Welcome!

Microsoft Cloud Authors: Yeshim Deniz, Janakiram MSV, Andreas Grabner, Stackify Blog, Liz McMillan

Related Topics: Microsoft Cloud, Agile Computing

Microsoft Cloud: Article

Best Practices for .NET Code Review | @CloudExpo #Cloud

Code review is a set of systematic examination measures used to critique computer code

It is a human nature to make mistakes, but mistakes in source code can lead to expensive consecutive mistakes if not fixed in time. Unfortunately, black box testing often cannot fully cover software. And even if it does, fixing a bug found by QA is at least two times as expensive as fixing it before issuing a build. Performance bottlenecks, security, scalability and reliability issues should be identified as early as possible. This is where code review comes in.

Code review, which is also known sometimes as peer review, is a set of systematic examination measures used to critique computer code with the objective of finding and fixing bugs early in the development stage in order to develop high quality software and perfect skills of developers for future projects.

Carrying out regular code reviews has the advantages of saving money and time, having to fix fewer errors per line of code, using highly decreased development resources while increasing productivity and enjoying software that is 90 percent defect free.

Being aware of best practices for .NET code review is necessary to make the software development process as efficient as possible and deliver quality products in time and on budget. Even though it is impossible to enumerate all of the best practices here, we have included those that are absolutely indispensable. So here are top five best practices for .NET code review:

1. Present project implementation ideas to developers prior to development. It is important for developers to understand how to do the task if the solution is ready-made, or know where to look for such a solution if finding it is part of the task. In the latter case, the process of communication between developers and technical leads becomes vital for the final decision to be the most efficient.

2. Create and follow a code review checklist. This checklist should help enumerate and analyze the specific aspects of what reviewers should pay attention to in order to make the code reviewing process as efficient as possible. Obviously, each project is different and will have its own specifications when it comes to the checklist, but as a general rule, it should ideally follow the outline of coding standards documents. When drafting a checklist, each developer should also examine their strengths and weaknesses and pay extra attention to the areas where they can be more vulnerable. Following is a sample code review checklist that covers the main areas necessary for review:

a) Does the code work as expected? The assumption is that the code works, but often it turns out that the code does not work as the customer would expect.

b)  Are there any warnings generated by a static code analysis tool? Such tools can check for a lot of guidelines enforcements, and their reports should not be missed.

c) Are comments correct? Comments should be correct and not outdated. Otherwise, they will confuse team members. At the same time, comments should be meaningful and present only where absolutely needed.

d) Are there necessary checks for null values? If a variable or input parameter is not supposed to be null, the null check should throw an exception. Otherwise, there should be an alternative if-statement for the null value.

e) Are there necessary checks for invalid values in enumerables? If there is a switch or an if-statement checking enumerable string values or an enum, default or else operator most often should always consider the invalid values, not the other non-mentioned, valid ones.

f) Are custom exceptions correctly declared? Each custom exception should be inherited from the ApplicationException class and should implement at least two constructors: with string and (string, Exception) parameters. If throwing an exception with an empty message is allowed, two more constructors should be implemented: () and (Exception).

g) Are exceptions correctly handled? Generic exceptions should never be suppressed (at least without logging). However, if exceptions are logged, duplicate logging should be avoided as well.

h) If code may be called by multiple threads, is it thread safe? Checking for thread safety is vital, because such errors are hard to track down, and it is easier to avoid them early rather than fix them later.

i) Is the code secure? Security issues can hardly be covered by QA or unit tests, but they are certainly important. For example, if there is a method that is supposed to be called by administrators only, it is better to restrict the method itself, even if the respective action is available only to administrators in the user interface.

j) Are unmanaged or IO resources correctly disposed of? Resources that are not disposed of can cause unexpected crashes or memory leaks. Each such resource should be disposed of correctly after using.

k) Are the most effective algorithms used? Common mistakes include:

  • Using IList instead of IDictionary or Hashtable leads to unnecessary O(n2) complexity instead of O(n).
  • Using multiple consecutive string concatenations instead of StringBuilder or String. The format increases complexity as well as memory usage.
  • Unnecessary web service calls can slow down the application considerably.

l) Are string comparisons correct? Using case sensitive comparisons instead of case insensitive ones in some cases (for example, file names comparisons) can cause errors that are hard to detect. Ideally, each string comparison in the code should be reviewed.

m)  Are the classes, methods, properties and variables named correctly? A static code analysis tool will check naming conventions, but often it is possible to come up with better names.

n)  Is unit tests coverage good enough? Unit tests should be reviewed as well. The same checklist as above can be followed.

