Peer Code Reviews and Their Role in Ensuring Quality and Reliability of Software Products

By Alok Mehta & Rich Sloan

Peer code reviews are an important tool within a development team to ensure the quality and reliability of software products. Peer code reviews involve the examination of code by other members of a development team to identify and correct any errors or inefficiencies. This process not only helps to improve the quality of the code itself but also enhances the overall development process.

The benefits of peer code reviews are numerous. First and foremost, they help to catch big missing requirements, bugs and errors that may not be immediately obvious to the original developer. This can save significant time and resources by preventing the introduction of costly bugs into the codebase. One of the main goals of peer code reviews should be to gain outside perspective on a piece of code or functionality. Additionally, peer code reviews provide an opportunity for team members to learn from each other, exchange ideas, and improve their own coding skills. Peer code reviews can also be important in the onboarding of new team members. It gives those new members the opportunity to view the team’s standards, and coding style and ask questions regarding functionality.

Furthermore, peer code reviews can help to improve code consistency and maintainability. When multiple developers review each other’s code, they can identify and address inconsistencies in coding style and naming conventions. This leads to a more cohesive and maintainable codebase, which can be easier to understand and work with for both current and future developers. Some ideas that can be used to measure code reviews are:

  • Code Readability – Does the code follow best practices and is it easy for someone not familiar with the codebase to understand what the intent of the code is?
  • Security – Has the code been scanned for vulnerabilities using your organization’s secure coding best practices? does the code meet best practices for DevSecOps?
  • Test Coverage – Is the functionality being built covered by unit, integration, or functional tests? Do the tests account for positive and negative test scenarios? what is the code coverage score?
  • Reusability – Are the components, functions and services reusable or easily extended.?

Despite the numerous benefits of peer code reviews, there are also potential pitfalls of which to be aware. One potential issue is that reviews can be overly critical or nitpicky, which can demotivate developers and damage team morale. It is important for reviewers to provide constructive feedback and to focus on the most significant issues, rather than getting bogged down in minor details. Another potential issue is that reviews can become a bottleneck in the development process. If code reviews take too long to complete; it can slow down the overall pace of development and cause delays. To mitigate this issue, it’s important to establish clear guidelines for the review process and to ensure that reviewers have the necessary resources and support to complete reviews efficiently. Setting a time period for the team to complete the review and including it as part of your SDLC and estimates is important to reduce bottlenecks.

Finally, there is the potential for reviews to become overly reliant on personal preferences or biases. Reviewers may have differing opinions on what constitutes good code, which can lead to conflicting feedback and slow down the review process. To avoid this issue, it’s important to establish objective criteria that follow the team’s best practices for code reviews and to ensure that all team members are familiar with these criteria.

Below are best practices for a peer review process that can be adopted:

Define Standards: Peer reviews are only useful if you have established standards to review against. For example, the standards should clearly articulate what the naming conventions are if peer reviews consider naming conventions to be evaluated.

Define Scope:  The scope of each review should be understood and can be very focused. For example, focus on integration more than aesthetic value of the peer review.

Factor in time for self-review in the project plan: This is usually a tough one to negotiate as it adds time to the project. If the scope is managed appropriately then a peer review can add tremendous value to organizations. But over a period of time, peer reviews help improve quality and reduce cost.

Have a central repository of reviews and outcome: There are many tools that can be used to systematically store review feedback as they are valuable to refer to in the future.  So it is highly recommended to have a central repository of peer review feedback, action items and completion dates. There are many commercially available tools which can facilitate being a central repository such as Atlassian Crucible, Codacy and SmartBear Collaborator. Performing and storing your reviews alongside the code in your GIT repositories such as Github, Bitbucket or GitLab when performing a pull request works well as a low-cost option and provides the added benefit of reducing the task switching that your teams will go through.

Automate: Many integrated development environments (IDE) provide automated ways to do code reviews based on established rules. Most major languages have linters (static code analysis tool used to flag programming errors, bugs, stylistic errors and suspicious constructs) within the community that plugin to the IDE and provide developers with instant feedback on their code. For example, if comments are missing before the function is declared, the IDE will raise an alert. The commercial marketplace is quite rich with such tools and they are worth the investment.

Use of AI/ML: Artificial intelligence and Machine Language (AI/ML) provide some incredible ways to raise alerts as well as autocorrect certain elements of code review. These machine-language algorithms can even generate unit test cases and attach them to the code,  improving the quality of code. With the advent of AI/ML, not only can code reviews be automated, but the code can also be tested to a large degree. While this technology is still evolving, it is certainly worth the time to investigate the potential. Amazon CodeGuru is an example of this type of technology. While still in its infancy, CodeGuru is trained on millions of lines of Java code to identify issues with your most expensive lines of code by catching issues early in the development cycle and continuously monitoring the code. The tool shows promise as it matures and gets adoption by development teams.

Make it a learning experience: Ultimately, you would want to use the peer review as learning experience for your team.  Having more than one developer understanding code lowers risk in the overall project by providing redundancy. Overtime, junior developers can be trained by the senior developers. Further, the learnings can also come from automated processes.

Make it Fun: Peer reviews don’t have to be boring. These reviews can be fun. You can mix them with lunch-and-learns, peer review hackathons, offer prizes etc.

In conclusion, peer code reviews are a critical component of the software development process. They provide a valuable opportunity for team members to learn from each other, improve the quality and consistency of code, and ensure the reliability and maintainability of software products. However, it’s  important to be aware of potential pitfalls and to establish clear guidelines and criteria to ensure that reviews are constructive, efficient, and objective.

Alok Mehta is CIO of Business Systems at Kemper Insurance

Rich Sloan is AVP of Application Development at Kemper Insurance