Table of Contents

    Code Review Basics

    Programming Mastery

    Code Review Basics

    Learn how developers review code changes to improve quality, catch bugs early, share knowledge, and maintain clean, secure, and professional software.

    Introduction

    Code review is the process where one or more developers examine another developer’s code before it becomes part of the main project.

    In real software development, writing code is not the final step. Before code is merged, deployed, or released, it should be reviewed to check correctness, readability, maintainability, security, testing, and alignment with project standards.

    Code review is not about blaming developers. It is about improving the code together.

    A good code review helps the whole team learn, reduces mistakes, improves software quality, and creates shared ownership of the codebase.

    Easy Real-Life Example

    Code Review as Proofreading an Essay

    Imagine writing an essay and asking a friend to read it before submission. Your friend may find spelling mistakes, unclear sentences, missing points, or better ways to explain the idea.

    Essay Review:
    - Check spelling
    - Check grammar
    - Check clarity
    - Check missing points
    
    Code Review:
    - Check bugs
    - Check logic
    - Check readability
    - Check test cases
    - Check security
    - Check maintainability

    Code review works like proofreading, but for software code.

    What is Code Review?

    Code review is a quality-checking practice where code changes are inspected before they are accepted into the main codebase.

    The reviewer reads the code, checks whether it solves the intended problem, verifies whether it follows coding standards, and gives feedback if improvements are needed.

    Key Idea: Code review helps ensure that code is correct, readable, maintainable, and safe before it is merged.

    Why Code Review is Important

    Code review is important because even experienced developers can miss bugs, edge cases, or design problems in their own code.

    A second pair of eyes can catch problems early before they become production defects.

    Benefits of Code Review

    • Helps detect bugs early.
    • Improves code readability.
    • Maintains coding standards.
    • Improves software quality.
    • Supports knowledge sharing among team members.
    • Helps junior developers learn better practices.
    • Reduces technical debt.
    • Improves security awareness.
    • Encourages shared ownership of the codebase.
    • Makes future maintenance easier.

    Who Participates in Code Review?

    Code review usually involves two main roles: the author and the reviewer.

    Role Responsibility
    Code Author Writes the code and submits it for review.
    Reviewer Reads the code, checks quality, and provides feedback.
    Team Lead / Senior Developer May review important design, architecture, or risky changes.
    Automated Tools Can check formatting, linting, test results, and some security issues.

    Common Code Review Workflow

    A simple code review workflow usually follows these steps.

    1. Developer writes code
    2. Developer tests the code
    3. Developer creates a pull request or merge request
    4. Reviewer checks the code
    5. Reviewer gives feedback
    6. Developer makes improvements
    7. Reviewer approves the code
    8. Code is merged into the main branch

    This workflow helps teams review changes before they become part of the shared codebase.

    What is a Pull Request?

    A pull request, often called a PR, is a request to merge code changes from one branch into another branch.

    The pull request usually contains the changed files, description, comments, test results, and review discussion.

    Pull Request Contains:
    - Title
    - Description
    - Changed files
    - Reason for change
    - Test information
    - Reviewer comments
    - Approval or requested changes

    What Reviewers Should Check

    A reviewer should focus on important quality areas instead of only checking formatting.

    Review Area Questions to Ask
    Correctness Does the code solve the intended problem?
    Requirement Match Does the code match the requirement or user story?
    Readability Can another developer understand the code easily?
    Maintainability Will the code be easy to change later?
    Testing Are meaningful tests added or updated?
    Edge Cases Does the code handle unusual or boundary situations?
    Security Does the code avoid exposing sensitive data or unsafe behavior?
    Performance Is the code efficient enough for expected usage?
    Consistency Does it follow project naming, formatting, and design style?

    Simple Code Review Checklist

    Reviewer Checklist

    • Does the code compile or run successfully?
    • Does the code solve the correct problem?
    • Are variable and function names meaningful?
    • Is the code readable and properly formatted?
    • Are functions small and focused?
    • Is duplicate code avoided?
    • Are error cases handled properly?
    • Are important edge cases covered?
    • Are tests added or updated?
    • Are comments useful and not excessive?
    • Is sensitive data protected?
    • Does the code follow team standards?

    Responsibilities of the Code Author

    A code author should make the review easy for reviewers.

    Before Requesting Review

    • Understand the requirement clearly.
    • Write clean and readable code.
    • Test the code before submitting.
    • Remove unnecessary commented-out code.
    • Keep the change focused.
    • Write a clear pull request title.
    • Explain what changed and why.
    • Mention risky or complex areas.
    • Attach screenshots if there are UI changes.
    • Respond politely to review feedback.

