Checklist for Conducting Code Review

Posted in: Checklists for Testers & Developers

Checklist for Conducting Code Review

Following list of questions remains quite helpful to the code reviewer. If needed, reviewer may like to get clarifications from the code writer.

Sr.	Code Review Questions
1.	Does the code do what has been specified in the design specification?
2.	Does the procedure used in the module solve the problem correctly?

3.	Does a software module duplicate another existing module, which could be reused?
4.	If library modules are being used, are the right libraries and the right versions of the libraries being used?
5.	Does each module have a single entry point and a single exit point? Multiple exit and entry point programs are harder to test.
6.	Is the cyclomatic complexity of the module more than 10? If yes, then it is extremely difficult to adequately test the module.
7.	Can each atomic function be reviewed and understood in 10-15 minutes? If not, it is considered to be too complex.
8.	Have naming conventions been followed for all identifiers, such as pointers, indices, variables, arrays, and constants? It is important to adhere to coding standards to ease the introduction of a new contributor (programmer) to the development of a system.
9.	Has the code been adequately commented upon?
10.	Have all the variables and constants been correctly initialized? Have correct types and scopes been checked?
11.	Are the global or shared variables, if there are any, carefully controlled?
12.	Are there data values hard coded in the program? Rather, these should be declared as variables.
13.	Are the pointers being used correctly?
14.	Are the dynamically acquired memory blocks deallocated after use?
15.	Does the module terminate abnormally? Will the module eventually terminate?
16.	Is there a possibility of an infinite loop, a loop that never executes, or a loop with a premature exit?
17.	Have all the files been opened for use and closed at termination?
18.	Are there computations using variables with inconsistent data types? Is overflow or underflow a possibility?
19.	Are error codes and condition messages produced by accessing a common table of messages? Each error code should have a meaning, and all of the meanings should be available at one place in a table rather than scattered all over the program code.
20.	Is the code portable? The source code is likely to execute on multiple processor architectures and on different operating systems over its lifetime. It must be implemented in a manner that does not preclude this kind of a variety of execution environments.
21.	Is the code efficient? In general, clarity, readability, or correctness should not be sacrificed for efficiency. Code review is intended to detect implementation choices that have adverse effects on system performance.

Sample of a General Code Review Checklist is as under

Sr.	Check Point	Yes/No
Design Issues
1.	Does each unit implement a single function?
2.	Are there instances where the unit should he partitioned?
3.	Is code consistent with detailed design?
4.	Does the code cover detailed design?
Data Items
1.	Is there an input validity check?
2.	Arrays-check array dimensions, boundaries, indices.
3.	Variables – are they all defined, initiated? Have correct types and scopes been checked?
4.	Are all variables used?
Data Items
1.	Are there computations using variables with inconsistent data types?
2.	Are there mixed-mode computations?
3.	Is the target value of an assignment smaller than the right-hand expression?
4.	Is over or underflow a possibility (division by zero)?
5.	Are there invalid uses of integers or floating point arithmetic?
6.	Are there any comparisons between floating point numbers?
7.	Are there any assumptions about the evaluation order in Boolean expressions?
8.	Are the comparison operators correct?
Control Flow Issues
1.	Will the program, module or, unit eventually terminate?
2.	Is there a possibility of an infinite loop, a loop with a premature exit, a loop that never executes?
Interface Issues
1.	Do the number and attributes of the parameters used by a caller match those of the called routine? Is the order of parameters also correct and consistent in caller and callee?
2.	Does a function or procedure alter a parameter that is only meant as an input parameter?
3.	If there are global variables, do they have corresponding definitions and attributes in all the modules that use them?
Input / Output Issues
1.	Have all files been opened for use?
2.	Are all files properly closed at termination?
3.	If files are declared are their attributes correct?
4.	Are EOF or I/O errors conditions handed correctly?
5.	Is I/O buffer size and record size compatible?
Portability Issues
1.	Is there an assumed character set, and integer or floating point representation?
2.	Are their service calls that mar need to be modified?
Error Messages
1.	Have all warnings and informational messages been checked and used appropriately?
Comments/Code Documentation
1.	Has the code been properly documented? Are there global, procedure, and line comments where appropriate?
2.	Is the documentation clear, and correct, and does it support understanding?
Code Layout and White Space
1.	Has white space and indentation been used to support understanding of code logic and code intent?
Maintenance
1.	Does each module have a single exit point?
2.	Are the modules easy to change (low coupling and high cohesion)?