Skip to main content
Sign In |
  Help (new window)

MSF for CMMI Process Improvement

Go Search
Home
  
MSF for CMMI Process Improvement > Wiki Pages > Activity - Bug Code Review  

Activity - Bug Code Review

View All Site Content

Recent Changes
Activity Information

Bug Code Review

Fix a BugBug Code Review

Description

A code review is used to ensure that new or changed code meets an established quality bar before the code is integrated into the daily build. Quality considerations are coding standards, conformance to architecture and design, performance, readability, and security. Code reviews also provide additional insight from other developers on how code should be written. The code review is conducted by the lead developer, and attended by the development team for the code area, and the architect.

Roles

ResponsibleDeveloper
AccountableDeveloper
ConsultedDeveloper, Solution Architect

Attributes

Element Categories[CMMI Level 3] PI SP 3.1, [CMMI Track 3] Build, [CMMI Track 4] Stabilize, [CMMI Level 3] VER SP 2.2, [CMMI Cycle 6] As Needed
GuidancePeer Review Exception Review Minutes Template, Performance Code Review, Security Code Review
Entry Criteria

Coding Standards:
Coding standards.

Threat Model:
Threat model.

Exit Criteria

The review team forms consensus on all changes to the code base required for acceptable quality before the code is integrated:
The review team forms consensus on all changes to the code base required for acceptable quality before the code is integrated.

The review team forms consensus that the code is acceptable for integration:
The review team forms consensus that the code is acceptable for integration.

Code review work item is created, summarizing results of the code review:
Code review work item is created, summarizing results of the code review.

Reviewed source code:
Reviewed source code.

Is RequiredYes

Steps

  1. Verify Name Correctness:

    Make sure the names of the classes and the methods are properly defined to represent the functionality of the code segment.
  2. Verify Code Relevance:

    The code being reviewed is relevant to the task for which the code is written. There should be no code changes allowed that do not address the functionality being implemented or corrected.
  3. Verify Extensibility:

    The code is written so it can be extended if it is the intention to do so, or reused in other areas of the system.

    String constants used in the code are properly placed in resources that can be internationalized.
  4. Verify Minimal Code Complexity:

    Repeated code can be simplified into common functions.

    Loops are used where appropriate.

    Similar functionality is placed in a common procedure or function.
  5. Verify Algorithmic Complexity:

    The number of execution paths in the code being reviewed is kept to a minimum. Only recognized paths are allowed to exist.
  6. Verify Code Security:

    Check the code for the protection of assets, privilege levels, and the use of data at entry points.
  7. Create Code Review Work Item:

    A code review work item is created documenting the results of the code review. The review team must decide on the next steps for the code depending on the magnitude of the changes necessary.

    If no changes are necessary, document this fact in the code review work item and that the code can be integrated.

    If minor changes are necessary, mark the code review work item as "Accepted with changes" which indicates that the code can be integrated once changes are made.

    If major changes are necessary, mark the code review work item as "Rejected." The code must be refactored, and another code review must be performed before the code can be integrated.

Inputs and Outputs

WorkProductInputOutputAllowable States
Peer Review Checklist(none)
Peer Review Exception Review Minutes(none)
ReviewActive

Predecessors

TypeNameDependency Type
Prepare for Bug Code ReviewFinish-Start

Successors

TypeNameDependency Type
Integrate Bug ChangesFinish-Start

Last modified at 12/19/2007 10:37 AM  by Administrator