    Responsibilities of the Reviewer

    A reviewer should give useful feedback that improves the code and helps the author.

    Reviewer Responsibilities

    • Review the code carefully.
    • Understand the purpose of the change.
    • Focus on correctness, readability, maintainability, and risk.
    • Give specific feedback.
    • Be respectful and constructive.
    • Ask questions when something is unclear.
    • Suggest improvements when helpful.
    • Do not focus only on minor style issues.
    • Approve only when the code is ready.

    Giving Constructive Feedback

    Code review feedback should be clear, polite, and useful.

    The goal is to improve the code, not to criticize the person.

    Poor Feedback Better Feedback
    This is wrong. This condition may fail when the marks value is null. Can we add validation before comparing?
    Bad naming. Can we rename x to totalMarks so the purpose is clearer?
    Fix this. This function is doing validation and saving together. Can we separate them into two functions?
    Why did you do this? Can you explain the reason for this approach? I want to understand the requirement better.

    Example: Code Review Comment

    Code Submitted

    FUNCTION calc(m)
        IF m >= 40 THEN
            RETURN "P"
        ELSE
            RETURN "F"
        END IF
    END FUNCTION

    Review Feedback

    Suggestion:
    Can we rename calc to calculateResult and m to marks?
    Also, returning "Pass" and "Fail" instead of "P" and "F"
    will make the output more readable.

    Improved Code

    FUNCTION calculateResult(marks)
        IF marks >= 40 THEN
            RETURN "Pass"
        ELSE
            RETURN "Fail"
        END IF
    END FUNCTION

    The improved code is easier to understand because names and outputs are clearer.

    Code Review vs Testing

    Code review and testing are both important, but they are not the same.

    Code Review Testing
    Humans inspect the code. Code is executed to check behavior.
    Can find readability, design, logic, and maintainability issues. Finds behavior mismatches between expected and actual results.
    Does not replace testing. Does not replace human review.
    Useful before merging code. Useful before and after code changes.

    Automated Checks in Code Review

    Automated tools can support code review by checking common issues before human review.

    Automated Checks May Include:
    - Formatting check
    - Linting
    - Unit tests
    - Build verification
    - Code coverage
    - Static analysis
    - Security scanning

    Automated checks help reviewers focus more on logic, design, and maintainability instead of only style issues.

    Keep Code Reviews Small

    Small and focused code reviews are easier to understand and more effective.

    Large reviews are harder to inspect properly and may cause reviewers to miss important issues.

    Large Review Problems

    • Too many files changed.
    • Reviewer loses focus.
    • Feedback becomes slower.
    • Bugs may be missed.
    • Merge conflicts become more likely.

    Small Review Advantages

    • Easy to understand.
    • Faster to review.
    • Better feedback quality.
    • Lower risk of hidden bugs.
    • Easier to test and merge.

    Security in Code Review

    Code review should also consider security risks.

    Security Review Questions

    • Is user input validated?
    • Is sensitive data protected?
    • Are passwords, tokens, or secrets exposed?
    • Is proper authentication checked?
    • Is proper authorization checked?
    • Are error messages safe and not revealing sensitive details?
    • Are logs avoiding private information?

    Student-Friendly Example: Grade Calculator Review

    Requirement:
    Create a function that returns grade based on marks.
    
    Review Checklist:
    - Does the function handle marks below 0?
    - Does the function handle marks above 100?
    - Are boundary values checked?
    - Are names meaningful?
    - Is the code readable?
    - Are test cases written for 40, 60, 75, 90?
    - Are invalid inputs handled clearly?

    Real-World Example: E-Commerce Checkout Review

    Review Area Example Question
    Business Logic Is discount applied before or after tax according to business rules?
    Validation What happens if quantity is zero or negative?
    Security Is payment-related data handled safely?
    Error Handling Does checkout show a clear error if payment fails?
    Testing Are tests added for valid coupon, invalid coupon, and expired coupon?
    Maintainability Is price calculation separated into reusable functions?

    Best Practices for Code Review

    Recommended Practices

    • Keep code changes small and focused.
    • Review your own code before requesting review.
    • Write clear pull request titles and descriptions.
    • Run tests before submitting code.
    • Use automated checks for formatting and basic issues.
    • Focus human review on logic, design, risk, and maintainability.
    • Give respectful and specific feedback.
    • Ask questions instead of assuming mistakes.
    • Explain why a change is requested.
    • Do not approve code that you do not understand.
    • Use team coding standards as the review reference.
    • Remember that review is about the code, not the person.

