Are Code Reviews Worth It? 345
JamaicaBay writes "I'm a development manager, and the other day my boss and I got into an argument over whether it's worth doing code reviews. In my shop we've done both code reviews and design reviews. They are all programmer-led. What we've found is that code reviews take forever and tend to reveal less than good UI-level testing would. The payback on design reviews, meanwhile, is tremendous. Our code is intended for desktop, non-critical use, so I asked my boss to consider whether it was worth spending so much time on examining built code, given our experience not getting much out of it. I'm wondering whether the Slashdot crowd's experience has been similar."
Synergy, leverage, low hanging fruit, etc.. (Score:5, Informative)
Having worked on life critical type systems where every line of code was reviewed before making it into the product, I have to say that I've seen them add a lot of value when done properly.
They also cost a lot.
The first question I would ask in your situation is: are you doing them right?
Do bugs get discovered later after deployment? Are the bugs in areas of the code that were supposedly reviewed? If so, you might be doing it wrong.
And as much as we _hate_ the word... I have to say it...
METRICS!
If you truly want to make a decision on whether code reviews are worth it.. you need to know:
- how much does it cost to conduct the reviews
- how many defects are discovered in the review versus how many make it out the door (in other words, how good are you at it)
- how how much more does it cost you when a bug gets discovered after deployment? In a life critical system, it costs a fucktonne.. in a desktop app.. it may not be that bad.
Once you know these, the picture should be clear
Re:Synergy, leverage, low hanging fruit, etc.. (Score:5, Funny)
If you truly want to make a decision on whether code reviews are worth it.. you need to know[...]
So what you're saying is we have to have a review of the reviews...we're going to be here a while aren't we?
Re: (Score:3, Insightful)
Oh calm down..
it's a pretty easy thing to track.. most shops already have a bug tracking system.. you just need to add in a way to track how much stuff gets discovered in code reviews.. then have some intern hack out a spreadsheet in leu of getting valuable job experience.
Re: (Score:2)
Re:Synergy, leverage, low hanging fruit, etc.. (Score:4, Funny)
Re: (Score:3, Funny)
Well, in that case, we should do a thorougly review of the reviews of the reviewed review reviews.
BUFFER OVERRIDE
Re: (Score:2)
Is that like a buffer overflow?
Re:Synergy, leverage, low hanging fruit, etc.. (Score:5, Insightful)
Actually, it's reasonable to periodically review and improve and streamline all of your processes. Any part of the process that takes time or money should be justified by an improvement in the metrics after adding that part of the process. if the metrics don't improve after adding that part, then that part should be removed from the process. This can help lead to less busywork and less paperwork, rather than more, as it sounds at first blush.
Re: (Score:3, Informative)
Sadly every security vulnerability on the products I've worked on were found after shipping in code that was reviewed (and not only that - sometimes very obvious bugs - like treating strings as fixed values, and not checking or sanitizing inputs).
So I guess they either have to be done right, or they aren't all that useful.
Re: (Score:3, Insightful)
Well, code reviews are boring to do, but has to be done be the best and most experienced developers usually the senior or lead developer. Some places doesn't understand that and just delegates this menial task to lower developers, or a team of inexperienced developers. Other places the top developer assigned the task, just skips through the code, because he thinks he has "better things to do".
Re:Synergy, leverage, low hanging fruit, etc.. (Score:5, Interesting)
how many defects are discovered in the review versus how many make it out the door?
I don't think defects are the only metric. Code reviews can result in a cleaner codebase that's easier to understand. Everyone occasionally writes bad code. A reviewer might say, "I see that it works, but I don't like it..." and mention an alternative solution. A reviewer might suggest that something is non-obvious and that a comment is warranted. Code reviews aren't just for bugs, they are to get better code.
Re:Synergy, leverage, low hanging fruit, etc.. (Score:5, Insightful)
Re: (Score:2)
Agreed. I'm a junior dev, and I have learned a few things from our group's team lead during code reviews. It also helps in the communication between the devs and the team lead. For instance, if some library code we're using needs refactoring because it's making our code awkward, it's helps him identify if we should possibly spend some time working on that to help the whole team write better code.
Re: (Score:2)
a fucktonne? (Score:5, Funny)
Damn europeans and their metric system.
How many shitloads are in a fucktonne?
Re: (Score:3, Insightful)
you need to know:
- how much does it cost to conduct the reviews
- how many defects are discovered in the review versus how many make it out the door (in other words, how good are you at it)
- how how much more does it cost you when a bug gets discovered after deployment?
The great thing is that none of these metrics are that hard to collect. You should already know the cost of production bugs because that is just a basic component of your business.
To collect the cost to conduct reviews, you just need to ask everyone who does a review how long it took them. You can store this on paper or in a simple little database. Reviewers just need to remember to look at the clock when they do the review. Some computerized review systems can collect this for you automatically.
