Code review is important in software development life cycle. It’s intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers’ skills.
To make code review more efficient and effective, offline code review is required so reviewer can take time to navigate through the code and check from the high-level structure to low-level implementation.
Here is the checklist that can be used for code review
- Check project structure (conform to your company’s standard)
- Code Design
a. What Design Patterns are used
b. What Data structure are used
c. Following the best practice
- Error handling
- Potential resource leaks?
a. like database/http connection not closed after use,
b. memory not released after use
- Thread safeness?
a. Thread A shouldn’t modify thread B’s data,
b. Deadlock or lock contention?
- Control structure (Are loop ending conditions accurate? No unintended infinite loops?)
a. Are there unnecessary repeated calls,
b. recursive functions run within a reasonable amount of stack space
- Conform to Coding conventions
a. Naming convention
b. Formatting rules: Layout, Indentation?
- Code reuse (any code if used more than once, write a function/procedure)
- Boundary checking
a. input parameter explicitly checked for nullity or emptiness
b. no out-of-bound indexes when accessing array or list
a. Format string exploits, race conditions, buffer overflows
b. SQL injection
c. Cross site scripting
- Unit test coverage
Additionally, specific tools for collaborative code review can facilitate the code review process. Last but not least, follow-up review is recommended to make sure review feedback is built into the code.