10 Best Code Review Techniques
From top-down code reading, over data-flow driven reviews, to cross-referencing.
Have you ever wondered what the best approach to reviewing code is or whether there is a better, more systematic approach to inspecting new code changes than what you currently do?
The fact is that how developers review code vastly differs from developer to developer. Even within the same team, developers rarely use the same approach. Experienced reviewers usually have a pretty systematic way of reviewing code, but it’s informal, ad hoc, and only in their heads. Yet, many developers, especially juniors or people new to the team, often wonder how to review a particular piece of code.
Unfortunately, more formal review techniques and approaches aren’t taught or shared frequently amongst developers. Yet, we can use code reading, code inspection, and even debugging approaches to improve our ad hoc code review technique. When we know about those review techniques, they help us to:
transform and improve our review approach to a more systematic and thorough approach,
streamline review approaches amongst developers in the same team or company, ensuring the same thoroughness and review quality, independent of the reviewer,
build a shared vocabulary and a shared understanding of code review techniques, which helps us better communicate our approaches to our team members, compare them, and improve them as a team.
That's a pretty cool outcome, right?
Still, as code review techniques are not widely known, you might wonder what I am referring to. That’s why I wrote a comprehensive article on different review approaches on my website, awesomecodereviews.com.
The article highlights the following review techniques:
Checklist-based Code Reviews: Use a checklist to make sure you do not forget what to look for. This is my favorite technique, as it is easy to implement and a very effective review technique.
Test-Driven Code Reviews: Start by reviewing the test cases first. This ensures high-quality test cases and helps with understanding the production code.
Bottom-up versus Top-down Code Reading: You can either start your review with low-level parts, such as single code lines or methods, or with high-level artifacts, such as specifications or tickets. Reviewers typically use both approaches intertwined during reviews.
Control-flow versus Data-flow Code Reviews: You either follow the execution path of a program or you follow how data is passed through the application. Again, both approaches are often combined and have pros and cons.
Pattern Recognition: This approach is similar to a checklist-based approach. Yet, here, the focus is on detecting common anti-patterns and bad practices, as well as best practices in code.
Cross-Referencing: You inspect all references, like dependencies and relationships between structures within a program. It’s a thorough approach, yet it can lead to feeling overwhelmed.
Change-Impact Analysis: This approach involves analyzing a change's impact on the other parts of the system. It is a very thorough analysis, yet a good understanding of the software under review is a prerequisite.
Trace-Based Code Reading: Instead of looking at the static code paths, like during a control-flow inspection, you examine the program during runtime, often using a debugger, helping you to find very tricky and hidden problems and side effects.
Abstract-Driven Code Reviews: This is an academic review approach in which you compare the code to its specification, documentation, or detailed ticket description.
Functionality or Use-Case-Driven Code Reviews: This is another academic review approach that uses defined use cases or scenarios that you must play through while reviewing the code.
Are you surprised that there are so many different ways to review code? You can read more about each review approach, its pros and cons, and when to use it here.
Let me know which review techniques you already use in your ad hoc approach and which are new to you!
I’ll talk to you again in a bit.
Michaela