To trac
Yes! (Score:5, Interesting)
Code reviews have a lot of value in two ways completely independent of how good they are at catching errors. First, they are a way to enforce various stylistic guidelines on code that make future maintenance much easier. Secondly, they are a tool for spreading knowledge about the code around to other members of your development team.
They can also catch some errors that are very hard to catch in any other way. I recently worked on a project in which I found an error that would've caused code to only fail in a very limited and non-obvious set of circumstances. The thing is, somebody would've almost inevitably encountered those circumstances and the phantom and nearly unrepeatable bug reports resulting from this would likely have never been solved.
I fear code ever stepping off into the land of incorrect behavior as there are few corrective mechanisms that will cajole the errant program back into doing something sane. The longer it goes without abject failure, the more weirdly wrong it will be. Therefore I think any and all measures to keep it from ever going there and making sure it dies as quickly as possible if it does are useful.
Re: (Score:2, Interesting)
Re: (Score:3, Interesting)
I just want to highlight your second point. I believe that THE most important thing gained from code reviews is the spreading knowledge and gaining understanding. New development is always great, but most programming is maintaining/fixing/improving existing projects. A code review is a great way to really learn about code readability. You actually get to see other people read your code and you get to read other people's code. All of this code is fresh in someone's mind so it can be explained, and how t
In a word, yes (Score:3, Insightful)
When done right (Score:5, Informative)
Code Reviews are useful when they are done right. But before you start using code reviews you should introduce automated static analysis of the code during the builds. A lot of crap can be discovered by static analysis. This saves you a lot of effort on the tedious parts of code reviews.
If you're code review is taking forever... (Score:5, Insightful)
Code reviews shouldn't be a "full stop, let's go over this" event. Code review should be a part of the every day workings of the development team. Nothing should go into version control's master/trunk/HEAD until it has been reviewed.
Sometimes you'll find that stopping to review a single module is helpful, but most of the time it's actively harmful to the team, since it takes developer's concentration off of what they're currently working on to review things that they half-don't-remember, which then makes the code review take forever.
Review and document inline with your coding, and you'll find you'll never need a "Full Stop" review.
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:2)
My code is self reviewing.
Re: (Score:3, Funny)
Re: (Score:2, Insightful)
If I'm code review is taking forever, it's because I haven't documented I'm code. So in a culture of constant code reviews, I remember to document. Adding comments no longer wastes time; it *saves* time in the pretty near future. I also write fewer lazy hacks than I used to, because of the fear of having to explain them. And my code gets better for other reasons mentioned on this thread.
The OP didn't explicitly say that they were reviewing code months after it had been written, but no, archaeology and pr
Re:If you're code review is taking forever... (Score:5, Insightful)
And quite frankly, if you don't draft the design correctly from the beginning, it can cause huge problems later. Some projects can skip this step and do iterative design (most open source projects, software libraries, e.g.), but commercial products typically don't have the luxury of having a product delayed by a huge amount because someone's design was wrong and it is now a burden to remove and replace.
Not stopping to design for the future early on is the reason Xorg is a complete and absolute clusterfuck today, for example.
They sometimes find really difficult problems (Score:3, Interesting)
When we did code reviews at DEC, they were done with several people generally familiar with the code, required considerable advance prep by the reviewers, and went over code basically line by line. This was not done for all code; nobody had time or resources. However, when a piece of code was doing something weird, it was a pretty effective way to figure out what might be wrong, where the programmer had been having trouble finding a problem. The one area where it tended not to work well was where the software was a driver that talked to some piece of hardware, and the programmer was the only one who really knew what the hardware was doing. The fact that the reviewers didn't know that hardware made finding bugs most difficult...
U R DOIN IT WRONG :) (Score:5, Insightful)
What we've found is that code reviews take forever...
Ugh. Are you reviewing each individual commit (where code reviews are quick and very effective), or are you rounding up a bunch of developers in a conference room and reviewing an entire module using an overhead projector?
Peer-to-peer reviews of individual diffs using good workflow tools have been very effective at several places I have worked and in open-source projects to which I have committed.
Some of the fastest team development velocity I have experienced has been with peer code reviews within the team.
A good style guide also helps...
Re: (Score:2)
Peer-to-peer reviews of individual diffs using good workflow tools have been very effective at several places I have worked and in open-source projects to which I have committed.
This is basically how we work at my lab. Anything going into the master branch of our multimedia engine needs peer review; anything going into a multimedia project needs peer review after we've hit beta (roughly speaking).
In my experience code review is a very helpful part of development. It often catches stupid errors and can be an important piece of keeping the programming team abreast of everything that's going into the codebase.
