Professional Documents
Culture Documents
In short, C++ needs to be handled with care — and reviewed with an eagle eye.
This blog is divided into two parts. In part one, we’ll discuss more general
aspects of code review. In part two, we’ll dive into specific C++ code review
topics and build a checklist for C++ code reviews.
In addition, the mere discussion of code between two people or more raises new
questions and helps in pinpointing the important issues.
The above is true for any programming language you use, but the complexity of C++
makes it even more critical, requiring at least one extra set of eyes to review
your code, is essential.
The first is passing a static code analysis and being able to explain any warnings
you find that could be false positives or shouldn’t be handled for any reason.
There are great static code analysis tools out there – both open source and
commercial – and there is no reason not to use them. We assume of course that you
do not leave any compiler warnings, but in the rare cases where you have a really
good reason to ignore a compiler warning, it should of course also have good
explanation prepared ahead (e.g. as a comment above a pragma declaration,
instructing the compiler to ignore the warning).
The second thing you need is to actually test your code. You’ll want to run unit
tests that generate enough coverage of your code, preferably including errors and
edge cases. Without testing there is no sense in conducting a code review, as you
can’t tell whether your code actually works. Moreover, one of the items to be
reviewed in a code review are the tests. If you add tests after code review, make
sure that changes made in the code, following test failures, do not escape code
review.
Both static code analysis and good unit tests can reduce issues from propagating
into the code review and let you fix things beforehand, but they can’t catch every
single issue.
For instance, if you got the requirements wrong from the start, neither great tests
nor static analysis will reveal the issues there. On the other hand, code review
considers the requirements and helps you map them to the code and tested scenarios.
This lets you find inconsistencies between the requirements and the actual code.
Issues raised during the code review can be fixed immediately if they’re “quick
wins” (e.g., renaming variables and functions or adding short comments). Other
issues should be documented to be handled later. At the end of the code review,
there should be a decision made as to whether the code can be integrated (after
fixing minor comments if any) or should be presented again for another review.
It’s common practice to have someone on the team who didn’t write the code present
it, with the coder only being called on if something is unclear. This helps ensure
that the code is generally readable. On the other hand, it can be more efficient to
have the coder themselves present their code. It’s worth trying both ways to see
which fits your team better.
Pros:
Hard to go into questions that require in-depth investigation (which would probably
go off-line and wouldn’t be closed in the same meeting).
Time-consuming and less efficient, especially if performed in a large group – not
every discussion is relevant for all participants.
Need to find a suitable timeslot that fits all stakeholders.
Offline code review
A developer completes their changes to the code and asks for a code review via the
source control, as a pull