Monday, February 27, 2006
In Praise of Code Reviews
In Praise of Code Reviews:Code Reviews
For many types of work it is standard practice to have one's work checked by another before the work product is put into service. Authors have editors; engineers have inspectors and so on. But in software development it is common for code to flow directly from the programmer's fingertips into the hands of the end users without ever having been seen by another pair of eyes.
This is despite there being a large body of empirical evidence establishing the effectiveness of code review techniques as a device for defect prevention. Since the early history of programming, a number of different techniques for reviewing code have been identified and assessed.
A code walkthrough is any meeting in which two or more developers review a body of code for errors. A code walkthrough can find anywhere between 30 and 70 percent of the errors in a program.
Code reading is a more formal process in which printed copies of a body of code are distributed to two or more reviewers for independent review. Code reading has been found to detect about twice as many defects as testing.
Most formal of all is the code inspection, which is like a code walkthrough where participants play pre-defined roles such as moderator, scribe or reviewer. Participants receive training prior to the inspection. Code inspections are extremely effective, having been found to detect between 60 and 90 percent of defects. Defect prevention leads to measurably shorter project schedules. For instance, code inspections have been found to give schedule savings of between 10 and 30 percent.
If we can save time and improve quality with code reviews, why aren't the other 75 percent of projects doing them?
The essential problems are short-term thinking, force of habit and hubris.
For many types of work it is standard practice to have one's work checked by another before the work product is put into service. Authors have editors; engineers have inspectors and so on. But in software development it is common for code to flow directly from the programmer's fingertips into the hands of the end users without ever having been seen by another pair of eyes.
This is despite there being a large body of empirical evidence establishing the effectiveness of code review techniques as a device for defect prevention. Since the early history of programming, a number of different techniques for reviewing code have been identified and assessed.
A code walkthrough is any meeting in which two or more developers review a body of code for errors. A code walkthrough can find anywhere between 30 and 70 percent of the errors in a program.
Code reading is a more formal process in which printed copies of a body of code are distributed to two or more reviewers for independent review. Code reading has been found to detect about twice as many defects as testing.
Most formal of all is the code inspection, which is like a code walkthrough where participants play pre-defined roles such as moderator, scribe or reviewer. Participants receive training prior to the inspection. Code inspections are extremely effective, having been found to detect between 60 and 90 percent of defects. Defect prevention leads to measurably shorter project schedules. For instance, code inspections have been found to give schedule savings of between 10 and 30 percent.
If we can save time and improve quality with code reviews, why aren't the other 75 percent of projects doing them?
The essential problems are short-term thinking, force of habit and hubris.