If you don't like unit tests (or at least the idea of writing unit tests --
Line them up (Score:5, Funny)
Have each developer line up with his/her/its code printed out on a cue card board and stand in a line up. Execute the least likely to make it to the compiler, then you will "motivate" the rest to write better code..
Signs point to yes (Score:2)
My group started implementing code reviews this month. To get in the swing of things, we decided to do a test review of existing foundation code, stuff that had been in the product for many months, had gone through multiple QA cycles, and had been shipped to the customer as part of the first "production" release.
In the first hour-long review, we found a number of significant issues, and one full-blown bug.
Depends on what you're looking for (Score:5, Interesting)
Design reviews are useful to catch problems early on, particularly the selection of poor algorithms or data structures. However, in the the software shops I've worked nobody does any documentation, which makes it particularly difficult to do a design review. So, as you can imagine, I haven't got much experience with this area.
Code reviews, on the other hand, are more about auditing code to make sure that people are following the coding standards and policies. After all, if you've got coding standards, how are you supposed to tell if anybody is following them without reviewing the code? Once your coding standards have been institutionalized -- that is, most people have internalized them and following them -- then what's the point of a code review?
So your best bet, then, is to reserve code reviews for junior developers until the coding standards are internalized; and use design reviews for the architects.
Yes, yes, and then some (Score:5, Informative)
Even the best programmers make mistakes. Having another set of eyes is invaluable for detecting bugs before they become problems. Having to explain in words the rationale for a design decision often helps you better understand your own design, and to see potential problems with it. Sometimes you come up with something better on the spot. Also, if you get hit by a bus, your fellow programmers can take over without having to reverse-engineer your thoughts. Please, more code reviews.
Re: (Score:3, Insightful)
Also, if you get hit by a bus, your fellow programmers can take over without having to reverse-engineer your thoughts.
But if I get hit by a bus, I won't care whether my fellow programmers can take over without having to reverse-engineer my thoughts.
Re:Yes, yes, and then some (Score:5, Insightful)
But the company that gives you that paycheck does, and that's all that really matters. :)
Hire programmers who don't get hit by busses. (Score:3, Funny)
I keep hearing about these programmers getting hit by busses. In fact, I think I hear about programmers being hit by busses more than members of any other profession. Now, the busses that I've seen tend to be rather large things that stop frequently, and usually aren't going very fast. The generally poor quality of code suddenly makes a lot more sense when you consider that it is being written by a class of people who are so fatally inattentive as to be struck by busses with such improbable frequency.
Depends... (Score:5, Insightful)
As someone else noted, badly-run code reviews aren't worth much, if anything.
There was a lot written about code reviewing in the late 80's and early 90's that makes sense. If a review is conducted as a lesson in coding to others, nobody is going to get much out of it. If it is done as a last-ditch design review, that probably isn't going to work out well either.
If the staff is all people with lots of experience, it may not be that valuable. Alternatively, I see it as an extremely powerful tool for a staff that works mostly independently to come back together periodically and make sure everyone is on the same page. Especially when some team members have less experience.
Trying to bog it down with formality is pointless. But the early guidelines about "egoless" are right on target.
Re: (Score:2)
Code reviews aren't going to solve that by themselves, but if you're looking at the code as part of a program of review on a reasonable basis, it's harder for bits to fester in odd corners of the repository.
Re: (Score:3, Insightful)
I pretty much agree with the parent.
When I was fairly new to my company code reviews were reasonably helpful, as I was certainly not an expert in the areas I was fixing bugs, and there was a lot of undocumented knowledge of how various components interacted with eachother. As time went on and I became more proficient in these areas, code reviews began to be less useful.
I then moved on to taking primary responsibility for an important system library whose original developer left years earlier, and the curre
They are worth it (Score:5, Insightful)
Code reviews are as much about code maintainability and ensuring the code follows standards then finding bugs.
PCI-DSS Code Reviews (Score:3, Interesting)
Part of the PCI-DSS (Payment Card Industry Data Security Standards) security requirements is to conduct quarterly code reviews of applications that process credit card data, or put an application firewall on your network to monitor these applications.
Like most companies, we spent about 10 minutes working out how much time our developers would have to spend on this per quarter - and then we decided to drop $30K on the firewall.
If you did test-driven development (Score:2, Interesting)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Second, modern tests are documentation. For
Re: (Score:2)
Re: (Score:2)
ANY kind of programming can be done sloppily or poorly. That is not an argument for or against any particular methodology.
Re:If you did test-driven development (Score:4, Interesting)
then code reviews would be redundant.
Err... no. Testing is not a replacement for code reviews, which do a variety of things, including enforcing coding and commenting standards, act as sanity checks in implementation of design, etc. They also find the bugs that you never thought to design tests against.
