Welcome!

Microsoft Cloud Authors: Janakiram MSV, Yeshim Deniz, David H Deans, Andreas Grabner, Stackify Blog

Related Topics: Microsoft Cloud, Agile Computing

Microsoft Cloud: Article

Best Practices for .NET Code Review | @CloudExpo #Cloud

Code review is a set of systematic examination measures used to critique computer code

It is a human nature to make mistakes, but mistakes in source code can lead to expensive consecutive mistakes if not fixed in time. Unfortunately, black box testing often cannot fully cover software. And even if it does, fixing a bug found by QA is at least two times as expensive as fixing it before issuing a build. Performance bottlenecks, security, scalability and reliability issues should be identified as early as possible. This is where code review comes in.

Code review, which is also known sometimes as peer review, is a set of systematic examination measures used to critique computer code with the objective of finding and fixing bugs early in the development stage in order to develop high quality software and perfect skills of developers for future projects.

Carrying out regular code reviews has the advantages of saving money and time, having to fix fewer errors per line of code, using highly decreased development resources while increasing productivity and enjoying software that is 90 percent defect free.

Being aware of best practices for .NET code review is necessary to make the software development process as efficient as possible and deliver quality products in time and on budget. Even though it is impossible to enumerate all of the best practices here, we have included those that are absolutely indispensable. So here are top five best practices for .NET code review:

1. Present project implementation ideas to developers prior to development. It is important for developers to understand how to do the task if the solution is ready-made, or know where to look for such a solution if finding it is part of the task. In the latter case, the process of communication between developers and technical leads becomes vital for the final decision to be the most efficient.

2. Create and follow a code review checklist. This checklist should help enumerate and analyze the specific aspects of what reviewers should pay attention to in order to make the code reviewing process as efficient as possible. Obviously, each project is different and will have its own specifications when it comes to the checklist, but as a general rule, it should ideally follow the outline of coding standards documents. When drafting a checklist, each developer should also examine their strengths and weaknesses and pay extra attention to the areas where they can be more vulnerable. Following is a sample code review checklist that covers the main areas necessary for review:

a) Does the code work as expected? The assumption is that the code works, but often it turns out that the code does not work as the customer would expect.

b)  Are there any warnings generated by a static code analysis tool? Such tools can check for a lot of guidelines enforcements, and their reports should not be missed.

c) Are comments correct? Comments should be correct and not outdated. Otherwise, they will confuse team members. At the same time, comments should be meaningful and present only where absolutely needed.

d) Are there necessary checks for null values? If a variable or input parameter is not supposed to be null, the null check should throw an exception. Otherwise, there should be an alternative if-statement for the null value.

e) Are there necessary checks for invalid values in enumerables? If there is a switch or an if-statement checking enumerable string values or an enum, default or else operator most often should always consider the invalid values, not the other non-mentioned, valid ones.

f) Are custom exceptions correctly declared? Each custom exception should be inherited from the ApplicationException class and should implement at least two constructors: with string and (string, Exception) parameters. If throwing an exception with an empty message is allowed, two more constructors should be implemented: () and (Exception).

g) Are exceptions correctly handled? Generic exceptions should never be suppressed (at least without logging). However, if exceptions are logged, duplicate logging should be avoided as well.

h) If code may be called by multiple threads, is it thread safe? Checking for thread safety is vital, because such errors are hard to track down, and it is easier to avoid them early rather than fix them later.

i) Is the code secure? Security issues can hardly be covered by QA or unit tests, but they are certainly important. For example, if there is a method that is supposed to be called by administrators only, it is better to restrict the method itself, even if the respective action is available only to administrators in the user interface.

j) Are unmanaged or IO resources correctly disposed of? Resources that are not disposed of can cause unexpected crashes or memory leaks. Each such resource should be disposed of correctly after using.

k) Are the most effective algorithms used? Common mistakes include:

  • Using IList instead of IDictionary or Hashtable leads to unnecessary O(n2) complexity instead of O(n).
  • Using multiple consecutive string concatenations instead of StringBuilder or String. The format increases complexity as well as memory usage.
  • Unnecessary web service calls can slow down the application considerably.

l) Are string comparisons correct? Using case sensitive comparisons instead of case insensitive ones in some cases (for example, file names comparisons) can cause errors that are hard to detect. Ideally, each string comparison in the code should be reviewed.

m)  Are the classes, methods, properties and variables named correctly? A static code analysis tool will check naming conventions, but often it is possible to come up with better names.

n)  Is unit tests coverage good enough? Unit tests should be reviewed as well. The same checklist as above can be followed.

3. Use automated tools for code review. Automation is essential for code quality, first of all, to eliminate the necessity for routine checks (saving time spent on reviews by skipping descriptions of incorrect formatting and naming), and secondly, for enforcing code guidelines without the reviewer assuming the role of a strict professor worried about every misplaced comma. Automation takes subjective opinions out of the equation and serves as a neutral and impartial force.

