Code Review Basics
Code Review Basics
Learn how developers review code changes to improve quality, catch bugs early, share knowledge, and maintain clean, secure, and professional software.
Introduction
Code review is the process where one or more developers examine another developer’s code before it becomes part of the main project.
In real software development, writing code is not the final step. Before code is merged, deployed, or released, it should be reviewed to check correctness, readability, maintainability, security, testing, and alignment with project standards.
A good code review helps the whole team learn, reduces mistakes, improves software quality, and creates shared ownership of the codebase.
Easy Real-Life Example
Code Review as Proofreading an Essay
Imagine writing an essay and asking a friend to read it before submission. Your friend may find spelling mistakes, unclear sentences, missing points, or better ways to explain the idea.
Essay Review:
- Check spelling
- Check grammar
- Check clarity
- Check missing points
Code Review:
- Check bugs
- Check logic
- Check readability
- Check test cases
- Check security
- Check maintainability
Code review works like proofreading, but for software code.
What is Code Review?
Code review is a quality-checking practice where code changes are inspected before they are accepted into the main codebase.
The reviewer reads the code, checks whether it solves the intended problem, verifies whether it follows coding standards, and gives feedback if improvements are needed.
Why Code Review is Important
Code review is important because even experienced developers can miss bugs, edge cases, or design problems in their own code.
A second pair of eyes can catch problems early before they become production defects.
Benefits of Code Review
- Helps detect bugs early.
- Improves code readability.
- Maintains coding standards.
- Improves software quality.
- Supports knowledge sharing among team members.
- Helps junior developers learn better practices.
- Reduces technical debt.
- Improves security awareness.
- Encourages shared ownership of the codebase.
- Makes future maintenance easier.
Who Participates in Code Review?
Code review usually involves two main roles: the author and the reviewer.
| Role | Responsibility |
|---|---|
| Code Author | Writes the code and submits it for review. |
| Reviewer | Reads the code, checks quality, and provides feedback. |
| Team Lead / Senior Developer | May review important design, architecture, or risky changes. |
| Automated Tools | Can check formatting, linting, test results, and some security issues. |
Common Code Review Workflow
A simple code review workflow usually follows these steps.
1. Developer writes code
2. Developer tests the code
3. Developer creates a pull request or merge request
4. Reviewer checks the code
5. Reviewer gives feedback
6. Developer makes improvements
7. Reviewer approves the code
8. Code is merged into the main branch
This workflow helps teams review changes before they become part of the shared codebase.
What is a Pull Request?
A pull request, often called a PR, is a request to merge code changes from one branch into another branch.
The pull request usually contains the changed files, description, comments, test results, and review discussion.
Pull Request Contains:
- Title
- Description
- Changed files
- Reason for change
- Test information
- Reviewer comments
- Approval or requested changes
What Reviewers Should Check
A reviewer should focus on important quality areas instead of only checking formatting.
| Review Area | Questions to Ask |
|---|---|
| Correctness | Does the code solve the intended problem? |
| Requirement Match | Does the code match the requirement or user story? |
| Readability | Can another developer understand the code easily? |
| Maintainability | Will the code be easy to change later? |
| Testing | Are meaningful tests added or updated? |
| Edge Cases | Does the code handle unusual or boundary situations? |
| Security | Does the code avoid exposing sensitive data or unsafe behavior? |
| Performance | Is the code efficient enough for expected usage? |
| Consistency | Does it follow project naming, formatting, and design style? |
Simple Code Review Checklist
Reviewer Checklist
- Does the code compile or run successfully?
- Does the code solve the correct problem?
- Are variable and function names meaningful?
- Is the code readable and properly formatted?
- Are functions small and focused?
- Is duplicate code avoided?
- Are error cases handled properly?
- Are important edge cases covered?
- Are tests added or updated?
- Are comments useful and not excessive?
- Is sensitive data protected?
- Does the code follow team standards?
Responsibilities of the Code Author
A code author should make the review easy for reviewers.
Before Requesting Review
- Understand the requirement clearly.
- Write clean and readable code.
- Test the code before submitting.
- Remove unnecessary commented-out code.
- Keep the change focused.
- Write a clear pull request title.
- Explain what changed and why.
- Mention risky or complex areas.
- Attach screenshots if there are UI changes.