Test driven development is a good way of capturing requirements in testing up-front, rather than leaving that as a downstream activity the way conventional testing is done. Doing test-driven development will not cause your test set to be any more thorough than a properly done V&V test set.
A while back on /. we had a story about a serious bug in a major product (can't remember what it was) and someone commented that "this seems like the kind of thing that test-driven development would have caught" as if the tests the developers would have thought of doing in a test-driven environment would have been any different than the tests developers would have thought of doing in an environment with sane down-stream testing. There is absolutely no reason to believe this.
Re: (Score:2)
No, test-driven-development is not perfect. But it's a hell of a lot better than pretty much anything else that has so far been devised. And code reviews do not tend to catch many coding mistakes that TDD misses... but QA can.
"A while back on
What is your historical programmer turnover rate? (Score:2)
How many per cent of your programmers change, i.e. move to other companies, every year? The higher rate, the more need for well written, easy-to-read code.
No doubt useful, but worth it...? (Score:2)
yes! (Score:5, Insightful)
Well, my last workplace had code reviews for everything, and I found them tremendously helpful. They accomplish a few things:
Furthermore, if I edit code that was written by (or is owned by) Bill, I'll ask him to review it so he'll know about the new feature I added (which is good, if he ends up having to support it).
it always depends. (Score:2)
If you have padawan coders, or coders from another corporation.. code reviews matter.. stylistically they wont mesh, they may have some foreign habits that you need to either squash or embrace. These may be the people who do a C++ style for loop in perl when it is not appropriate. These may be best-practices nazis. These all warrant code review.
If you are modifying byzantine code from the people who write HP office-jet software.. you need code review.
If youre
Coding standards (Score:5, Insightful)
A code review is unlikely to uncover many errors. Most code is just too complex for another developer to spot errors. Unit testing is much better at that. What a code review can do is
Yes they are worth it (Score:2)
Worth It But... (Score:2)
Code reviews are worth it but often the "cost" of doing proper reviews are underestimated. To implement results of the review may cost a bit of time and money if not another review where if project managers and planners just assume its a "fast fix" then problems will arrise.
It's vital (Score:2)
Delusions of grandeur (Score:5, Insightful)
My working life has been spent in projects developed by individuals or small teams (less than six programmers). I would describe my working environments as "CMM level 1 and damn proud of it." The teams I have been on have been consistently successful without having a consistent methodology. The success is the result of having a bunch of competent people who respect each other, and are motivated by the idea of producing something that customers will pay money for, because it works. And by the knowledge that they'll stick with the project for a while, and if they make any messes they'll be the same people who have to clean them up later.
I've suffered throughout my working life from inexperienced managers and programmers who suffer from what I call delusions of grandeur. 90% of the stuff that people learn about project management seems to me to be intended for use in projects with fifty programmers or more. Projects where the manager can't get a grasp of the project by walking around and schmoozing with people. Projects that are big enough that there are constantly people leaving and joining them. I don't know about projects like that. I'm inclined to think that formal management processes may be useful, even essential there.
But on small-team projects, it just gets in the way.
The problem is that the books that explain the capital-M Methodologies and the code review process and so forth never say, in so many words, that these are management procedures for projects with more than fifty people. They just say, "this is how you do it." And people come out of courses believing that "doing it right" means applying all this stuff. And that anything else is unprofessional.
The hidden assumption is that everyone wants to follow a career path where they manage more and more and more people on bigger and bigger and bigger projects and make more and more and more money. When I worked at a Fortune 500 company, people were very frank about it. It was a waste of time proposing or working on small stuff. You had to "think big" or management would never take any interest in what you were doing.
Well, I'm here to say that if you want to think big and manage like the big boys do, fine. But don't try it on a small-team project where the team members have gelled into a coherent unit, and know each other and work well together, and plan to stick around for a while.
Code reviews? Gimme a break. In the natural course of events, other team members are going to have to work with my code. If I don't care about what they think about it _when they're editing it to get their job done,_ I'm sure not going to care what they think about it in some room with a whiteboard. And we're effectively eviewing each others' code in the natural course of getting our jobs done, then sealing ourselves into a room with a whiteboard and no debugger, isn't going to be any better than what we naturally do without any formal process.
"Take forever" (Score:4, Insightful)
What we've found is that code reviews take forever ...
In one place where I worked in the past, we had a very simple rule: if you are doing a code review, and it takes longer than 10 minutes, then you stop it right there and return the whole thing marked as "overcomplicated" - if it really takes that long, then either the code is written in non-obvious ways and/or poorly commented (which will result in poor maintainability anyway), or the change is too big for one source control commit. By and large, it worked, even if you have to make exceptions occasionally (but at that point you know it's not a typical review, and pay more attention).
