CMP -- United Business Media

Intelligent Enterprise

Better Insight for Business Decisions

 UBM
Intelligent Enterprise - Better Insight for Business Decisions
Part of the TechWeb Network
Intelligent Enterprise
search Intelligent Enterprise
Advanced Search

RSS
Webcasts
Whitepapers
Subscribe
Home



December 10, 2003

Of Code Reviews And Donuts

Development reviews are an important tool for encouraging high quality, maintainable software. Here are some tips on how to optimize code reviews.

by Robert Northrop

Picture this common code review scenario: A bunch of developers, tired and stressed about their own deadlines, sit comatose in a room, thankful that a colleague brought donuts. The code's author plops down a veritable pallet worth of printouts and simply asks, "Any questions?" For what seems like hours, amidst blank stares and soft snoring, the developer translates into pseudocode, praying that feedback won't mean any rework. As they go through the motions, a coding standard violation is identified, further explanation of a requirement is requested, or, occasionally, a formidable idea is suggested. But even the good ideas will usually be dismissed with a patronizing "With the software going into production tomorrow, a change is too risky."

The code review that feels like hours usually ends in less than one. Yet, the code is usually no more stable, defect-free, or maintainable. The software will likely have critical bugs and frequent crashes, potentially resulting in incorrect data and user frustration. Because it's less maintainable, these defects will require more time to fix, affecting other projects and further compounding the users' loss of confidence in custom-developed applications. Effective code reviews can prevent these problems.

If for no other reasons, quality control and education make development reviews well worth your time. Quality control isn't unique to software; in fact, most industries do a much better job. Whether it's "Inspected By" labels in jeans pocket or assurances of a "288-point quality inspection," the message to consumers is "quality is important." In contrast, high quality isn't the first thing that comes to mind when you think of in-house, custom software development.

Although most organizations have software quality assurance in place, these practices primarily evaluate the software's functionality, not its complex inner workings. Issues such as memory leaks, buffer overruns, poor inline documentation, single points of failure, and security holes are very difficult to find with black box quality assurance alone.

In most organizations, the developer that writes the system usually ends up supporting it. These weary developers vacation with laptops and yearn for unlisted home numbers. Effective reviews serve as knowledge-transfer sessions to other developers who can then also maintain the application, eliminating the dependence on specific developers.

A development review should not only resemble a manufacturer's quality inspection but also a marketer's focus group session — the potential consumers are those who will maintain the software. Like a brand manager at a focus group, in the reviews that I have conducted, the code author isn't allowed to speak, as her code should speak for itself. If the author needs to explain something during the review, it's a good sign that the explanation will need to be provided again during a late-night, outage crisis; the author should improve the code's clarity.

It's About Process

W. Edwards Deming, considered the father of quality, proposed that quality is more about evaluating processes than inspecting widgets. In manufacturing, statistical analysis on inspection data helps identify process flaws. But this technique is difficult to apply to software development. Still, reviews should strive to tweak development processes to improve the overall quality, not just that of the individual components. The following best practices are essential to engraining effective reviews into the development process:

  • Implement a development process that is followed consistently. This process should generate standard artifacts for each development phase. Integrate reviews into this development process.
  • Encourage the creation of review-friendly development process artifacts. It's much easier to review diagrams than verbose, textual descriptions. UML is a great medium for standardizing development process artifacts.
  • Use a consistent set of reviews to evaluate the artifacts created at different points in the development cycle. Review the requirements document before designing begins, and the design before coding begins. Segregating the reviews helps catch flaws early and limits the scope of the review. This prevents off-topic reviews, such as discussing the business requirements during the code review. (Because proper reviews include more than just evaluating code, I will refer to them as development artifact reviews going forward.)
  • Schedule the reviews so that there's enough time for rework. When deadlines are tight, you may have to review sections of incomplete code. The benefit may be reduced slightly, but the "big picture" effects on process improvement and team education still hold.
  • Create a formal review process that best fits with you organization's unique needs and personnel.
  • Establish metrics for the reviews, such as reductions in post-production bugs or decreases in application outage time. Analyze these metrics periodically to evaluate your review process.
  • Produce artifacts after each review that detail the review's findings.


Most Popular This Week
Kimball University: Better Business Skills for BI and Data Warehouse Professionals
Business Process Management 101: The Basics of BPM and How to Choose the Right Suite
Forrester Sees Convergence Trend In BI, Search
A Mashup Gives New Meaning to 'Military Intelligence'

IE Weekly Newsletter
Subscribe to the newsletter
    Email Address