    Common Beginner Mistakes

    Mistakes

    • Taking code review feedback personally.
    • Submitting very large pull requests.
    • Not testing code before review.
    • Writing unclear pull request descriptions.
    • Reviewing only formatting and ignoring logic.
    • Giving vague feedback like “fix this”.
    • Approving code without understanding it.
    • Ignoring security and edge cases.

    Better Habits

    • Treat feedback as learning.
    • Keep changes small and focused.
    • Run tests before requesting review.
    • Explain the purpose of the change clearly.
    • Review correctness, readability, testing, and maintainability.
    • Give specific and respectful feedback.
    • Ask questions when unsure.
    • Check edge cases and security concerns.

    Prerequisites Before Learning Code Review

    Students should understand the following topics before learning code review deeply:

    Required Knowledge

    • Basic programming syntax.
    • Functions and methods.
    • Code readability.
    • Naming conventions.
    • Clean code basics.
    • Testing basics.
    • Unit testing introduction.
    • Version control basics.
    • Basic debugging concepts.

    Trace Table Example: Code Review Process

    Step Activity Result
    1 Developer completes code change. Feature or bug fix is ready for review.
    2 Developer runs tests. Basic issues are caught before review.
    3 Pull request is created. Reviewer can inspect the changes.
    4 Reviewer checks code and gives comments. Possible improvements are identified.
    5 Developer updates code. Review feedback is addressed.
    6 Reviewer approves. Code can be merged safely.

    Practice Activity: Review the Code

    Review the following pseudocode and suggest improvements.

    FUNCTION calc(m)
        IF m >= 40 THEN
            RETURN "P"
        ELSE
            RETURN "F"
        END IF
    END FUNCTION

    Sample Review Suggestions

    1. Rename calc to calculateResult.
    2. Rename m to marks.
    3. Return "Pass" and "Fail" instead of "P" and "F".
    4. Add validation for marks below 0 or above 100.
    5. Add unit tests for 40, 39, 0, 100, and invalid values.

    Improved Version

    FUNCTION calculateResult(marks)
        IF marks < 0 OR marks > 100 THEN
            RETURN "Invalid marks"
        ELSE IF marks >= 40 THEN
            RETURN "Pass"
        ELSE
            RETURN "Fail"
        END IF
    END FUNCTION

    Mini Quiz

    1

    What is code review?

    Code review is the process of examining code changes before they are merged into the main codebase.

    2

    Why is code review important?

    It helps catch bugs early, improve readability, maintain standards, share knowledge, and improve software quality.

    3

    Who reviews code?

    Usually another developer or team member reviews the code. Automated tools may also support the review.

    4

    What should reviewers focus on?

    Reviewers should focus on correctness, readability, maintainability, testing, edge cases, security, and consistency.

    5

    What is a pull request?

    A pull request is a request to merge code changes from one branch into another after review.

    Interview Questions on Code Review Basics

    1

    What is the purpose of code review?

    The purpose of code review is to improve code quality, catch problems early, maintain standards, and share knowledge across the team.

    2

    What is the difference between code review and testing?

    Code review is human inspection of code, while testing executes code to verify behavior against expected results.

    3

    Why should pull requests be small?

    Small pull requests are easier to understand, faster to review, and less likely to hide bugs.

    4

    How should feedback be given in code review?

    Feedback should be specific, respectful, constructive, and focused on improving the code.

    5

    What are common code review mistakes?

    Common mistakes include reviewing too late, submitting large changes, giving vague feedback, focusing only on style, and approving code without understanding it.

    Quick Summary

    Concept Meaning
    Code Review Examining code changes before merging.
    Reviewer Person who checks the code and gives feedback.
    Code Author Person who writes and submits the code.
    Pull Request A request to merge code changes after review.
    Constructive Feedback Helpful feedback focused on improving code.
    Automated Checks Tools that check formatting, tests, build, and quality issues.
    Small Review A focused review with limited and related changes.
    Shared Ownership Team responsibility for maintaining code quality.

    Final Takeaway

    Code review is a professional software development practice where developers inspect code changes before merging them. It helps catch bugs early, improve readability, enforce standards, strengthen security, and share knowledge across the team. Good reviews are small, focused, respectful, and constructive. Students should remember that code review is not criticism of a person; it is collaboration to make the software better.