Thoughts on Code review

Code reviews are great. They should be done fairly early in the process to
catch bugs early before they propagate. (In your case, it sounds like you
can't but they will help even later in the game.)

If your project was just starting, I advocate one early in the process
(third of the way through) and one later (two-thirds to three-quarters).

Many studies have been done that show code reviews greatly improve software
quality and time to market. (See "Rapid Development" by Steve Connell)

Great way to exchange knowledge, both from the reviewers perspective as well
as the reviewee.

Always remember to be respectful to the coder.

"Arvie" <ar******@yahoo.com> wrote in message
news:69**************************@posting.google.c om...

I need some advice guys.. I am proposing that we get someone to do a
complete audit/review of our Java application codebase, about 1000
JSPs/Servlets and 100 EJBs. If I get firms to submit proposals, what
should I be asking /looking out for? I realise that running the
applications through a migration tool will help but I am looking for a
more through analysis of the actual codebase as well as assessment of
the architecture

Thanks

Arvie

I did not use to be a fan of code reviews because the code review
checklist focused on coding style rather than finding logic errors in
the code. But after modifying the checklist to include common coding
errors and to make sure that code naming standards follow industry
standards I have become a fan of code reviews. We perform a 2 level
code review, the first is done by the software engineer who wrote the
code, the second is done by fellow team members.

Since you are proposing to review existing codebase you must ask
yourself the following questions.

1. Will code be rewritten based on the audit?

2. What kind of things are you looking for in the review? ie naming
standards, logic errors, code documentation etc.

Code reviews are most effective if they are done early in the
development cycle. We had one application that did not follow the
design pattern of the other applications and it is more difficult for
another program to maintain. An early code review would have caught
this and the application probably would have followed a similiar
design as the others.

Michael
ar******@yahoo.com (Arvie) wrote in message news:<69**************************@posting.google. com>...

I need some advice guys.. I am proposing that we get someone to do a
complete audit/review of our Java application codebase, about 1000
JSPs/Servlets and 100 EJBs. If I get firms to submit proposals, what
should I be asking /looking out for? I realise that running the
applications through a migration tool will help but I am looking for a
more through analysis of the actual codebase as well as assessment of
the architecture

Thanks

Arvie

For the codebase the best approach (IMHO) is:

1. a relatively informal review of ALL the code, with the focus on:
- adherence to coding standards (or better still, use a decent IDE and
beautifier)
- defect spotting

2. an in-depth inspection *sampling* various aspects of the
application, i.e. choose a representative component from each tier
(say a JSP, an EJB, a DAO, XML schema, database table, etc depending
on your architecture) and inspect those. This will give you some
defect stats that you can extrapolate across the entire system.

There's tons of case studies out there concerning inspections, but the
focussed sampling technique is extremely useful. Have a search for
Gilb, Fagan, etc.

- chris