In addition to that, you might want to consider better tooling. If you're doing reviews by sending .diff files over email, you're doing it wrong - there are many specialized tools out there that will do automatic and smart diffing (including between rounds in a multi-round CR), notify people responsible for affected files, allow to set up the workflow according to your needs, enable attaching review comments and conversations to particular files and lines of code, and so on. The shop I was working for used Code Collaborator [smartbear.com] , and I found it to be pretty good, but there are plenty other similar tools out there, and you might even be able to find some good free ones.
Code Reviews for the lulz (Score:3, Interesting)
Oh the dilemma. Do I take ownership and defend "my" code, or say nothing and enjoy watching him squirm? I did the latter watching him go "ummmmm ummmmm ummmmm". Finally medicore programmer admitted he copied it and it was really mine. I said "Well it was working when you copied it off me."
Needless to say he ended up being promoted to manager. Not even a PHB which requires a bit of cunning, he was just a flat out idiot. I keep in touch with some of my coworkers to this day and whenever we want to describe a certain type of idiot we use his name. Duuuuuuuuuuuuuuh.
Re: (Score:2)
Yes and no. (Score:2)
In my experience, code reviews are generally useless. Main problem is that very few software projects have decent documentation which can be used as base for code review. Without documentation, reviews generally end up being a R&D-wide (or worse) squabble.
As development manager, one should try to make the reviews an integral part of development process. Keyword is "integral." Results of review are hard to quantify, thus something should be done to make them useful to the other phases of development
We do this. It's valuable. (Score:2)
In my shop, there is no formal code review process. But informally, we all have to maintain this stuff, and there aren't enough of us that everyone gets one nice, clearly demarcated area of responsibility. So in that principle, there is a strong informal process.
In the course of designing a piece of software, or subsystem there is a lot of "Okay, here is my approach. See any pitfalls?" During implementation, there is a lot of over the shoulder "could you take this over?". And once a piece of code is ready t
WTF does maybe mean? (Score:5, Interesting)
Lets see. Right click -> View source this web page. In the first 10 lines I see a variable called maybe with no comments as to what it means.
Yes, code reviews are useful.
I think they can be good (Score:3, Insightful)
As a programmer, having someone else look at my code is good since there will always be mistakes I just cant see from looking at it. Someone else looking at it might pick them up when I cant, especially if they have more knowledge of bits of the codebase than I do.
I like having my code reviewed (Score:3, Insightful)
Which goes against the thinking for a lot of developers. They seem to take reviews of code personally, and believe everything they did is correct.
I go the other way. If my code is good, it will stand the test of a review. If one or a group of my colleagues looks at my code and doesn't find a fault then I KNOW it's good. I don't have to just THINK it because I believe so. If I can't explain why I did something in a review, it shouldn't get into production code.
Sometimes it's even simple stuff. I Do X, and someone goes "oh, we had to do it too, and wrote this bunch of code for it. Maybe we could combine the code into one usable module for both". It's stuff like that you can only really do in a good code review. It shouldn't JUST be done at a commit. It's something that should be part of the development process.
Security Camera Effect (Score:4, Insightful)
The primary effect of code reviews has nothing to do with finding problems during the review itself. It improves quality before the code ever gets to review, because people care far more about what they do in the first place if they know there is even a chance others will see and criticize them later for doing it wrong.
This is why stores put up fake security cameras. The notion that they have someone sitting there watching the camera continuously is ridiculous, yet a camera has a huge effect on people's tendency to commit crimes nonetheless.
Gods yes! (Score:3, Insightful)
Just do them right:
1. Each commit should have an explanation of what the change does, and should be small enough that the reviewer can do it quickly.
2. Your organization should prioritize code reviews over other work; in many cases the review is blocking something.
If your reviews are kept small, and are a high priority, they add enormous value and shouldn't negatively impact your work.
Code reviews have the following perhaps non-obvious benefits:
- They ensure the implementation does justice to the design
- They help pass institutional knowledge to the developer ("This function has an existing implementation over here...")
- They ensure code readability (especially when used with a formal style guide)
- They help keep the developer honest, when he or she might take shortcuts or be lazy with a certain function.
- By mandating code reviews, you have a pressure from the reviewers to keep each commit small, which encourages incremental development, which discovers design flaws early rather than after 10,000 lines are written.
Code reviews aren't really a great place to FIND bugs. Yes, obvious bugs will stand out to an experienced developer, but the reviewer is another human, and he or she can easily miss the same bugs the developer missed. Really, unit tests are where you catch bugs, and a reviewer is usually in a better position to identify incomplete unit testing.
Re:Are they worth it? (Score:5, Informative)
http://en.wikipedia.org/wiki/Code_review [wikipedia.org]
There are apparently a couple different kings of things that are both called "code reviews", which one are you talking about? There's also the issue that they're supposedly (as in, according to actual studies) pretty good, so maybe you could do them slightly differently and get much better (more in line with the study results) effects.