The most popular static code analysis tools for .NET are SonarQube and FxCop. They can check for dozens of code guideline enforcements such as:

  • Classes, methods and variables naming conventions,
  • Empty classes or methods,
  • Unnecessary parentheses,
  • Correct classes and methods declarations,
  • Access modifiers, etc.

4. Hold regular discussions of the main review results. Best development practices and how they can be implemented should be communicated to developers on a regular basis using an example of well-written code (with a focus on successful solutions in particular), rather than targeting specific errors of individual developers (which can negatively influence the atmosphere in the team). Good communication between all project participants (including clients and stakeholders, if necessary, as well as managers and testers) is a vital aspect of being on the same page in terms of code quality. Being patient with team members who don't boast extensive technical backgrounds and speaking their language brings the team closer and ensures better quality of the end product. Team members also learn from each other through a more profound understanding of the code base and can use that knowledge in subsequent projects, as well as project support.

Holding regular meetings and discussions may also have the following benefits:

  • Consistency of design and implementation throughout the project,
  • A common knowledge database where project data is stored may help bring new team members on board when others become unavailable,
  • Walking in the shoes of another team member helps see the product more objectively, and a person looking at a piece of code for the first time may have a fresh perspective,
  • Being recognized by peers boosts morale in the team and motivates developers to code better,
  • Teams become closer by interacting on a more personal level and working together toward a common goal.

5. Don't take mistakes and problems personally. Even though making mistakes is a natural part of writing code, they are too costly, and are therefore always considered the ‘enemy.' But just like failure is an intrinsic part of success, mistakes are acceptable (and they will happen on every project, with every developer) as long as they don't end up in the product that's already gone into production, costing investors money and developers their reputation.

It may be helpful for developers to remember that the whole objective of code review is to find issues with code. No matter how excellent their product is, code review is not targeted at praising their coding prowess, but at finding loopholes in it. It is best to look at the process this way: finding mistakes improves code; it doesn't critique its creator. Learning from mistakes and sharing that knowledge with others is what developers should be taking out of the whole process.

Another sometimes painful aspect of code review is encountering developers who are more advanced and better skilled. The trick is to not view them as rivals but to learn from them. When conducting regular reviews, it is important to be diplomatic and not forget that praise is critical for all creative professionals (and developers are creatives, no doubt about that), and that criticisms and notes go down better with a bit of recognition of the skills that enabled the developer to write the code in the first place.

Carrying out .NET code review on a regular basis may help keep development quality at the designated level of excellence, develop high quality defect-free software, comply with industry standards and share knowhow between developers. Recognizing and following best practices in .NET code review can enable all parties involved in software product development to bring their efforts to perfection and centralize the latest knowledge in their niche.

More Stories By Aleksei Gavrilenko

Aleksei Gavrilenko is a senior developer with Itransition. He joined Itransition in 2005 as a software developer. Currently, he holds a position of the technical lead for a large ASP.NET project for automating key project document management and control procedures in industry-leading engineering and utilities companies worldwide. His areas of interest are .NET, Enterprise Content Management, performance tuning, software design and architecture. Aleksei received a master’s degree in computer science from Belarusian State University in 2007.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
SYS-CON Events announced today that App2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. App2Cloud is an online Platform, specializing in migrating legacy applications to any Cloud Providers (AWS, Azure, Google Cloud).
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, will introduce two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a mu...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
Mobile device usage has increased exponentially during the past several years, as consumers rely on handhelds for everything from news and weather to banking and purchases. What can we expect in the next few years? The way in which we interact with our devices will fundamentally change, as businesses leverage Artificial Intelligence. We already see this taking shape as businesses leverage AI for cost savings and customer responsiveness. This trend will continue, as AI is used for more sophistica...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SS...
SYS-CON Events announced today that Akvelon will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Akvelon is a business and technology consulting firm that specializes in applying cutting-edge technology to problems in fields as diverse as mobile technology, sports technology, finance, and healthcare.
SYS-CON Events announced today that TechTarget has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget storage websites are the best online information resource for news, tips and expert advice for the storage, backup and disaster recovery markets.
Real IoT production deployments running at scale are collecting sensor data from hundreds / thousands / millions of devices. The goal is to take business-critical actions on the real-time data and find insights from stored datasets. In his session at @ThingsExpo, John Walicki, Watson IoT Developer Advocate at IBM Cloud, will provide a fast-paced developer journey that follows the IoT sensor data from generation, to edge gateway, to edge analytics, to encryption, to the IBM Bluemix cloud, to Wa...
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we've...
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, will present a step-by-step plan to develop your technology implementation strategy. He will discuss the evaluation of communication standards and IoT messaging protocols, dat...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
SYS-CON Events announced today that App2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. App2Cloud is an online Platform, specializing in migrating legacy applications to any Cloud Providers (AWS, Azure, Google Cloud).
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.