大家好,又见面了,我是你们的朋友全栈君。如果您正在找激活码,请点击查看最新教程,关注关注公众号 “全栈程序员社区” 获取激活教程,可能之前旧版本教程已经失效.最新Idea2022.1教程亲测有效,一键激活。
Jetbrains全系列IDE使用 1年只要46元 售后保障 童叟无欺
1. 定义:
Code review is systematic examination (often known as peer review) of computer source code. It is intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers’ skills. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections。
2. 介绍
Code reviews can often find and remove common vulnerabilities such as format string exploits, race conditions, memory leaks and buffer overflows, thereby improving software security. Online software repositories based on Subversion (with Redmine or Trac), Mercurial, Git or others allow groups of individuals to collaboratively review code. Additionally, specific tools for collaborative code review can facilitate the code review process.
Automated code reviewing software lessens the task of reviewing large chunks of code on the developer by systematically checking source code for known vulnerabilities. A 2012 study by VDC Research reports that 17.6% of the embedded software engineers surveyed currently use automated tools for peer code review and 23.7% expect to use them within 2 years.[2]
Capers Jones’ ongoing analysis of over 12,000 software development projects showed that the latent defect discovery rate of formal inspection is in the 60-65% range.[ambiguous] For informal inspection, the figure is less than 50%.[citation needed] The latent defect discovery rate for most forms of testing is about 30%.[3]
Typical code review rates are about 150 lines of code per hour. Inspecting and reviewing more than a few hundred lines of code per hour for critical software (such as safety critical embedded software) may be too fast to find errors.[4][5] Industry data indicates that code reviews can accomplish at most an 85% defect removal rate with an average rate of about 65%.[6]
The types of defects detected in code reviews have also been studied. Based on empirical evidence it seems that up to 75% of code review defects affect software evolvability rather than functionality making code reviews an excellent tool for software companies with long product or system life cycles
3.分类:
Code review practices fall into three main categories: pair programming, formal code review and lightweight code review.[1]
Formal code review, such as a Fagan inspection, involves a careful and detailed process with multiple participants and multiple phases. Formal code reviews are the traditional method of review, in which software developers attend a series of meetings and review code line by line, usually using printed copies of the material. Formal inspections are extremely thorough and have been proven effective at finding defects in the code under review.[citation needed]
Lightweight code review typically requires less overhead than formal code inspections, though it can be equally effective when done properly.[citation needed]Lightweight reviews are often conducted as part of the normal development process:
- Over-the-shoulder – One developer looks over the author’s shoulder as the latter walks through the code.
- Email pass-around – Source code management system emails code to reviewers automatically after checkin is made.
- Pair Programming – Two authors develop code together at the same workstation, such is common in Extreme Programming.
- Tool-assisted code review – Authors and reviewers use specialized tools designed for peer code review.
Some of these may also be labeled a “Walkthrough” (informal) or “Critique” (fast and informal).
Many teams that eschew traditional, formal code review use one of the above forms of lightweight review as part of their normal development process. A code review case study published in the book Best Kept Secrets of Peer Code Review found that lightweight reviews uncovered as many bugs as formal reviews, but were faster and more cost-effective.
4.常见的code-review tool
开源软件:
- Gerrit, forked from Rietveld.Used by the Android project.
- Differential, part of the Phabricator suite originally developed by Facebook‘s Developer Tools team.Used by the LLVM family of projects.
- Review Board
- Rietveld, a tool adapted from an internal Google project, Mondrian, for code reviews.
比较:
| Software | Maintainer | Development status | License | VCS supported | Platforms supported | Workflow | Cost |
|---|---|---|---|---|---|---|---|
| Differential (Phabricator) | phabricator.org | actively developed | Apache v2 | Subversion, Git, Mercurial | PHP | pre-commit, post-commit | Free |
| Gerrit | Shawn Pearce | actively developed | Apache v2 | Git | Java EE | pre-commit | Free |
| Review Board | reviewboard.org | actively developed | MIT | CVS, Subversion, Git, Mercurial, Bazaar, Perforce, ClearCase, Plastic SCM | Python | mainly pre-commit | Free |
| Rietveld | Guido van Rossum | actively developed | Apache v2 | Git, Subversion | Python | pre-commit | Free |
reference:
http://en.wikipedia.org/wiki/Code_review
http://en.wikipedia.org/wiki/List_of_tools_for_code_review
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/167312.html原文链接:https://javaforall.net