More details on what your version of a "code review" and a "design review" are would probably get better answers...
Re:Are they worth it? (Score:5, Interesting)
There are apparently a couple different kings of things that are both called "code reviews", which one are you talking about? There's also the issue that they're supposedly (as in, according to actual studies) pretty good, so maybe you could do them slightly differently and get much better (more in line with the study results) effects.
Formal reviews is only meaningful if you have an equally formal specification that is unlikely to change often or at all. A lot of heavy backend systems could benefit from that, but this isn't one of them they should definately stop. Of the lighter:
Over-the-shoulder One developer looks over the author's shoulder as the latter walks through the code.
Email pass-around Source code management system emails code to reviewers automatically after checkin is made.
Pair Programming Two authors develop code together at the same workstation, such is common in Extreme Programming.
Tool-assisted code review Authors and reviewers use specialized tools designed for peer code review.
First one nearly never leads to good code in my experience, unless you manage to get just the right mix of writing code and helpful conversation, it's way too easy to zone out, take over, turn it into a lecture or whatever. Second one sounds like SPAM, who reads those? Pair programming can work, but I'm not sure it's worth the overhead.
Tool assisted is definately my favorite. Clone and branch then make your changes and request that they be merged back. You have to say something sensible about what you're doing as a whole, at least two people will look at it, they can comment or reject it. Not according to guidelines or design or whatever? Fix and resubmit. That, together with design meetings I think is the way to go.
Re:Are they worth it? (Score:5, Interesting)
Pair programming can work, but I'm not sure it's worth the overhead
By "overhead" I assume you mean the cost of two developers to write one piece of code. In my experience, Pair programmers are more than twice as productive as a single developer when you factor in all the errors and bugs prevented by having two sets of eyes on the same problem. Of course this only works when you have a pair that can work together, which can be hard to find in some environments.
The other advantage you get from pair programming is that you have two people familiar with the code, not just one. Thus if one leaves the company, or goes on vacation and problem needs to be fixed, you always have another person (at least until both of them leave the company).
Even if you do nothing else that XP advocates, pair programming can really be worth it.
Re:Are they worth it? (Score:5, Insightful)
In my experience, Pair programmers are more than twice as productive as a single developer when you factor in all the errors and bugs prevented by having two sets of eyes on the same problem.
In my experience, pair programmers are only more efficient than each programmer working on their own when both programmers are bad.
Bonus: Most development managers that like pair programming have hiring practices that find the worst programmers (but they're generally fairly well dressed and always show up to meetings on time).
Good developers paired with over-the-shoulder code reviews produce code that is just as good (or better), and is far more productive.
Re: (Score:3, Interesting)
Good developers paired with over-the-shoulder code reviews produce code that is just as good (or better), and is far more productive.
This I agree with wholeheartedly - a relatively quick over-the-shoulder review before a checkin provides the advantage of the extra eyeballs in pair programming/code reviews without the ridiculous disadvantages of redundancy and annoying meetings. Though as you said, it does assume good developers...
Re:Are they worth it? (Score:4, Interesting)
Good developers paired with over-the-shoulder code reviews produce code that is just as good (or better), and is far more productive
My experience differs. Most people that say they're "good developers" aren't. What you really mean is "People that hate having someone watch them don't do well in pairs", and that's true.
Re: (Score:3, Insightful)
Pair programming is good for coding and software design (if you have a UI cases design), but crap for "UI, and model design by prototyping". If you want production code, you should use pair programming, design reviews, and code reviews. If you want to hack up a protoype (which you then refactor into a proper design, using pair programming, design reviews, and code reviews), then one person can be more creative than 2.
Of course, some managers don't believe that development is a creative process, and think th
Re:Are they worth it? (Score:4, Insightful)
Everyone on the team found that they were more productive if they were just let alone, had people to talk to if they had an actual problem, and just emailed each other their patches for "review".
I've had numerous 4-6 hour pair programming sessions that churned out more well written, largely bug-free software than most people write in a week.
The problem is, when pairs are mandated, you end up with a situation where you write code for 5 minutes, then one guy gets up to go to the bathroom for 15 minutes (the other guy surfs the web waiting for him to get back). Then they write more code for 5 minutes and the other guy goes to get a can of Dew, stops and chats with someone, etc.. comes back and they write 5 minutes of code and then the first guy goes to lunch... etc..
You need two people that are a team, working together, who want to be there and doing it. Otherwise it's just pointless. In most cases, I like to find an unused conference room or office to allow us to be completely "in the zone", and we generally don't come out until we're done for the day.
