5 Types of Code Reviews
and Why They're Important for Your Team

Run-through

November 2022 Release Notes

Here’s what’s new in our November 2022 Release Notes:

* Improved data exports for our custom solutions;
* Stabilized backend environment for smoother workspace data refreshes;
* Flexible pagination;

Read More »

By GITENTIAL TEAM

Performing effective code reviews is consistently cited as the number one thing a company can do to improve their code quality, and by extension, product quality.

That’s just one of the findings of SmartBear’s [2019 State of Code Review]. However, there are five different types of code review and an actual, formal standard for conducting them. In today’s world, sometimes even the definition of “is” is called into question. Everyone likely knows what a code review is. But, knowing the different types of code reviews can help in the allocation of resources to maximize their value. This will also help you avoid one of the main reasons why some developers don’t like them.  

Code reviews are quality assurance measures conducted to examine a developer’s code in relation to several objectives. The primary aim of code reviews is to find code defects, but also to verify compliance with QA standards as relates to logic, structure, style, and readability. Code reviews are also indispensable to cultivating teamwork, knowledge sharing, finding new solutions, and ultimately increasing code quality. Software developers and engineers consider code reviews as the number one means of improving code quality, followed by unit testing and continuous integration, per SmartBear’s report.

To be useful, code reviews must be conducted by two or more software developers or engineers with relevant expertise about the purpose of the code. The code may relate to any number of complex systems like information security, billing information, transactional data, and others subject to legal standards or requirements. In all cases, at least one code reviewer must be someone who was not involved in writing it.

A Word on Peer Code Reviews

Peer Code Reviews start before any code is written, so they’re different from the five main types of code reviews we cover below. You can read more about them in the link, suffice that peer code reviews let developers discuss the best approach to a task before starting on it. This helps developers to:

  1. Start off and stay on the right track.
  2. Save time, avoid waste – as they’re usually fast and informal.
  3. Cultivate teamwork and reduce knowledge silos.
  4. Make other code reviews somewhat faster and more efficient (ostensibly fewer defects, better structure, etc.).

Many teams are limited in the time they can allocate for senior and junior devs to work together, but “Peer Reviews” help offset the bottleneck. “Two heads are better than one,” as they say. The process of talking through the code logic/structure can preempt a lot of wasted effort.

Peers can meet to discuss challenges and tips during development, too, but they’re not a substitute for “reviews of actual code that’s already been written.” 

5 Main Types of Code Reviews

Engineers and managers regard code reviews without consistent standards, processes and insufficient reporting to be just as problematic as sloppy code. Organizations desiring ready-made code review standards and procedures are in luck! They can turn to The Institute of Electrical and Electronics Engineers (IEEE) Standard for Software Reviews and Audits [IEEE 1028-2008].

It should be noted that these procedures are very (exceedingly) formal and not always well-suited to distributed work environments.  Most companies don’t apply to such strict standards. It’s always nice to have robust guidelines that you can adapt vs. reinventing the wheel from scratch. 

It defines five types of code reviews, from most to least involved (most of today’s reviews tend to be Inspections and Walkthroughs:

1. Audits

Typically led by an external and independent auditor to evaluate compliance to laws, regulations, standards and guidelines. Audits are usually conducted by independent third-parties, so they reside outside the scope of this discussion. You’ll likely encounter audits when engaged in contract work for governments, the military, large corporations, and software involving public safety like air traffic control. 

2. Management reviews

Used by project managers and team leaders to make sure suitable progress is being made and is in conformance with QA standards. These reviews are also used when changing objectives or when re-allocating resources. Management reviews tend to be the rarest, most formal and involved reviews aside from independent audits.  

3. Technical code reviews

Loosely the same as formal inspections or Fagan Inspections. They are led by senior software developers or engineers to review compliance to project specifications. They check for code defects, that it works as intended, and determine if it is ready to advance to the next step. Manager presence is usually optional.

4. Inspections

Despite the name, the IEEE term is generally synonymous with regular change-based reviews as more commonly referenced by software developers. Inspections are led by a facilitator and usually peer/s (but absent managers). Inspections are used to identify code defects, deviations of standards and specifications; as well as recommend remedial actions. 

“Inspections” can be generally equated with PR Code Reviews – as again, most teams are working remotely these days.

5. Walkthroughs

Led by the code’s author with other team members (absent managers) to find code defects and identify better solutions to improve the product. Walkthroughs can also be used to train and educate team members about the product. These are the least formal – though they may involve significant effort to prepare. 

