DR.

MICHAELA GREILER

CODE REVIEWS
WWW.MICHAELAGREILER,COM
CONTENT

03
ABOUT DR. GREILER

04
CODE REVIEW
WORKSHOP

05
CODE REVIEW STUDY

09
CODE REVIEW
BEST PRACTICES

10
CODE REVIEWS AT
MICROSOFT

11
CODE REVIEWS AT
GOOGLE
CONTENT

12
MOTIVATIONS FOR
CODE REVIEWS

13
CODE REVIEW
PITFALLS

14
CODE REVIEW
TOOL NEEDS

15
CODE REVIEW
CHECKLIST - PROCESS

16
CODE REVIEW
CHECKLIST - CODE
Hi, I'm Dr. Michaela Greiler
I help companies and teams to implement

world-class software engineering

practices to ensure they build high-quality

software in an efficient and effective way.

I worked for corporations such as

Microsoft and Flextronics. But, I also help

smaller businesses and start-ups to ensure

a productive, satisfying and efficient

software engineering process.

The most well-known engineering teams I

worked with have been Office, Visual

Studio and Windows. I helped them

increase velocity and quality during

software development.

Dr. Michaela Greiler

DO YOU WANT TO BOOST YOUR

SOFTWARE ENGINEERING PRACTICE?
Book me as consultant, keynote speaker

or trainer.

Click for more information

WWW.MICHAELAGREILER.COM
 MAKE

CODE REVIEWS
YOUR

SUPERPOWER
This highly interactive full-day workshop is designed to give
you superpowers through your boosted code review practice.

After this workshop you know

proven code review best practices from leading software companies
such as Microsoft, Google, or Facebook,
how to boost productivity and decrease review turn-around time,
best ways to use code reviews for mentoring and knowledge sharing,
how to give and get valuable code review feedback,
friction and bottlenecks of your and your team's practices,
and solution approaches to overcome those problems.

The workshop is led by Dr. Michaela Greiler, who is an expert in the

field of code reviews. She works at Microsoft, where she conducted
multiple large-scale studies on code reviews, and published her findings
in highly reputable scientific publications. She leads product teams such
as Office, Windows and Visual Studio to improved and optimized
engineering processes.

This training is for you if you

already successfully practice code reviews and want to make them your
superpower.
experience code review pitfalls such as slow code review turn-around
times, low feedback quality, unclear review guidelines, and want
improvements.
haven't started with code reviews, but want learn how to best make use
of this practice.

Learn more here!

 DR. MICHAELA GREILER

CODE REVIEW
STUDY
At Microsoft, we conducted a study to This report highlights some of the
understand developers' needs and best outcomes of this in-depth study.
practices during code reviewing.
The observations, interviews and survey
For this large-scale study, surveyed helped us to get a very clear
more than 900 developers. This survey understanding of the challenges
was a follow-up from interviews and software engineers face when
observations we did with 18 developers conducting code reviews.
from 4 different projects.
We also distilled several best practices
Especially this combination of that can help teams to be more
quantitativ results of hundreds of productive and get the most value from
developers with the qualitative and in- code reviewing.
depth findings from sitting with teams
for over one week to observe and To learn more about this study:
understand their code review activities Code Review Study
in detail, is a very powerful one.

WWW.MICHAELAGREILER.COM PAGE 05
 DR. MICHAELA GREILER

SURVEY FOCUS
In our survey at Microsoft, we asked over 900 engineers about their
demographics, their team policies and of course which review
tools they use.

We also asked them about their motivation for code reviews, and
the challenges they face.

Finally, we asked them concrete questions on their reviewing steps

and also inquired about a number of personal issues based on
code review activities.

Here are some results:

SURVEY DEMOGRAPHICS

75%
of respondents are software
engineers or senior software
engineers

25%
are either managers in
technical roles or product
managers

WWW.MICHAELAGREILER.COM PAGE 06
 DR. MICHAELA GREILER

HOW OFTEN DO YOU

REVIEW CODE?

39% 21%
indicate to review changes of of the respondents review
others at least once a day. multiple changes per day.

36% 13%
review code at a couple of times either review once per week or
per week do not participate in code
reviews in the last week

WWW.MICHAELAGREILER.COM PAGE 07
 DR. MICHAELA GREILER

MOTIVATIONS
The most important
reasons for developers to
do code reviews are:

to improve the code,

to find defects,
to transfer
knowledge about the code,
and to find alternative
solutions.

CODE REVIEW
MOTIVATION Code improvements

Many developers expressed their Find defects

motivations to do and the benefits they
get from code reviews in the free text
Increase knowledge transfer
field.

Find alternative solutions

A large number of the developers
mentioned that teaching and
mentoring junior developers is one of Improve development process
the key reasons to engage in code
reviewing. Avoid breaking builds

Another often expressed motivation is Build team awareness

self-improvement and learning.

Lead to shared code ownership

Finally, many engineers mentioned that
code reviews allow the team to develop
a coding culture, to develop best Team assessment
practices and to ensure a high quality 0 1,000 2,000 3,000
of their code.

