Peer code review is happening behind the scenes at your competitor's shop. Are they wasting their time or gaining a competitive advantage? What type of review actually works? We've compiled 10 practical essays from industry experts giving specific techniques for effective peer code review:
Cisco: The largest-ever case study of peer code review
Modern experiments: results of the past 15 years
Five types of review: Pro's and Con's
Managing social aspects of peer review
Code review in the SEI/CMMI/PSP/TSP context
Why many developers don't embrace code review
Questions to ask when implementing a peer review process
Why haven't you heard more about code review?
Metrics and measurements
Code Collaborator: Software for efficient, remote peer review
Review By: Cathy Bell 06/23/2010This book champions peer code review. It is clearly written and, though a quick read, contains a lot of valuable information. The prevalent theme through out the book is that reviews are meant to occur early in the lifecycle of your project, so the cost of finding and fixing a defect found during a peer code review is much less than if found by a customer in production or even when found during unit or quality assurance testing. This is not a new concept but a fact that should be stressed when there is resistance to code reviews, because it takes time away from development.
The authors are well aware of the obstacles faced when implementing peer code reviews and show both the pros and cons of the most common types of review. They also offer practical advice on how to avoid resistance to these reviews and how to discharge negative emotions when they arise. The first nine chapters explain the basics of conducting a peer code review and give recent examples of how these reviews benefited organizations that took the time to implement them correctly. The examples solidify the many ways peer reviews can have a positive impact on your organization, including a walk through the case study conducted at Cisco Systems that occurred over a ten-month period during which 2,500 reviews were conducted on 3.2 million lines of code. The final chapter covers the CodeCollaborator software, which “enables peer review of source code changes before or after files are checked into version control" and allows you to “automate audit trails and metrics, enforce workflow rules, and generate reports."
The book gives a very realistic view of peer code reviews. The authors not only present the benefits of this type of review but also cover the people aspects that are often overlooked. No one is surprised that “delivery bugs to QA costs money; delivering bugs to customers costs a lot of money and a loss of goodwill,” so why is there resistance to code review?
The authors capture obstacles to the process as they discuss programmers’ sense of their coding being a “streaming activity” that code reviews interrupt—because time must be spent preparing for and attending the meeting—as well as touching on the subject of individual egos. The book has quite a bit of practical advice for developers on overcoming their fear of having others critique their work, the benefits of sharing their source code, and working in a collaborative environment. The authors stress that metrics gathered during peer reviews are useful tools and that peer reviews can be accomplished with a review checklist that can be adapted to each project. The authors also show how peer code reviews are a valuable asset in maturing an organization and discuss the integration of the reviews in the Software Engineering Institute’s various process models.