- Respond politely to review feedback.
Responsibilities of the Reviewer
A reviewer should give useful feedback that improves the code and helps the author.
Reviewer Responsibilities
- Review the code carefully.
- Understand the purpose of the change.
- Focus on correctness, readability, maintainability, and risk.
- Give specific feedback.
- Be respectful and constructive.
- Ask questions when something is unclear.
- Suggest improvements when helpful.
- Do not focus only on minor style issues.
- Approve only when the code is ready.
Giving Constructive Feedback
Code review feedback should be clear, polite, and useful.
The goal is to improve the code, not to criticize the person.
| Poor Feedback | Better Feedback |
|---|---|
| This is wrong. | This condition may fail when the marks value is null. Can we add validation before comparing? |
| Bad naming. | Can we rename x to totalMarks so the purpose is clearer? |
| Fix this. | This function is doing validation and saving together. Can we separate them into two functions? |
| Why did you do this? | Can you explain the reason for this approach? I want to understand the requirement better. |
Example: Code Review Comment
Code Submitted
FUNCTION calc(m)
IF m >= 40 THEN
RETURN "P"
ELSE
RETURN "F"
END IF
END FUNCTION
Review Feedback
Suggestion:
Can we rename calc to calculateResult and m to marks?
Also, returning "Pass" and "Fail" instead of "P" and "F"
will make the output more readable.
Improved Code
FUNCTION calculateResult(marks)
IF marks >= 40 THEN
RETURN "Pass"
ELSE
RETURN "Fail"
END IF
END FUNCTION
The improved code is easier to understand because names and outputs are clearer.
Code Review vs Testing
Code review and testing are both important, but they are not the same.
| Code Review | Testing |
|---|---|
| Humans inspect the code. | Code is executed to check behavior. |
| Can find readability, design, logic, and maintainability issues. | Finds behavior mismatches between expected and actual results. |
| Does not replace testing. | Does not replace human review. |
| Useful before merging code. | Useful before and after code changes. |
Automated Checks in Code Review
Automated tools can support code review by checking common issues before human review.
Automated Checks May Include:
- Formatting check
- Linting
- Unit tests
- Build verification
- Code coverage
- Static analysis
- Security scanning
Automated checks help reviewers focus more on logic, design, and maintainability instead of only style issues.
Keep Code Reviews Small
Small and focused code reviews are easier to understand and more effective.
Large reviews are harder to inspect properly and may cause reviewers to miss important issues.
Large Review Problems
- Too many files changed.
- Reviewer loses focus.
- Feedback becomes slower.
- Bugs may be missed.
- Merge conflicts become more likely.
Small Review Advantages
- Easy to understand.
- Faster to review.
- Better feedback quality.
- Lower risk of hidden bugs.
- Easier to test and merge.
Security in Code Review
Code review should also consider security risks.
Security Review Questions
- Is user input validated?
- Is sensitive data protected?
- Are passwords, tokens, or secrets exposed?
- Is proper authentication checked?
- Is proper authorization checked?
- Are error messages safe and not revealing sensitive details?
- Are logs avoiding private information?
Student-Friendly Example: Grade Calculator Review
Requirement:
Create a function that returns grade based on marks.
Review Checklist:
- Does the function handle marks below 0?
- Does the function handle marks above 100?
- Are boundary values checked?
- Are names meaningful?
- Is the code readable?
- Are test cases written for 40, 60, 75, 90?
- Are invalid inputs handled clearly?
Real-World Example: E-Commerce Checkout Review
| Review Area | Example Question |
|---|---|
| Business Logic | Is discount applied before or after tax according to business rules? |
| Validation | What happens if quantity is zero or negative? |
| Security | Is payment-related data handled safely? |
| Error Handling | Does checkout show a clear error if payment fails? |
| Testing | Are tests added for valid coupon, invalid coupon, and expired coupon? |
| Maintainability | Is price calculation separated into reusable functions? |
Best Practices for Code Review
Recommended Practices
- Keep code changes small and focused.
- Review your own code before requesting review.
- Write clear pull request titles and descriptions.
- Run tests before submitting code.
- Use automated checks for formatting and basic issues.
- Focus human review on logic, design, risk, and maintainability.
- Give respectful and specific feedback.
- Ask questions instead of assuming mistakes.
- Explain why a change is requested.