WWW.MICHAELAGREILER.COM PAGE 08
 Code Review
Best Practices
Code Author
Read through the changes

carefully before submitting the

Code Reviewer
code review

Aim for small, incremental changes

Cluster related changes

Give respectful and constructive

Describe the purpose and

feedback  

motivation of the change

Go and talk in person if

Run tests before submitting a code

necessary

review
Ensure traceability for decisions

Automate what can be automated

Always explain why you rejected

Skip unnecessary reviews

a change

Do not select too many reviewers

Integrate code review into your

Add experienced reviewers if you

daily routine

need them
Reduce task switching as it kills

Add junior developers to let them

productivity

learn
Give feedback in a timely manner

Notify people that benefit from this

Review frequently not in a big

review
bang fashion

Don't notify too many people

Focus on core issues, less nit-

Give reviewers a heads-up before

picking

the review
Use a review checklists

Be open to suggested changes

Show respect and gratitude to the

reviewers

Read more about Code Review Best Practices here.

www.michaelagreiler.com
 DR. MICHAELA GREILER

CODE REVIEWS AT
MICROSOFT

Code reviews at Microsoft are an But how does a developer

integral part of the development typically do code reviews?

process
Code reviews can be performed in

One of the important facts when it comes many ways. Sometimes, it is as

to code reviews at Microsoft is that it is a informal as one developer walking

highly adopted engineering practice. over to another developer’s desk to

Thousands of engineers perceive it as a look at some code together. Other

great best practice. And most high- times, teams review code together in

performing teams spend a lot of time doing groups. But the most likely scenario

code reviews. you will encounter for code reviews at

Microsoft is that code reviews are

done with the help of tools.

A typical code review process

A tool-based code review starts when

the developer finished a piece of

code. As a first step, the

developer reads again carefully

through the code and then selects

reviewers. The reviewers give

comments on the code and the

developer works on those comments

and improves the code accordingly.

Once everybody is satisfied the code

is checked into the code base. 

Read more about Code Reviews at

Microsoft here.
PAGE 10

www.michaelagreiler.com
 DR. MICHAELA GREILER

CODE REVIEWS AT
GOOGLE

EVERY CODE CHANGE IS REVIEWED

75% of the code reviews are approved by

only one reviewer.

COMPANY-WIDE APROVAL CRITERIA

Approver needs ownership rights and

readability certificate

4 HOURS TO REVIEW COMPLETION

Small reviews are completed within one hour.

Large reviews within five hours.

SMALL AND FREQUENT REVIEWS

90% of all code changes comprise less

than 10 files and 24 lines of code.

Read more about Google's Code Review Practices here.

PAGE 11

www.michaelagreiler.com
 DR. MICHAELA GREILER

5 REASONS
GOOGLERS
REVIEW CODE

Accident
Education prevention
Mentoring, learning, Find bugs and defects,

knowledge disemination. ensure high quality code

Tracing &
STOP
Gatekeeping tracking
Prevent arbitrary code to Understanding evolution and

be committed, security why and how code changed

Readable Code
Maintaining norms, consistent style and
design, and having adequate tests

"In general, reviewers should favor approving a CL once it is in a state where

it definitely improves the overall code health of the system being worked on,

even if the CL isn’t perfect."

- Definition of Done for Reviews at Google

PAGE 12

www.michaelagreiler.com
 DR. MICHAELA GREILER

CODE REVIEW
PITFALLS

Waiting for code review feedback

is a pain

One of the main pitfalls code authors

face is to receive feedback in a timely

manner. Waiting for the comments to

come in and not being able to work on

Code reviewing isn’t always a smooth the code in the meanwhile can be a

huge problem. Even though developers

process
can pick up other tasks to work on, if
Knowing which code review pitfalls and
the code review takes too long, it
problems arise, can help you to ensure a
impacts the developer’s productivity
productive and effective code review
and also the developer’s satisfaction.
experience.

Not getting valuable feedback

During the code review process there are
decreases the developers’ benefit
quite a few pitfalls that can reduce the
from and motivation for code
positive experience with code reviews for
reviews
the whole team. If not done correctly, code

There are several reasons why

reviewing can also take its tolls on the

reviewers can’t give insightful

whole team’s productivity. So, let’s have a

feedback. Large code reviews, and

look at the difficulties and pitfalls of code

the developer not having the right

reviews.

expertise are common ones. Another

reason is if the reviewer hasn't enough

The two main types of code review pitfalls

time to look through the change. 

are about the time spent on code

reviewing, and the value code reviewing

provides.
Read all Code Review Pitfalls here.
PAGE 13
 DR. MICHAELA GREILER

WHAT "When selecting or

DEVELOPERS designing tools, it is
NEED WHEN important to carefully
CODE address trade-off, as tools
REVIEWING? shape the practices."
TOOL NEEDS AND OPPORTUNITIES
WHAT DEVELOPERS WANT:

Often code reviews are done with the

ease of use and tool performance
help of tools. In the early days, code
integration with other services and
reviews where done via emails. But
tools
since then, many code review tools
ability to edit and execute code
have been developed that support
during a review
collaboration and asynchronous code
support during describing a change
reviews.
to the reviewers
support of the review discussion for
In a large scale study with more than
note taking and documenting
900 engineers at Microsoft, we
support in notification and tracking
investigated which needs developer
of the code review life cycle
have with regards to code review tools.
support for informal
communications
WWW.MICHAELAGREILER.COM PAGE 14
 Code Review Checklist
Process
Code Author
Is the code okay?
Have you looked through the code

change carefully (using a diffing tool)? Code Reviewer

Is the code change small, incremental

and coherent?
How do I structure my work day?
Have you written a description about the When is a good time to do code

code change? reviews?

