Code review: definition, types, solutions

What is a code review: definition

What does code review mean? Code review is a software quality process in which tools or one or more people systematically evaluate and examine a program’s source code. At least one of the reviewers needs to read the code and identify any problems within it.

Code review definition also includes objectives. Its main goal is to identify bugs, improve the quality of the code, and follow best practices for coding.

Code reviews typically occur before the code is integrated into the main branch of the codebase. It could also be performed periodically for existing code in order to maintain its quality over time.

When you define code review, it is important to explore the tools available for automating the process. These tools check for coding errors and give suggestions on ways of improving the code. However, they are not a substitute for manual reviews, given their shortcomings, which we explore in this article. If a manual code review is required, it is often better that someone other than the author be the reviewer.

Purpose of code review

We understand what a code review is, now let’s look at its purpose in software engineering, it includes:

• Quality assurance: Developers review code to catch logic errors, defects, and security vulnerabilities early enough in the development cycle which saves the team time and cost of maintenance.
• Consistency: Code reviews ensure adherence to coding standards and consistency in coding style, thus enhancing code maintainability and readability.
• Knowledge sharing: Code reviews foster collaboration among team members and knowledge sharing. Programmers can learn from one another’s best practices and code.
• Continuous improvement: Feedback received from code reviews helps developers make informed decisions and improve their coding skills.
• Code ownership: Code reviews distribute code ownership among members of the team, thus reducing the risk of a single point of failure.

Challenges and solutions in code review

Improving code performance

Identifying performance bottlenecks can be difficult, especially in complex systems. Reviewers may lack the tools or expertise to spot inefficiencies in code. To solve this problem, consider using profiling tools, establishing benchmarks, providing performance optimization training, and integrating automated performance analysis tools.

Undefined quality standards

When code reviews lack clear quality standards, they can become subjective and inconsistent, resulting in potential quality issues. To fix this, you could develop clear coding standards, regularly update them, come up with a code review checklist, and conduct training sessions.

Ensuring project quality and meeting requirements

Making sure that the code meets project quality and requirement specifications can prove to be a challenge, especially in large and complex projects. A suitable solution would be to maintain a traceability matrix, use CI/CD pipelines, implement automated testing, and encourage peer reviews.

Development expectations and outcome

There can sometimes be a gap between what is expected from development and the actual outcomes, which can lead to dissatisfaction and misalignment. This can be remedied by providing clear specifications, holding regular check-ins, establishing feedback loops, and implementing a mentorship program.

Project infrastructure

Ensuring that the project infrastructure (development, testing, deployment environments) supports effective coding review can be problematic. That is why you need to use standardized environments, integrate automated tools, implement Infrastructure as Code (IaC), and ensure infrastructure scalability.

We asked expert Alexey Shcheglov, co-author of the EngX Code Review course, the following question: “What are the most common difficulties faced by those who do code reviews and how does the course propose to solve them? Name 3-5 main ones.”

According to Shcheglov, “We mention 6 challenges of code review such as absence of coding standards and disturbance from other tasks. For each challenge we provide some tips or solutions on how to overcome the problems.”

Types of code review

Let’s now look at the different types of code reviews together with their advantages and disadvantages.

Pair programming

Pair programming is among the most commonly used coding methods. This method facilitates more productive collaboration with team members because it usually requires two teams or two developers working together on the same project.

When doing pair programming, one coder assumes the role of “driver” while the other takes on the role of the “navigator.” In this scenario, the navigator is tasked with trailblazing a path or solution that is then coded by the driver and reviewed by the navigator to confirm that the solution is implemented as agreed.

This particular process is beneficial to both coders as it can lead to fewer errors and improved code quality. The roles can be switched, which further improves productivity and prevents errors caused by monotony and a lack of perspective.

Pros:

• Pair programming results in higher code quality and fewer errors because the two programmers can catch each other’s mistakes as they occur.
• This method utilizes intensive collaboration and time management strategies, which gives developers the opportunity to improve their productivity and learn from each other.

Cons:

• Pair programming may fail to work where clashes or personalities arise, as it creates a tense working environment that can reduce effectiveness.
• Pair programming requires intense concentration and constant communication, which can be mentally taxing. The added fatigue can lead to burnout if not properly managed.
• Sometimes, one programmer may dominate the session and lead the other to feel undervalued or distanced from the project.

Pull requests

The next type of code rating is the pull request code review, which more or less refers to what its name suggests. This method normally requires a senior programmer to conduct an in-depth analysis of the codebase and later give suggestions on how to improve it. Pull requests could also involve automated code review tools to help developers catch bugs, errors and security vulnerabilities.

Pros:

• One of the key advantages of this method is that it does not need real-time, synchronous collaboration. Everyone involved could just work at their own pace and convenience.
• The other upside of using the pull request method is that it gives programmers enough time to analyze each line of code, which results in a higher-quality codebase.

