A subsequent measure for increasing the quality of the developed products is an evaluation activity: the code review.
The code review is a method of improving the quality of written code by evaluating the work against the specifications and/or guidelines and subjecting it to peer review.
The code review can be carried out as a static test activity within development testing. Its aim is to ensure that the quality of the code meets the set functional and non-functional requirements.
In the code review, the following points can be checked, independently of the set requirements:
- Has the product been realised in accordance with the assignment? For example, are the requirements laid down in the technical design realised correctly, completely and demonstrably?
- Does the product meet the following criteria: internally consistent, meeting standards and norms and representing the best possible solution? ‘Best possible solution’ means the ‘best solution’ that could be found within the given preconditions, such as time and finance.
- Does the product contribute to the project and architecture aims? Is the product consistent with other, related products (consistency across the board)?
- Is the product suitable for use in the next phase of the development (integration)?
For the review, various techniques can be employed like over-the-shoulder, (email) pass-around, pair programming and the use of various code-analysis tools.
The code review is also applicable to development environments and development tools that are mainly used for configuration (rather than coding, e.g. with package implementations). In that case, the parameter settings are the subject of the review.
When carrying out the code review, allowance should be made for any overlap with the use of code-analysis tools. These tools are increasingly being included in the automated integration process, in which they perform all kinds of static analyses and checks automatically. The code review therefore does not have to focus on these. It is advisable to include the output of the tools in the code review report.