3. Use automated tools for code review. Automation is essential for code quality, first of all, to eliminate the necessity for routine checks (saving time spent on reviews by skipping descriptions of incorrect formatting and naming), and secondly, for enforcing code guidelines without the reviewer assuming the role of a strict professor worried about every misplaced comma. Automation takes subjective opinions out of the equation and serves as a neutral and impartial force.

The most popular static code analysis tools for .NET are SonarQube and FxCop. They can check for dozens of code guideline enforcements such as:

  • Classes, methods and variables naming conventions,
  • Empty classes or methods,
  • Unnecessary parentheses,
  • Correct classes and methods declarations,
  • Access modifiers, etc.

4. Hold regular discussions of the main review results. Best development practices and how they can be implemented should be communicated to developers on a regular basis using an example of well-written code (with a focus on successful solutions in particular), rather than targeting specific errors of individual developers (which can negatively influence the atmosphere in the team). Good communication between all project participants (including clients and stakeholders, if necessary, as well as managers and testers) is a vital aspect of being on the same page in terms of code quality. Being patient with team members who don't boast extensive technical backgrounds and speaking their language brings the team closer and ensures better quality of the end product. Team members also learn from each other through a more profound understanding of the code base and can use that knowledge in subsequent projects, as well as project support.

Holding regular meetings and discussions may also have the following benefits:

  • Consistency of design and implementation throughout the project,
  • A common knowledge database where project data is stored may help bring new team members on board when others become unavailable,
  • Walking in the shoes of another team member helps see the product more objectively, and a person looking at a piece of code for the first time may have a fresh perspective,
  • Being recognized by peers boosts morale in the team and motivates developers to code better,
  • Teams become closer by interacting on a more personal level and working together toward a common goal.

5. Don't take mistakes and problems personally. Even though making mistakes is a natural part of writing code, they are too costly, and are therefore always considered the ‘enemy.' But just like failure is an intrinsic part of success, mistakes are acceptable (and they will happen on every project, with every developer) as long as they don't end up in the product that's already gone into production, costing investors money and developers their reputation.

It may be helpful for developers to remember that the whole objective of code review is to find issues with code. No matter how excellent their product is, code review is not targeted at praising their coding prowess, but at finding loopholes in it. It is best to look at the process this way: finding mistakes improves code; it doesn't critique its creator. Learning from mistakes and sharing that knowledge with others is what developers should be taking out of the whole process.

Another sometimes painful aspect of code review is encountering developers who are more advanced and better skilled. The trick is to not view them as rivals but to learn from them. When conducting regular reviews, it is important to be diplomatic and not forget that praise is critical for all creative professionals (and developers are creatives, no doubt about that), and that criticisms and notes go down better with a bit of recognition of the skills that enabled the developer to write the code in the first place.

Carrying out .NET code review on a regular basis may help keep development quality at the designated level of excellence, develop high quality defect-free software, comply with industry standards and share knowhow between developers. Recognizing and following best practices in .NET code review can enable all parties involved in software product development to bring their efforts to perfection and centralize the latest knowledge in their niche.

More Stories By Aleksei Gavrilenko

Aleksei Gavrilenko is a senior developer with Itransition. He joined Itransition in 2005 as a software developer. Currently, he holds a position of the technical lead for a large ASP.NET project for automating key project document management and control procedures in industry-leading engineering and utilities companies worldwide. His areas of interest are .NET, Enterprise Content Management, performance tuning, software design and architecture. Aleksei received a master’s degree in computer science from Belarusian State University in 2007.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
While the focus and objectives of IoT initiatives are many and diverse, they all share a few common attributes, and one of those is the network. Commonly, that network includes the Internet, over which there isn't any real control for performance and availability. Or is there? The current state of the art for Big Data analytics, as applied to network telemetry, offers new opportunities for improving and assuring operational integrity. In his session at @ThingsExpo, Jim Frey, Vice President of S...
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy," said Roger Strukhoff, Conference Chair. "DX World Expo has organized these issues along 10 tracks with more than 150 of the world's top speakers coming to Istanbul to help change the world."
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, discussed new ways of thinking and the approaches needed to address the emerging challenges of security i...
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, discussed the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information.
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Karthik Lalithraj, a Principal Solutions Architect at Kinetica, discussed how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution and join Akvelon expert and IoT industry leader, Sergey Grebnov, in his session at @ThingsExpo, for an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, will examine the regulations and provide insight on how it affects technology, challenges the established rules and will usher in new levels of diligence...
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, discussed the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insights from the vast t...