Occasionally you get into a disagreement about how to go about things, and that wastes time. But more often than not, a pair that's "in sync" churn out amazing amounts of good code.
The fact that you talk about mailing each other patches seems to indicate to me that you're talking about a maintenance situation. Pair programming does not work well for small patch change situations, or rather it's a waste of time.
Re:Are they worth it? (Score:4, Insightful)
Also, having someone watch over you makes it harder to slack off on Slashdot. Harder, but not impossible, of course.
Re:Are they worth it? (Score:5, Funny)
In my experience, unicorns are 2.7 times better than mermaids at debugging.
Re:Are they worth it? (Score:5, Insightful)
Pair programming is the most effective in the circumstance that makes the best use of it - two circumstances to be exact :
1. Pair an experienced programmer with an inexperienced programmer.
2. Pair an experienced programmer with strong subject matter expertise on one domain with an experienced programmer with a completely different domain of experience.
The first is highly effective in getting the weaker guy up to speed on the first guy's domain. The second is effective at solving a set of problems that eclipse the domain of either developer.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
It also depends on the personalities. Some programmers are too egocentric to be useful in pair programming. They aren't too good in other contexts either though.
Re: (Score:3, Interesting)
Except that the company pays the opportunity cost of having you mentoring instead of coding, as you're on the clock either way.
Unless of course he wants to have his cake and eat it to and have you programming and teaching simultanously.
Re: (Score:3, Insightful)
have no idea what company you work for but normally compaines don't hire inexperienced programmers.
Where do you think experienced programmers come from?
Yeah, yeah, cue the litany of Open Source projects. There's more than one kind of inexperienced, and Open Source doesn't prepare you for all aspects of business programming (nor vice-versa).
Lots of companies have internships, hire kids out of school, hire experts in one domain to help bring their skills into another domain, etc..
Also, near the end:
We fire poor performers, we do not waste time and money on them.
He said inexperienced programmers, not poor performers. There's an enormous difference. The concepts are a
Re: (Score:3, Informative)
Google is using a code review tool called Mondrian. It was originally written by Guido van Rossum (Python's creator).
He created an open source clone to be used with Subversion, Rietveld:
http://google-code-updates.blogspot.com/2008/05/guido-van-rossum-releases-mondrian.html [blogspot.com]
http://codereview.appspot.com/ [appspot.com]
These tools are great but they are only as good as the guidelines for the reviews. Some reviewers will always say yes to requests, while others will be too anal. What happens? Most people will avoid strict rev
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
I did a code review once at a previous job. It consisted of a bunch of people saying it looked good and one person giving wrong advice. I later found a bug in the code that everyone had missed. One person did comment afterwards that he learned a new trick reading my code.
I think a code review at hire time, as part of the interview process, might be good... hell mandatory. I certainly wouldn't have hired the other developers in my group given the quality of code they produce (they were hired before m
they are worth it (Score:5, Insightful)
You often *have* to review a entry level programmer's work until it reaches an acceptable quality. I consider code reviews as a method of improving the programmer more so than the code. One an engineer is producing generally acceptable code it becomes safe enough to treat their code as a black box and wait for problems to be unearthed by testing. If you are shipping bugs your problem is testing, not code reviews. Finally, the cheapest way to do code reviews is for a manager to just scan submitted code from time to time and send out polite emails if they see something amiss. On the other hand getting five senior guys in a room to discuss the work of another senior engineer is a just going to result in unproductive, cranky engineers.
Re:they are worth it (Score:5, Insightful)
If you are shipping bugs your problem is testing, not code reviews.
No, no, no. If you are shipping bugs the problem is that the bugs are introduced in the first place. Blaming testing is not getting at the root cause of the problem. You cannot test quality into a product. I've worked on products where tons of bugs were shipped and people wanted to blame the test group, but the fact is that the test group wrote tons of bug reports that no one had time to look at much less fix. Pretty much every bug report that came from the field had already been found internally. When testing started, the product was already so crappy that a few bug fixes just were not enough.
As a CS person, I view the Software Engineering research discipline with quite a bit of skepticism. But one thing that the research is pretty clear on is that code reviews do work. If the submitter is not seeing that, then he is either on the verge of a major research breakthrough that invalidates decades of SE research or he is doing them wrong.
Re:they are worth it (Score:5, Insightful)
I'll add a few more.. no, no, no, no, no...
Your argument is valid but does not actually counter the original statement. The testing team apparently did their job and found the bugs in the system. Yes, it would be nice if the original coders hadn't done such a great job of creating these bugs BUT this is not the problem (and in reality tends to not be feasible at least in total.. you can minimize bugs but rarely if ever eliminate their creation)
The problem is that the testing wasn't utilized! If the sole job of a testing team is to submit bug reports that can be ignored then why have your testing team? Save the money and just ship the first raw release. This product should have never made it out the door until those bug reports were resolved in some fashion (even if that "resolution" is marking the bug as "release acceptable, fixed in next version/patch"). In this case I would say it is the release team OR probably the management's fault that these bugs made it to the consumer. They paid a lot of money on a testing team and then ignored their feedback and cost themselves even more in customer dissatisfaction and support calls for bugs *they already knew about*.