- Do not approve code that you do not understand.
- Use team coding standards as the review reference.
- Remember that review is about the code, not the person.
Common Beginner Mistakes
Mistakes
- Taking code review feedback personally.
- Submitting very large pull requests.
- Not testing code before review.
- Writing unclear pull request descriptions.
- Reviewing only formatting and ignoring logic.
- Giving vague feedback like “fix this”.
- Approving code without understanding it.
- Ignoring security and edge cases.
Better Habits
- Treat feedback as learning.
- Keep changes small and focused.
- Run tests before requesting review.
- Explain the purpose of the change clearly.
- Review correctness, readability, testing, and maintainability.
- Give specific and respectful feedback.
- Ask questions when unsure.
- Check edge cases and security concerns.
Prerequisites Before Learning Code Review
Students should understand the following topics before learning code review deeply:
Required Knowledge
- Basic programming syntax.
- Functions and methods.
- Code readability.
- Naming conventions.
- Clean code basics.
- Testing basics.
- Unit testing introduction.
- Version control basics.
- Basic debugging concepts.
Trace Table Example: Code Review Process
| Step | Activity | Result |
|---|---|---|
| 1 | Developer completes code change. | Feature or bug fix is ready for review. |
| 2 | Developer runs tests. | Basic issues are caught before review. |
| 3 | Pull request is created. | Reviewer can inspect the changes. |
| 4 | Reviewer checks code and gives comments. | Possible improvements are identified. |
| 5 | Developer updates code. | Review feedback is addressed. |
| 6 | Reviewer approves. | Code can be merged safely. |
Practice Activity: Review the Code
Review the following pseudocode and suggest improvements.
FUNCTION calc(m)
IF m >= 40 THEN
RETURN "P"
ELSE
RETURN "F"
END IF
END FUNCTION
Sample Review Suggestions
1. Rename calc to calculateResult.
2. Rename m to marks.
3. Return "Pass" and "Fail" instead of "P" and "F".
4. Add validation for marks below 0 or above 100.
5. Add unit tests for 40, 39, 0, 100, and invalid values.
Improved Version
FUNCTION calculateResult(marks)
IF marks < 0 OR marks > 100 THEN
RETURN "Invalid marks"
ELSE IF marks >= 40 THEN
RETURN "Pass"
ELSE
RETURN "Fail"
END IF
END FUNCTION
Mini Quiz
What is code review?
Code review is the process of examining code changes before they are merged into the main codebase.
Why is code review important?
It helps catch bugs early, improve readability, maintain standards, share knowledge, and improve software quality.
Who reviews code?
Usually another developer or team member reviews the code. Automated tools may also support the review.
What should reviewers focus on?
Reviewers should focus on correctness, readability, maintainability, testing, edge cases, security, and consistency.
What is a pull request?
A pull request is a request to merge code changes from one branch into another after review.
Interview Questions on Code Review Basics
What is the purpose of code review?
The purpose of code review is to improve code quality, catch problems early, maintain standards, and share knowledge across the team.
What is the difference between code review and testing?
Code review is human inspection of code, while testing executes code to verify behavior against expected results.
Why should pull requests be small?
Small pull requests are easier to understand, faster to review, and less likely to hide bugs.
How should feedback be given in code review?
Feedback should be specific, respectful, constructive, and focused on improving the code.
What are common code review mistakes?
Common mistakes include reviewing too late, submitting large changes, giving vague feedback, focusing only on style, and approving code without understanding it.
Quick Summary
| Concept | Meaning |
|---|---|
| Code Review | Examining code changes before merging. |
| Reviewer | Person who checks the code and gives feedback. |
| Code Author | Person who writes and submits the code. |
| Pull Request | A request to merge code changes after review. |
| Constructive Feedback | Helpful feedback focused on improving code. |
| Automated Checks | Tools that check formatting, tests, build, and quality issues. |
| Small Review | A focused review with limited and related changes. |
| Shared Ownership | Team responsibility for maintaining code quality. |
Final Takeaway
Code review is a professional software development practice where developers inspect code changes before merging them. It helps catch bugs early, improve readability, enforce standards, strengthen security, and share knowledge across the team. Good reviews are small, focused, respectful, and constructive. Students should remember that code review is not criticism of a person; it is collaboration to make the software better.