While you may think that code reviews are just big time wasters, they are useful indeed, especially when you want to catch bugs / find errors, ensure your code is readable and maintainable, share code among your team members, get new developers up to speed, or just expose your team to new approaches. I've recently bumped into an article by Gareth Wilson where he refers to the findings of the Software Engineering Institute Research that suggest that on average, each software developer makes 15-20 common mistakes. As such, he makes certain code review recommendations based on those mistakes. I've put his recommendations together into this Code Review Checklist that can be useful for anyone suspecting that something may be wrong with their code quality and consistency.
To sum up the Checklist, when doing your code review, make sure to break it down to 4 aspects: general, security, documentation, and QA and testing.
General issues that should be checked:
- code readability and maintainability
- code compliance with pre-determined conventions
- absence of duplicates and redundancy
- length of loops, etc.
In terms of code security, make sure to check:
- all data inputs and outputs and encoding
- use of 3rd party utilities such as plug-ins and add-ons
- how invalid parameters are handled
When reviewing documentation, make sure:
- all comments have been replied to and resolved
- all unusual behaviors ever described have been addressed
- use of 3rd party libraries is well documented
- your data structures and units are explained
Regarding testing, make sure your code is testable and all tests are comprehensive enough, all arrays are checked for out-of-bound errors, etc.
What other issues would you add to this Checklist?
Source: https://blog.fogcreek.com/