Code Review Theory and actual combat
Summary
Code Review is a process of improving code quality by reviewing code, which has an extremely important status in XP methods, and has become an indispensable link in software engineering. By discussing some of the concepts and experiences of Code Review, this article should pay attention to what suggestions should be paid to the Code Review and Code Review. Most of the problems involved in this article are for Java class code. This article does not involve the Code Review process and organization.
Keywords: Code Review, Java, XP, code quality, software engineering
1. Introduction to Code Review
1 Purpose of Code REVIEW
Everything is known to know what it is, what we first need to know what is Code Review and what we use it. Code Review is a quality assurance mechanism used to confirm the scheme design and code implementation. We can check the code, test procedures, and annotations through this mechanism. Code REVIEW is mainly used to improve code quality during software engineering, and can achieve the following purposes through Code Review:
In the early days, you can find Bug in the code.
Help primary developers learn senior developers to achieve knowledge sharing
Avoid developers to make some common, very ordinary mistakes
Guarantee the good communication of the project team
The code or product's code is easier to maintain
2 Code Review Prerequisites
Know the purpose of Code Review, we can see how to do Code Review, but we have something to do before doing Code Review, the so-called predecessor, do not prevail, that is, if we don't have before entering code review Do some preparations, Code Review is easy to become meaningless or flow in the form, which is a lot of examples around us. The conditions that enter the Code Review requires checking as follows:
a) Does the Code Review understand what the concept of Code Review and what will do
If you do Code Review, you can't understand the importance of Code Review to success or failure of the project, and their approach may be payable.
b) whether the code has been correct, build's purpose makes the code no basic syntax error
We always don't want senior developers or supervisors to waste time on the code that is not completed.
c) Whether the function is correct when the code is executed
Code Review staff is not responsible for checking whether the functionality is correct, that is, the code that needs to be review must be responsible for the functionality of the code. The correctness of the code.
d) Whether the REVIEW personnel understand the code
Personnel who do reviews need to have a basic understanding of the code, what is the function, the code to take on one aspect, involve the database or communication, in order to take a targeted check
e) Do developers do unit testing of the code
This is also to ensure that some grammar and function problems before the Code Review have been resolved, and the Code Review can focus on the quality of the code.
3 What needs to do by Code Review?
Ok, enter the condition is ready, some people see the Code Review is not responsible in these conditions, then don't check, can not help, what do Code Review do? In fact, Code Review mainly checks whether there is the following aspects in the code: the consistency of the code, the code style, code security problem, code redundancy, correctly designed to meet demand (performance, function, etc.), one by one . The following content refers to the code check section in the article "Software Quality Assurance: Documentation and Reviews". 3.1 Integrity Check (Completeness)
Whether the code fully implements the functional requirements proposed in the design documentation
Whether the code has been integrated with the design documentation and debug
Whether the code has created a needed database, including the correct initialization data
Whether there is any variable, constant or data type that is not defined or not referenced in the code
3.2 Consistent check (consistency)
Whether the logic of the code meets the design documentation
Whether the format, symbol, structure, etc. used in the code is consistent
3.3 Correctness check (Correctness)
Whether the code meets the standard
All variables are correctly defined and used
All comments are accurate
All program calls use the correct number of parameters
3.4 Modificative check (Modifiability)
Whether the constant involved in the code is easy to modify (such as using configuration, defined as a common amount, using a special constant class, etc.)
Does crossword or data dictionary in the code are included to describe how the program is accessible to variables and constants.
Whether the code has only one exit and an entry (except for severe abnormal processing)
3.5 Predictive Check (Predictability)
Whether the development language used by the code has a definition of good grammar and semantics
Whether the code avoids the functionality that relies on the default development language
Whether the code is inadvertently caught in the dead cycle
Whether the code avoids infinity recursive
3.6 Quality Check (Robustness)
Whether the code takes action to avoid runtime errors (such as array boundaries overflow, zero, duty boundaries, stack overflow, etc.)
3.7 Structured Check (Structuredness)
Each function of the program is existed as an assessable code block.
Whether the loop has only one entrance
3.8 Traceability Check (Traceability)
Whether the code has uniquely identified each program
Is there a cross-reference frame to be used to correspond to each other between the code and the development document
Does the code include a revision history, records and reasons for the code in the record
Whether all security features have an identifier
3.9 Understandability Check (Understandability)
Note Whether it is clear enough to describe each subroutine
Whether to use an unclear or unnecessary complex code, whether they are clearly covered
Use some unified formatting techniques (such as indentation, blank, etc.) to enhance the clarity of the code
Is it easy to remember, reflect the type, and other methods when defining naming rules
Each variable defines a legal range range
The algorithm in the code meets the mathematical model described in the development documentation
3.1 Verifiable Check (VeriFiability)
The implementation technology in the code is easy to test
Second, Code Review Experience Check Item
The following is a list of inspections (Checklist), through classification, and targeted checks, guarantees the Code Review can be targeted.
1 Java coding specification inspection items
Inspection items Refer to Java coding specifications, see "Java Code Conventions"
2 Object-oriented design inspection
The scope of these points is very large, it is impossible to discuss this article, there are special books to introduce this problem, of course, in the Code Review, mainly rely on experience. A) Class design and abstract
B) Whether it meets the idea of interface-oriented programming
C) Whether to use a suitable design paradigm
3 performance inspection items
Performance Checking is a serious concern in most code. It is also the most prone to problems. It often has a programmer to write a function and syntax without a problem with a problem. It is not good to perform in performance. Therefore, there is a lot of rework, even pushing down.
