the changes and may have multiple discussions with the
reviewers till all the issues are addressed and resolved in the code.

Step 9 :

Once the reviewers are satisfied with the code changes, the code is approved for
merging.

Step 10 :

The code is merged using version control tools like Git.

Step 11 :

Once the code is merged to the production, it is checked if the new changes in the
code are working fine and they have not impacted any part of the existing code.

-5-
 Step 12 :

This entire code review process is documented for future references. All the relevant
comments, feedback, and suggestions are also included in the documentation.

Advantages of Code Review

The advantages of code review are listed below :

• It enhances the software quality by detecting bugs in the early phases of SDLC.
• It encourages knowledge sharing and learnings among the team members.
• It enforces standards, guidelines and best practices to be followed in the code,
making it consistent and easily maintainable.
• It identifies all the security vulnerabilities in the software.
• It creates an environment of collaboration, transparency and clear communication
among the team members.
• It gives a culture of collective responsibility and ownership to the software quality
since the reviewers also have partial ownership to the quality of the developed
software.
• It helps to create documentation which are used for future references.
• It helps to determine more scopes of code reusability in the software.

Disadvantages of Code Review

The disadvantages of code review are listed below :
• It may turn out to be a time-consuming process for large and complex software
leading to delay in the development process.
• It is subjective in nature as different reviewers may have different opinions,
comments, and feedback on the code.
• Excessive code reviews on small code changes, may lead to delay in the software
development.
• The reviewers may have biases which impact the review process.
• The reviewers and author should agree on all terms and have clear communication
among them.
-6-
 • It depends on the skill sets of the reviewers. Inexperienced reviewers may miss
important suggestions in the code.
• It may lead to fatigue for the reviewers to go through code of large and complex
software.

Best Practices for Code Review

The best practices for code review are listed below :

• Determine the clear goals and objectives of code review.

• Select the correct reviewers for the code.
• Break down the big chunks of code into smaller units and then start the review
process.
• Provide all relevant information in a review request.
• Use the code review tools for the entire process.
• Focus should be on the code quality, stability, scalability, performance etc.
• Review all the security features in the code.
• Test the code after review by actually executing it.
• Constructive, specific, and relevant feedback is to be shared.
• Maintain a positive, collaborative, and healthy relation with the reviewers and
author.
• Reviews should be done timely without delaying the software development.
• Document each part of the code review process.
• Share the learnings from the code reviews among the team members.

Software Testing - Code Walkthrough

The software development life cycle (SDLC) has multiple phases. Each and every
phase of it plays a critical role in the process of software development. Code
walkthrough is an informal process of code review.

-7-
What is a Code Walkthrough?

A code walkthrough is primarily a review meeting initiated by the code author. He

reads through the code in this meeting and other team mates ask questions, point
out the coding errors and wherever code standards are not followed.

The author of the code leads a code walkthrough meeting and other team members
attend it. There is no requirement of a moderator in this meeting. It is an open-ended
discussion and there is not much focus on documentation. In short, a code
walkthrough is a type of peer review and forms a part of the static testing. No formal
review process is followed here.

In the hierarchy of code review which consists of technical review, inspection, and
code walkthrough, the code walkthrough comes at the lowest level in terms of
formality of the process.

Advantages and Purpose of Code Walkthrough

The advantages and purpose of code walkthrough are listed below −

• It is an informal approach of finding errors in the code.
• It enables all the team members to gather together and have a common
understanding of the code, thereby increasing the collaboration and cooperation
among all.
• It allows gathering of multiple feedbacks and open interactions among the team
members.
Disadvantages of Code Walkthrough

The disadvantages of code walkthrough are listed below :

• There may be defects in the sections of the code which are not discussed in the
walkthrough meeting.
• It takes a lot of time to conduct it.
• As the author himself leads the meeting, there is no guarantee to the fact that what
is being discussed actually matches with code.

-8-
Difference Between Code Walkthrough and Inspection

[Link] Code Walkthrough Inspection

1 It is an informal process. It is a formal process.

2 It is led by the code author. It is conducted at the project level.

The team members of the same A group of specific team members from
3 project take part in the code various projects in the department take
walkthrough meetings. part in the code inspection meetings.

No checklist is available to find A collection of checklists are followed to

4
defects in the code. find defects in the code.

It includes an overview of the It includes an overview of the code, a

5 code, no preparation, review, thorough preparation, review, and
and follow up. follow up.

No formalized technique is
6 Formalized techniques are followed.
followed.

It takes less time since there It takes more time since all the checklist
7 are no checklist items that need items need to be covered in the
to be covered in the meeting. meeting.

It is a planned meeting with each

8 It is totally unplanned. member assigned with a defined set of
roles and responsibilities.

The author reads through the The reader reads through the code and
9 code and the team members everyone goes through it and finds the
find the defects in the code. defects there.

-9-
 The author records all the
The recorder records all the defects
10 defects and feedback received
encountered in the code.
in the code.

The moderator ensures that the

11 There is no moderator. discussions are conducted effectively in
the meeting.

- 10 -