It’s also worth referencing “Reverse Walkthroughs” – going back to high school when teachers asked the class questions and students raised your hand… This is a good technique for seeing if your junior devs are understanding the logic and reasons behind the code you’re working with. Ask your developers questions to see where they’re at.

Informal Code Review Formats

There are, of course, less-formal code reviews like “over-the-shoulder reviews” and “sequential email reviews” that may be passed around like a chain letter. These looser formats can be very useful, often the “de facto” code review format as they don’t involve a lot of resources to support or organize.

Three of the five types of reviews described above are almost always conducted without managers present. This underscores that they should not be mixed up with performance reviews. Though still focused on catching code defects and bugs, it’s important for code reviews to be used to provide team members constructive feedback. Effective code reviews help developers improve the product, while also building their knowledge, skills, and team camaraderie.

While adherence to IEEE 1028-2008 is voluntary, it may be required with government contracts and companies with strong International Standards Organization (ISO) programs. By extension, this includes adherence to other international standards-setting bodies like the IEEE, the International Electrotechnical Commission (IEC), and regional bodies like the European Telecommunications Standards Institute (ETSI).

How to Handle Toxicity Problems

Aside from the time and effort involved, toxic behavior during code reviews is one of the most frequently cited reasons why some software developers were reluctant to participate in them. 

Do you feel toxicity is a problem in your organization? If so, it may be necessary to bring up sensitivity training with your Human Resources manager. Typically, HR is obliged to keep such issues confidential. Your HR team is there to provide a buffer between employees and managers in responding to organizational toxicity. Confronting managers who can sometimes be contributing to the problem can risk prejudice in future performance evaluations and promotion opportunities.

Code Reviews and Performance Reviews?

Code reviews by themselves should not be used for performance reviews. A consistent pattern by a developer in failing to apply lessons learned from previous code reviews is. But, there can be a big problem if code reviews are themselves used for evaluating promotions and raises. This risks software developers, even engineers, becoming hostile to the code review process. In consequence, they may focus on their own performance metrics instead of taking the lessons that improve the product and their code.

Adding AI to the Mix

Gitential is in the process of transforming its software development analytics into an AI-Powered Digital Assistant – for all Software Development stakeholders. How’s could this impact code reviews?  

There are actually a few ways, and they form the tip of an “augmented team iceborg.” 

At the most basic level, once implemented, users will be able to ask questions and get an answer – the data, definitions of the data, and Next Best Actions. You’ll still be able to manually dig through the analytics if you like. That’s time consuming. It can be hit or miss in terms of finding actionable insights. AI excels at pattern recognition and can find useful data a lot faster. You know that. Functionally, we’re talking about actionable insights on demand.

 

The developer can find out who the best person on their team or entire company is to ask questions about a particular coding challenge, request a peer code review, or could be a mentor – by programming language or technology. In turn, the developer can find out who’s PRs they should be reviewing. 

This is a natural application for Agile self-organizing teams. However, the Engineering Manager can use the data to optimize their teams – and structure training across all knowledge-sharing activities: 

  • Standup Meeting “Tips of the Day”
  • Sprint Planning and Retrospectives
  • Story-Splitting Efforts
  • Resource Library Examples
  • Optimizing Code/PR Reviews and Mentors
  • Walkthroughs and Reverse Walkthroughs
  • One-on-One Meetings
  • Objective and Key Results Meetings
Fundamentally, AI-Powered Assistants help 10x engineering manager’s efforts to 10x their team’s performance. What used to take hours or days can now be done in minutes. 

New and Related Articles

Since starting our blog, we’ve added a lot of content about Agile Processes and Best Practices, as well as AI-Powered Digital Assistants and AI-Augmented Teams. 

There’s a lot more, but  if you’re interested in code reviews, we’ve selected five articles that are likely to be of  related interest to you:

Article Updated: January 30, 2022

November 2022 Release Notes

Here’s what’s new in our November 2022 Release Notes:

* Improved data exports for our custom solutions;
* Stabilized backend environment for smoother workspace data refreshes;
* Flexible pagination;

Read More »

Did you like our content?

Spread the word

Subscribe to Our Newsletter

Don't miss our latest updates.
All About Software Engineering Best Practices, Productivity Measurement, Performance Analytics, Software Team Management and more.

Did you like our content?

Spread the word

Subscribe to Our Newsletter

Don't miss our latest updates.
All About Software Engineering Best Practices, Productivity Measurement, Performance Analytics, Software Team Management and more.