PHP Master | The Importance of Code Review

Key Takeaways

• Code review is a systematic examination of computer source code, intended to find and fix mistakes overlooked in the initial development phase, thus improving the overall software quality and developers’ skills. It can be done in various forms such as pair programming, informal walkthroughs, and formal inspections.
• Code review not only decreases the number of defects in the code but also increases collaboration, helps team building, improves “brotherhood” amongst developers, and propagates best practices and skill improvement across a team or department.
• Best practices for code review include knowing common mistakes and actively fighting them, having code reviewed by someone of equal or greater skill, reviewing less code with clear milestones, collecting metrics, and being mindful of the social aspect where finding bugs is good, not bad.
• The article emphasizes the importance of not viewing code review as negative or a waste of time but as an improvement to everyday workflow. It suggests that if your team isn’t using it today, suggest it, as any type of code review is better than none.

Every developer knows the pain of banal mistakes. A wrong attribute here, a misspelled property there, an accidentally duplicated line of code which you missed because of the coffee-fueled 16 hour hackathon you’ve been on. Even a simple $ before the opening PHP tag which you accidentally put there because you started typing before the infernal Java-based IDE warmed up and re-positioned the cursor can leave you scratching your head for hours on end if you’re tired and distracted. If only you had a fresh pair of eyes to look at what you did – surely these mistakes could easily be avoided? Wikipedia defines code review as follows:

Code review is systematic examination (often known as peer review) of computer source code. It is intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers’ skills. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections.

This definition is as precise as it gets – in even more layman terms, code review is simply the act of having someone else look at your code to find the mistakes you missed.

The Types of Code Review

As the Wikipedia definition hints at, there are many different ways to review code for defects. Here’s a quick break-down of a few of them:

• OTS (Over the Shoulder) Review – This is how small teams usually handle code reviews. A developer will write a decent amount of code and call another developer over to have a look at it. The other developer sits there while the first one explains what he did, line by line. Through this narrative, the original developer notices some of his own mistakes and fixes them, and the OTS developer notices others, pointing them out to the first. They also share opinions on solutions to certain problems which the original developer will sometimes redo after the review process is done, calling for a review once again. This can also be easily done with screen sharing software and voice chat if the developers are remote.
• Tool-Assisted Review – there are various tools both online and offline to assist with code review. While a detailed look at the various tools on offer is outside the scope of this article, we can generalize and say there are paid versions (Atlassian Crucible, CodeCollaborator), free versions (Review Board) or, if you’re solo developer, the community version (Stack Exchange Code Review). Regardless of the tool used, each serves pretty much the same purpose – it retrieves the most recent changes to source code and flags them as needing review. A peer – that means a developer of equal or greater skill – then reviews the code, flags it as reviewed or marks any errors that were found and makes suggestions, and either finishes or reinitiates the process by sending it back to the originating developer. It is also important to note that many popular IDEs have code review plugins.
• Pair Programming – A very dynamic type of code review, pair programming is a hotseat “game” for two developers in which one developer codes and the other follows his progress by sitting beside him. After a couple hundred lines of code or after they reach a predetermined milestone, they take a short break and switch places. The one who was coding now observes while the one who previously observed now codes. This is extremely effective in avoiding bugs and improving overall code quality, but it costs twice the manpower. Many companies are not ready for such a risk and are unfortunately unable to think in terms other than “two people on two machines do more work than two people on one machine”. It is precisely this type of review that yields the best results: not only are bugs avoided flat out, but the two developers directly collaborate and share ideas on solutions to problems they encounter as they progress. It is also worth nothing that this type of review is incredibly difficult to implement in teams that aren’t used to it – it mostly works on younger teams.

As an aside, there is also a formal type of review, first introduced and researched by Michael Fagan in the 1970s (this method is also known as Fagan Inspection), now somewhat archaic and out of favor in the industry. Formal inspection is rarely used in small teams and mostly pertains to several-million dollar products as it is very mentally intense and expensive. It includes several people (up to six) sitting down with a projector and reviewing code together. Each participant is assigned a role (such as Reader, Moderator, or Reviewer) and when the team notices bugs or defects of any kind, everything is detailed to a great extent – from severity, to the actual line of code, to the cause and effect, even the predicted cost of this bug reaching the customers. This is by far the most professional type of code review, but also the most discouraging to developers and as such not widely adopted. Studies have shown other methods of code review to be just as effective if used right, without the need to tie down that many people for so long.

Best Practices for Code Review

Once it’s been decided to implement code review, there will probably be some hurdles to overcome. Management may not see justification for the extra time review takes, or some programmers may think a review is a personal attack against the code they worked hard to create. Here’s some tips you’ll do well to keep in mind when code review is implemented.