Have you tested and analyzed the the Have I set dedicated time aside to do

code change? code reviews?

Does this code need a review? How can I provide feedback in a

timely-manner?

Who should review? Do I have a code review checklist?

How many reviewers are needed?

Do I need experienced developers as How do I give valuable feedback?

reviewers?
What are the core issues?
Do junior developers need to learn?
Did I start nit-picking?
Who should be notified about the code
Is my feedback helpful and
change?
constructive?
Did I give people a heads-up that a
Am I using the right channel (tool, email,
change is coming?
video call or face-to-face) to give that

feedback?
How do I handle feedback? Did I communicate in a respectful way?

Am I emotionally prepared to be asked to Can this code change be accepted?

change the code? If I reject the change, did I explain why?

Did I tell reviewers how I have addressed Did I explain what the code author has

and fixed the issues? to do to get the code accepted?

Did I document the changes I made for

traceability?

Have I showed gratitude to the reviewers?

Read more about Code Review Best Practices here.

www.michaelagreiler.com
 Code Review Checklist
Code (1/3)
Implementation Dependencies
Does this code change do what it is If this change requires updates outside

supposed to do? of the code, like updating the

Can this solution be simplified? documentation, configuration, readme

Does this change add unwanted files, was this done?

compile-time or run-time Might this change have any

dependencies? ramifications for other parts of the

Was a framework, API, library, service system, backward compatibility?

used that should not be used?

Was a framework, API, library, service Security and Data Privacy

not used that could improve the
Does this code open the software
solution?
for security vulnerabilities?
Is the code at the right abstraction
Are authorization and
level?
authentication handled in the right
Is the code modular enough?
way?
Would you have solved the problem in a
Is sensitive data like user data,
different way that is substantially
credit card information securely
better in terms of the code’s
handled and stored?
maintainability, readability,
Is the right encryption used?
performance, security?
Does this code change reveal some
Does similar functionality already exist
secret information like keys,
in the codebase? If so, why isn’t this
passwords, or usernames?
functionality reused?
If code deals with user input, does it
Are there any best practices, design
address security vulnerabilities such
patterns or language-specific patterns
as cross-site scripting, SQL injection,
that could substantially improve this
does it do input sanitization and
code?
validation?Is data retrieved from
Does this code follow Object-Oriented
external APIs or libraries checked
Analysis and Design Principles, like the
accordingly?
Single Responsibility Principle, Open-

close Principle, Liskov Substitution

Principle, Interface Segregation,

Dependency Injection?

www.michaelagreiler.com
 Code Review Checklist
Code (2/3)

Logic Errors and Bugs Readability

Can you think of any use case in which Was the code easy to understand?

the code does not behave as intended? Which parts were confusing to you and

Can you think of any inputs or external why?

events that could break the code? Can the readability of the code be

improved by smaller methods?

Error Handling and Logging Can the readability of the code be

improved by different function/method or

Is error handling done the correct way?
variable names?
Should any logging or debugging
Is the code located in the right
information be added or removed?
file/folder/package?
Are error messages user-friendly?
Do you think certain methods should be
Are there enough log events and are
restructured to have a more intuitive
they written in a way that allows for
control flow?
easy debugging?
Is the data flow understandable?

Are there redundant comments?

Testing and Testability Could some comments convey the

Is the code testable? message better?

Does it have enough automated tests Would more comments make the code

(unit/integration/system tests)? more understandable?

Do the existing tests reasonably cover Could some comments be removed by

the code change? making the code itself more readable?

Are there some test cases, input or Is there any commented out code?

edge cases that should be tested in

addition?

www.michaelagreiler.com
 Code Review Checklist
Code (3/3)
Usability and Accessibility Experts Opinion
Is the proposed solution well Do you think a specific expert, like a

designed from a usability security expert or a usability expert,

perspective? should look over the code before it can

Is the API well documented? be committed?

Is the proposed solution (UI) Will this code change impact different

accessible? teams? Should they have a say on the

Is the API/UI intuitive to use? change as well?

Performance
Do you think this code change will
Find more at michaelagreiler.com
Code Review Best Practices
impact system performance in a
Code Review Pitfalls
negative way?
Code Reviews at Microsoft
Do you see any potential to improve
Code Reviews at Google
the performance of the code?

Read more about Code Review Checklists here.

www.michaelagreiler.com
Get 10% off my
workshop on
code review
Book a free appointment

Or send an inquiry to [email protected]

YOUR TECH PODCAST

Software Engineering
UNLOCKED

WWW.SE-UNLOCKED.COM
FIND IT ON ITUNES, SPOTIFY AND MANY MORE