Cons:

• Pull requests also require active communication. It is a method that could work best on teams that have worked on remote collaborative projects in the past.
• This method takes a lot of time and requires patience.

Over-the-shoulder code review

The over-the-shoulder (OTS) code review method is considered a pro solution. Like a majority of other OTS practices, this method requires one highly experienced code reviewer or developer to review the code of a programmer with less experience. They’ll analyze common mistakes, give constructive feedback, and slowly help them to improve their code’s quality.

Pros:

• OTS code review can be viewed as a training program. It gives junior developers the chance to grow their skills by learning from the best and getting hands-on experience.
• This method can help coders break down complex projects with guidance, resulting in high-quality code that has few bugs if any.
• This method also helps to improve teamwork and communication skills for both junior and senior developers.

Cons:

• OTS code review requires interpersonal skills, strong communication, and patience. It might therefore not be the best fit for everybody.
• This method can be very time-consuming, making it unsuitable for a project with a short deadline.

Formal reviews

Formal review is the final type of code review that we’re going to discuss. It involves a thorough and structured codebase examination in order to identify potential errors. Formal reviews normally require the involvement of multiple reviewers and follow a set of already-established guidelines.

Pros:

•  A formal review is useful in identifying potential errors and improving the overall codebase.
• This type of review adheres to established principles and has a structured approach which is what makes it a popular choice for quality code.

Before you get to the EngX Code Review course, you may be wondering what types of code reviews are covered. Scheglov answers, saying:

“We explain several basic code review types like Lead Review, Peer Review, etc. and explain their pros and cons. This knowledge helps learners to combine different aspects of basic code review types to customize the code review process considering their project circumstances and meet their code review goals.”

Further, “What type of code review do you prefer and why?”

Shcheglov explains: “It depends on my role in the code review. If I’m an author, I’d prefer Lead Review because I will be able to get a lot of knowledge from more experienced colleagues. As a reviewer, I like peer review because I will understand what functionalities my peers implement and how they do it. But of course, first of all, the chosen code review type should depend on the type of the change to be reviewed and the major goal of the review.”

Tools and technologies for code review

When you define code reviewing, you cannot escape its tools. The following are types of Code Review Tools and Technologies:

Static analysis tools

Static Analysis Tools are code review tools that can analyze code without necessarily executing it. Their main task is to identify potential vulnerabilities and issues in the codebase before it is run.

The tools examine the code’s syntax, structure, and potential security flaws to ensure that it adheres to best practices and coding standards.

Here are some examples of popular Static Analysis Tools and Technologies:

• SonarQube: SonarQube is a comprehensive security and code quality analysis tool that supports numerous programming languages.
• ESLint: ESLint is an analysis tool designed for the JavaScript programming language that helps to identify and rectify coding style issues.
• PMD: This is a Java-based static analysis tool that finds common coding mistakes like code duplication, code complexity, and unused variables.

Version control system integration

Version control systems (VCS) facilitate code reviews by helping developers collaborate on code, track changes, and maintain version history. They give code reviews a structured environment for code changes to be discussed, proposed, and merged into the main codebase.

The following are some VCSs that have built-in-code review features:

• Perforce: This is a VCS that supports code review through workflows like code review assignments and shelving.
• Git: This is the most widely used distributed version control system in the world. It is used for code reviews, leveraging features like code diffing, pull requests, and branching.
• Mercurial: This tool offers code review functionality similar to Git and has features like code comparison and changesets tools.

Code review platforms

These are platforms or tools that facilitate the whole code review process from creating review requests to providing collaboration features for reviewers. They smoothen the code review workflow and make it simpler for teams to evaluate and improve code quality.

Here are some well-known code review platforms:

• GitHub: GitHub is a platform that is widely used and has built-in code review features that include code commenting, pull requests, and integration with continuous integration tools.
• Bitbucket: This platform offers code review tools alongside Mercurial and Git version control systems.

We asked the co-author of the EngX Code Review course the following questions, “Are code review technologies evolving rapidly? Which of the new tools do you like the most? How often do you update the course if you realize that you have found something better or more relevant?”

According to Alexey Shcheglov, “Although the code review basics remain the same, code review as any other technology is constantly evolving, new tools or features appear every year. But the recent Generative AI revolution and appearance of ChatGPT and Github Copilot tools made the most significant shift in the code review process. AI-assisted code review will completely transform the review process, so we keep in touch with the latest PROVEN AI innovations and update our course every half a year.”

Improve your code review skills with course from EngX

Engineering Excellence (EngX) is a program that aims to provide software engineers at EPAM with the products, tools, and services needed to enhance their performance in software development.

EngX offers a Code Review сourse that covers the following important aspects of code review:

• Process essentials;
• Common myths;
• Developing strategies;
• Choosing tools;
• Best practices; and
• Managing feedback.

The best part is that before purchasing the course, you can take a free 10-minute code review awareness survey that will highlight the areas that need more attention!

You can learn more about how to do a code review in our article.