Wasteful.
Re: (Score:3, Funny)
No, no, no. If you are shipping bugs the problem is that the bugs are introduced in the first place.
Can I come live in your fantasy world where programmers write perfect code every time?
Re: (Score:3, Interesting)
Just because it's fantasy (and it is) doesn't mean that's not the best/cheapest way to quality. The cost of fixing something in QA vs the original development is significant. Depending on who you believe (which study), it can be 2-10 times the cost. We'll be pessimistic(ish) and say 3x. That's basically enough to pay for pair programming, actually, which probably would be as cost-effective at producing quality as having the QA team. A bit of usability testing is about all that's left that developers ar
Re:they are worth it (Score:4, Insightful)
Why do you think I live in a fantasy world? I'm just talking about the root of the problem. The root of the problem is that writing software is hard and programmers are human and make mistakes and those mistakes result in bugs. If you can reduce the rate at which bugs are introduced, you gain a huge increase in quality and a huge reduction of cost because fixing bugs after they are introduced is very expensive.
It is a fact that there are known practices that result in better code in the first place and code reviews are one of them. It is also a fact that many companies do not use these practices and hope that the testing team can pick up the slack.
So the management question is where to spend resources to improve quality and meet deadlines. Do you just add more and more testers so you can find the bugs faster and faster? Do you throw more coders at the problem so you can get the crappy code to the testers earlier? Do you adopt some of the practices that are known to work like reviewing code even though it means some of your coders will have to spend their time not actually writing code?
Since most companies continue to do stupid things that don't work, you tell me who lives in a fantasy world.
Re: (Score:3, Insightful)
What I am saying is that you cannot just throw some sloppy code together and expect to fix everything up in the test process. When you try to do that, you get an endless mountain of bugs. Since the code is so bad, each bug fix just causes additional bugs because new test cases get opened up (or because of unexpected code interactions). When you plan on 2-3 months of testing and it is 8 months later with no end in sight, you start to understand why people just hold their nose and release to customers.
If y
Re: (Score:3, Interesting)
I don't disagree at all. But my experience is that pretty much everything depends on the attitude of the overall organization. I worked at a company where we developed individually, with some consulting back and forth. We'd pull people in to try to diagnose problems, but generally not what you would call pair programming or code reviews. The product was solid... not 100% bug free, but certainly a quality product that was enhanced over many years. That was the result of an organizational attitude that w
Depends what you are reviewing (Score:5, Insightful)
Quite simply, code reviews cost money and production bugs cost money.
We do code reviews for anything where it'll either be devastating expensive if we encounter a failure or if it'll be very hard to detect a failure. Otherwise, in my particular line of work, it's more economical to accept a lower cost and faster pace of development at the expense of dealing with a few bugs that are discovered in production.
Re: (Score:3, Interesting)
Not much, it doesn't (Score:5, Insightful)
If it's ever not more economic to do code reviews, then I respectfully submit that You're Doing Them Wrong(TM).
The improvements in the general standard of code, and consequently its maintainability, should easily outweigh the modest time spent on reviews. Likewise, the efficiency benefits just from sharing basic awareness of how various systems work and useful coding techniques around a development group should be enough to justify the time spent. And those are both without allowing for any actual bugs that would have been observed by your customers but got fixed much earlier and cheaper because the review caught them.
Incidentally, if you don't think it's worth getting even a quick glance from a second pair of eyes on even a small bug fix, you should look up the research on how many bugs originate from a one- or two-line change to the code. It's a staggeringly high proportion.
Now, a lot of places have tried full, Fagan-style, heavyweight reviews, and yeah, those pretty much suck for most software development groups. But that doesn't mean you can't employ a lighter process with the same goals. With the kinds of tools available to co-ordinate reviews and annotate code these days, your overheads should be near zero and you can do a lot of the work on-line rather than shoving everyone into a room for a few relatively unproductive hours.
Re: (Score:2)
Re: (Score:2)
You should check out this reference: (Apologies, you need access to the ACM Library to read the article) http://portal.acm.org/citation.cfm?id=299161 [acm.org]. Robert Glass discusses this exact issue. The article offers some references to research done using alternative approaches to inspections.
Non-paywall link: http://faculty.fortlewis.edu/ADAMS_E/CLASSES/CS370SWENGRII/WebWinter04/NOTES/Glassinspectionarticle.pdf [fortlewis.edu]