A) When the massive data appears, the queue, table, document, whether there is a problem in transmission, UPLOAD, etc., there is no control, such as allocated memory block size, queue length and other control parameters
B) Selection and setting of the set data structure of Hashtable, Vector, etc., if the parameters such as Capacity, Load Factor are properly set, whether the data structure is synchronous
C) There is no abuse of String objects
D) Whether to use a universal thread pool, the object pool module and other Cache technology to improve performance
E) The interface of the class is defined, such as parameter type, etc., avoid internal conversion
F) Whether to use a memory or hard disk buffer mechanism to improve efficiency
G) Credit strategy when concurrent visits
H) Whether I / O uses a suitable class or use a good approach to improve performance (such as reducing serialization, using buffer package flow, etc.)
I) whether the use of the synchronization method is due to excessive use
J) Whether the number of stacks in the recursive method is suitable, and should be guaranteed within a reasonable stack space
K) If the blocking method is called, do you consider measures to ensure performance?
L) avoid excessive optimization, whether the code with high performance requirements use the Profile tool, such as Jprobe, etc.
4 resource leak processing inspection items
For Java, due to the presence of garbage collection mechanism, memory leaks are not too obvious, but improper use, there is still a problem with memory leakage. For other languages, such as C , it is necessary to pay serious attention. Of course, the problem that the database connection resource is not released is also the most common, I believe there are many PMs who have been tortured by this problem.
A) whether the assigned memory is released, especially on the wrong handling path (to non-Java class)
B) Whether all objects are released when the error occurs, such as database connections, socket, files, etc.
C) Whether the same object is released multiple times (for non-Java classes)
D) Whether the code saves an accurate object Reference count (for non-Java class)
5 thread safety inspection items
Thread security issues actually involve two aspects, one is performance, the other is the consistency of resources, we need to do a weighted weighing in these two aspects, now it is the time to trade out.
A) Whether all global variables in the code are threaded
B) If you need to be accessed by multiple threads, it is safe to use, and check whether there is a synchronization method.
C) Whether the lock on the synchronous object is obtained and released in the same order to avoid dead lock, pay attention to error handling code
D) There is a possible deadlock or competition. When you use multiple locks, avoid similar situations: thread a get lock 1, then lock 2, thread b to lock 2, then lock 1
E) While ensuring the safety of threads, pay attention to avoid excessive synchronization, resulting in reduced performance
6 Process inspection items
A) Whether the cycle end condition is accurate
B) Whether to avoid the generation of dead cycles
C) Whether the processing of the loop is suitable, such as circulating variables, local objects, cycles, and the like can take into account performance effects
7 database processing
Many Code Review people perform an environmentally friendly in the face of database portability and improving database transplantability and improving database performance.
A) Database design or SQL statement is easy to transplant (pay attention to conflicts)
B) Whether the database resources are properly closed and released
C) Database Access Module is properly encapsulated, easy to manage and improve performance
D) Whether to use a suitable transaction isolation level
E) Whether the stored procedure is used to improve performance
F) Whether prepaaredStatement is used to improve performance
8 Communication inspection items
A) Socket communication has a long-term blocking problem
B) Whether the transmitted data stream is buffered mechanism
C) SOCKET timeout processing, abnormal processing
D) traffic control problem of data transmission
9 Java object processing inspection
The basis of this check is a deeper understanding of the Java object, but the reality is a lot of programmers who have seen "Thinking In Java", still unable to distinguish between the values and passages in the program, and the difference between objects and Reference. This may be a problem that theoretical and practical is difficult to combine. It is said that it is not really known.
A) Treatment of the object lifecycle, whether the reference of the object has been invalid, it can be set to NULL and is reclaimed
B) There is no problem in the transmission of the object and the passage of the object, and whether the CLONE method of the object is excessive
C) Whether to create a temporary object in a large number
D) Do you try to use a local object (stack object)
E) Do you have created a new object instance in the place where you need the object Reference
10 exception handling inspection
The convenient exception handling mechanism is provided in Java, but the universal abnormality is captured, but it is not processed. We can open a piece of code. After entering a method, a large TRY / CATCH hesses all code lines and then prints an exception to the console in Catch, and the exception is an Exception object.
A) Each time the method is returned, it is correctly handled correctly, such as the simplest processing, record the log to the log file.
B) Whether the value and scope of the data is legally verified, including assertion (Assertion)
C) Whether all resources and memory are released on the error path
D) All throwing abnormalities get the correct processing, especially the abnormality thrown by the child method, must be captured and processed in the entire calling stack.
E) When the call causes an error, the caller of the method should get a notification.
F) Don't forget to test the code of the error handling section, many of the code is implemented in normal conditions, and once an error, the entire system collapsed.
11 method (function) inspection items
A) Whether the parameters of the method have been verified
B) Whether the array class structure has made a boundary check
C) Whether the variable has been initialized before use
D) Return to the referen of the object, do not return to the reference of the stack object
E) Whether the API is well defined, that is, whether it is programmed for interface programming, easy to maintain and reconstruct
12 security inspection
A) The code that executes the command line, you need to check the command line parameters in detail
B) Web class program Check if the access parameters are legally verified
C) Whether important information is saved to select the appropriate encryption algorithm
D) Consider whether to use secure communication methods when communicating
13
A) Quality output and control B) How to get the configuration information, is there a hard code
Third, summary
Through the implementation of Code Review in the project, it will bring us many benefits to improve code quality, guarantee the stability of the project or product, and the accumulation of the development experience. Code Review is also cost, which is a problem with the Code Review process, which will be discussed in other articles.
Fourth, reference materials
Java Language Coding Specification (Java Code Conventions) SUN
Software Quality Assurance: Documentation and Reviews Dolores R. Wallace, Wendy Wndy W. Peng, Laura M. ippolito
Rapid Software Development Steve Electronic Industry Press
V. About the author
Chen Jianhua, engaged in application development in mobile interconnection, email address: cqbbs@yeah.net
