Code Review Checklist

The Code Review Checklist is another tool for the development team to use to ensure the completeness of their code reviews.

The Code Review Checklist is another tool for the development team to use to ensure the completeness of their code reviews. In order to help expedite testing, QA Mentor requires this document to be completed prior to accepting a code delivery. If desired, our team of professionals can help organize and facilitate code review meetings in order to complete it.

By using this list, reviewers can more easily reveal gaps and issues that could have led to more costly fixes later on. Many defects can be eliminated altogether at this stage where it is far less expensive to fix them.

The checklist is designed to be completed for each module, or unit. It is divided into difference areas for review, for ease of understanding and to help focus code review meetings. Some of the areas are listed below:

Application Security

This reminds developers to handle buffer overruns, mask or remove any internal resource references, and verifying server-side validity checks to coincide with client-side ones.  Often overlooked security items such as session information, transaction controls, developer back-doors, and hard-coded passwords are questioned.

Error Handling

This area is looked at to help ensure safe and user-friendly end-user experiences by questioning function caller notifications, assertions, and exception handling. It’s also important not to give too much information in errors, so that is examined as well.

Performance

Since this is always a concern, our checklist identifies some key areas that need to be reviewed, such as recursive functions, duplicated objects, system call blocks, and busy waits.

Resource Leaks

Resource leaks can cause also contribute to performance issues, so the checklist includes questions regarding the freeing of allocated memory and objects, and tracking reference counts.

Thread Safeness

This section helps identify the safety of global variables and any deadlock risks.

Functions

These certainly aren’t left out, and are reviewed to check parameter verification, out-of-bound indexes, and the initialization of variables.

Scroll Up