Code Review Guidelines for .NET Developers

Introduction

Code review (or peer review) is an important process applied by all the successful developers’ teams as it helps to share knowledge, expand the expertise, improve skills fast and prevent poor coding decisions. Code review is based on feedback and evaluation, which makes it an effective mechanism for growing the team’s agility and flexibility.

A PRO code reviewer is a highly capable person who

• identifies and fixes any bug
• ensures a positive feedback on the project code
• assists teammates

Code review covers four stages

• Reading through the code offered by an author(s)
• Spotting changes
• Providing a crystal-clear feedback
• Ensuring the code approval

The code review guidelines below will help in accomplishing a higher quality code at all stages and creating top-achievers’ corporate mentality.

Productive approach

• Start by understanding the team's priorities. Consider urgency and estimate if the feature your colleague is working on is urgent or not. Ask as well if your current work is urgent or not. (For instance, if it's a 10 line change that needs to go to prod today, then start reviewing immediately and treat code review as the task of high priority).
• Discussion of changes implies you need to act with respect to your peers.
• Reply to the comments to address every piece of the feedback.
• Be a part of the supportive environment by maintaining the high standards of code review communication.
• The task priority is assessed for every single case.
• Choose discussion over arguing: it is more effective in terms of achieving the goals.
• Be a mentor: all of us attribute at least part of our success to having the right mentor. Additionally, while explaining, you get more insightful.
• Be concise and clear to avoid miscommunication.
• One link directing to the helpful resource is better than a hundred comments to minor repetitive errors.
• Create a rapport with your review seeker: a lightweight code review is basically a conversation.
• Your goal is to get the adequate code check results for the code integrity.

Counterproductive approach

• Stating an opinion as a fact: conveying your thoughts in writing can be a challenge so be careful with choosing the words and tone.
• Overusing the option of commenting will not do any good as it makes the code review process more time-consuming than needed.
• Asking developers to fix unrelated problems will lead to the dead-end.
• Asking questions in a judgmental or sarcastic tone might put your peer into the defensive mode.
• Saying 'not my code, not my problem' is non-productive.
• Using 'you' in code review might shift the focus from the point of discussion to the personality of the coder so instead of writing "you made a mistake" send the corrected piece of the code without any additional statements or comments.

Code review best practices

Before You Start

• Remember that style arguments are easily settled by conforming to the style guide
• Remove compilation warning
• Perform Code Analysis

Code Structure Check

• Code is well-structured and has no excessively complex modules
• Repetitive code has been factored out
• Unneeded methods or stubs avoided/removed
• Local variables have self-documenting names
• Symbolic rather than "magic numbers" or strings is presented
• Replacement of the external reusable components by calls has been made

Documentation Check

• Documenting comments is meaningful (detecting and editing stubs in comments)
• Comments are related to the purpose of the code
• The comments are up to date

Performance Check

To produce a speedier code, take the following steps:

• make the check-up and apply profilers (helpful for identifying bottlenecks);
• boxing and unboxing make the speed gain disappear so remember that ValueTypes (being not very flexible) can hurt the performance in using incorrectly;
• while concatenating a large number of string variables, apply System.Text.StringBuilder instead of the C# + operator or the Visual Basic Concatenation Operators (& operator, + operator) for avoiding the performance pitfalls;
• using empty destructors would slow down the speed considerably and make the negative impact on performance so avoid it at any cost.

Thread safety Check

• Access to objects by multiple threads is synchronized
• Locks are acquired without causing the thread interlock

Security Check

• For closer look at security issues look up at www.owasp.org

Tips for effective code review

Code review is a regular kind of work. It means you need to prioritize it just like any other work. Do not let procrastination in code reviews as they are as important as creating the code itself.

Share code examples to give the added value to the author’s work in comments. When sending the suggested changes, remember that the author might take them as criticism. To avoid it, share the techniques you find useful with the coder as it will feel rewarding. This simple tip will also show that you are ready to be generous with your time when it comes down to review.

Make suggestions, not commands. Dictating instead of discussing will limit your communication opportunities considerably, so choosing requests over commands is much more preferable for the success of your review. Consider two phrases to feel the difference (in the second case, a much more productive approach is applied as it creates the channel of open communication):
'I would have done it differently.'
'Could we find another way to do it?'
The best way to make holistic changes is to try to move all the comments into the code, thus making them visible within the code.

The changes you suggest are about ‘what’ and ‘why’ (write what the change is, and explain why you need it)

When reviewers start making their comments and identifying issues, developers that are responsible for the branch can start either working to fix them or question the necessity for the change. In the latter case, the reviewer must be able to clearly articulate the reason for the change. 'Apply action filters methods to make them accessible only for authenticated users' is a good example of the change and explanation for its necessity.

Apply the automated code review tools

Manual review sessions can be a necessity in identifying security flaws; however, they have a considerable downside in time consumption. The assisting tools in code review are of great importance as they facilitate the workflow (for example, they help ignore code formatting issues like the whitespace diffs automatically) and make a reviewer’s job much more efficient and result-oriented. Exploring the options of these tools must be incorporated into code review practices.

Code Review Bundle is a set of perfect diff tools to help you understand the other programmer’s decisions and improve the project code quality till it gets feature-complete. Code Review Bundle is irreplaceable in code review if you need:

• create review requests
• work in integration with Visual Studio
• perform tasks in support with TFS, Subversion, Git, Mercurial, and Perforce.
• view added review comments from a file comparison document
• highlight code regions with review comments
• make code folding
• perform files merging
• assign multiple code authors to reviewed projects
• flag defects in comments
• make comments on a binary file

Wrap it up

Code review is a critical part of building a high-quality software developers' workflow. By examining source code systematically, a reviewer learns how to introduce changes efficiently. Thus, it facilitates communication among team members (sharpens up the ability to convey the ideas and teaches teamwork), and elevates the team to the next professional level due to a great number of skills that developers acquire when participating in the review.