1. Know your common mistakes and actively fight them. When working, every developer has errors he commonly makes no matter how deep “in the zone” he is. Each and every one of us has this little glitch that is just silly and noticed outright by others. Take note of these slip-ups. Forgot to filter input… again? Forgot to comment a method… again? With a list like that, a developer can actively hunt down those mistakes before calling for a review. This is known as the ego effect – you know your code is about to be reviewed and you don’t want to hear the reviewer saying “Aw man, you forgot to filter input again!” You want to be the rockstar, the ninja, the person who makes others say “Wow, that’s actually a great solution”. The ego effect is what will drive you to improve your code before others even have a chance to take a look at it.
2. Peer code review means being reviewed by someone of equal or greater skill. As should be common sense, code review cannot work when a junior reviews a senior’s code. The junior might notice some usual discrepancies, breaches of standard, typos, or even errors like input filtering, but will usually be unable to identify a bigger problem. This will often require the definition of a hierarchy by skill in the team if one is not already present.
3. Less code with clear milestones means better reviews. Code should be reviewed only after a personal milestone has been reached, and these milestones should be small and should happen often. In object oriented programming this is especially important, but also especially doable. Finished a new component which extends an interface which ties into an adapter that’s already been reviewed? Finally fixed a problem with a specific method that’s been bugging the department for a week? Great! Component by component, and keeping it up to a maximum of 700-800 lines of code at a time (comments inclusive) is what produces the absolute most efficient review process. Keep the code you need reviewed short, concise and independent and do the review as soon as possible after finishing while the ideas are still fresh in your mind. Just remember – time is expensive, so don’t take too much of it either! An hour should be more than enough to perform this “section review”.
4. Collect metrics. This is easier if you’re using a more structured type of code review like tool assisted or formal, but can be done in OTS as well. Try to note the number and types of bugs and slip-ups you find through a given number of lines of code and units of time. Aggregate this data across developers and easily find out who needs the most help, who breaches the most standards and how much money you actually saved your company by doing code review. Soon you’ll be able to actually quantify the usefulness of code review, and only then does everyone in the company become actively intrigued by it. This is usually the most difficult part of a review to implement, as few developers have the patience for manual statistics, but it can be beneficial if adopted.
5. Be mindful of the social aspect – finding bugs is good, not bad! It is imperative to remember that finding bugs is good, not bad. Never stigmatize or single out a developer who made a mistake, make it informal. Have people adapt to code review – help your peers accept it, not fear it. Code Review can not only be useful – it can be fun as well. Remember that more time and more difficult tasks equal more bugs – the number of bugs does not indicate a developer’s skill! If you’re a manager or team leader, make sure no one sees code review as negative or a waste of time. Make sure they don’t see it as a rule enforced by the company but as an improvement to their everyday workflow which they should keep regardless of the company they work for. Whenever possible, strive for a personal approach of code review. If you’re using tools, use them in OTS as well. The personal approach of mutual brainstorming and informal discussion of potential solutions to problems is invaluable in the process of accepting code review as your friend.

In Conclusion

Code review can be incredibly difficult to implement, especially in a team of old-timers who aren’t used to it. But once done, it will not only decrease the number of defects in your code, it will also increase collaboration and help team building, improve “brotherhood” amongst developers and will propagate best practices and improvement of skill across an entire team or department. Any type of code review is better than none, so if your team isn’t using it today, suggest it. It can only help. If you’re a solo developer, find a kindred spirit to review code with – go online, socialize, expand your development circles, team up. Don’t look at other developers as competition and at code review as your enemy, look at others like brothers in arms with code review as your weapon on the front lines to perfection. Image via Fotolia

Frequently Asked Questions about Code Review

What is the importance of code review in software development?

Code review is a critical process in software development that involves checking a fellow developer’s code for mistakes, bugs, or any potential improvements. It helps to maintain a high standard of code quality, ensures that the code is readable and understandable by others, and fosters knowledge sharing among the team. Code review also helps to catch and fix bugs early in the development process, reducing the cost and time of bug fixes in the later stages.

What are some best practices for conducting a code review?

Some best practices for conducting a code review include understanding the context of the code, focusing on the logic and structure of the code rather than the coding style, providing constructive feedback, and not rushing the review process. It’s also important to involve the right people in the review process, typically those who are familiar with the codebase and the specific feature being reviewed.

How can I make my code review more effective?

To make your code review more effective, you should ensure that your code is self-explanatory, well-documented, and follows the coding standards of your team. You should also break down your changes into small, manageable chunks that are easier to review. Additionally, using a code review tool can help streamline the review process and make it more efficient.

What are some common mistakes to avoid in code review?

Some common mistakes to avoid in code review include not reviewing the code thoroughly, focusing too much on coding style rather than the logic and structure of the code, not providing constructive feedback, and rushing the review process. It’s also a mistake to not involve the right people in the review process.

What are some good code review tools for PHP?

There are several good code review tools for PHP, including PHP_CodeSniffer, PHP Mess Detector, and SonarQube. These tools can help automate the code review process, catch common coding errors, and enforce coding standards.

How can I prepare my code for review?

To prepare your code for review, you should ensure that it is clean, well-documented, and follows the coding standards of your team. You should also break down your changes into small, manageable chunks that are easier to review. Additionally, you should provide a clear and concise summary of your changes to help the reviewer understand the context of your code.

How can I provide constructive feedback in a code review?

When providing feedback in a code review, you should focus on the code, not the person. Be specific and clear in your comments, and provide suggestions for improvement. It’s also important to be respectful and professional in your feedback.

How can I handle feedback in a code review?

When receiving feedback in a code review, it’s important to keep an open mind and not take the feedback personally. Consider the feedback as an opportunity to learn and improve your coding skills. If you disagree with a comment, discuss it with the reviewer to understand their perspective.

How often should I conduct code reviews?

The frequency of code reviews can vary depending on the team and the project. However, it’s generally recommended to conduct code reviews regularly, such as once a week or for every major feature or bug fix. Regular code reviews can help catch and fix bugs early in the development process.

Can code reviews improve team collaboration?

Yes, code reviews can significantly improve team collaboration. They foster knowledge sharing among the team, help to maintain a consistent coding style across the codebase, and create a culture of collective code ownership. Code reviews also provide an opportunity for junior developers to learn from more experienced team members.

The above is the detailed content of PHP Master | The Importance of Code Review. For more information, please follow other related articles on the PHP Chinese website!