Editorial Note: I originally wrote this post for the NDepend blog. You can check out the original here, at their site. While you’re there, check out all of the new tech debt-related features in the newest version of NDepend.
I’ve heard people say (paraphrased) that teams succeed uniformly, but fail each in its own unique way. While I might argue the veracity of this statement, it evokes an interesting image. Many roads, lined with many decisions, lead to many different sorts of failures.
Code review presents no exception. Teams can fail at code review in myriad, unique ways. And, on top of that, many paths to broader failure can involve poor code reviews (doubtless among other things).
How can I assign such importance to the code review? After all, many would consider this an ancillary team activity and one with only upside. Done poorly, code review catches no defects. Done well, it catches some defects. Right?
How Code Review Can Go Wrong
Simply put, code review can have worse than zero effect. Ineffectual code review suffers mainly the opportunity cost of the participants’ time. But toxic code review creates morale problems, counterproductive team dynamics, and damaging distractions.
So the first order of business is to avoid a net negative effect. To do this, one simply has to remove the potential of toxic culture from the process of code review. Of course, that’s a bit easier said than done, but a lot of it just means following basic rules of human decency. Start by treating one another with respect. Then ensure that all participants feel comfortable getting and receiving feedback. Enlist the help of even-tempered, charismatic folks to lead by example.
Once you’ve insulated yourself against the most damaging effects, it’s time to guard against ineffectual code reviews. It is toward that end that I’ll be focusing for the remainder of this post. Ineffectual code reviews can ways time, as I mentioned earlier. But they can also create a false sense of security and lead to poor choices.
So what makes code review effective? How can your team get the most out of this activity? I’ll offer some thoughts based on firsthand experience across a wide number of organizations.