Code review vs. static code audits

Yesterday I watched Mike Rozlog's presentation at Code PaLOUsa about Static Code Audits. I really enjoyed it. He gave a great motivational speech, advocating the use of static code audits, describing their benefits.

I don't agree with Mr. Rozlog's attack at peer code reviews, though. He believes them to be inferior in efficacy to static code audits and he makes his point by bringing in statistics you can't fight.

I, personally, think you should not compare these things at all. Yes, static code audits can find hidden bugs and code smells, they can check your code style etc. But, in my opinion, a peer code review is not about finding all bugs. It's about developer interaction, it's about exchange of knowledge.

A static code audit can point out the bugs in your code but it cannot tell you how to make your code better (except for the most obvious things). It cannot teach you how to use your tools better. It doesn't teach you how to think and plan. It doesn't allow other people to learn your code as you submit it.

Yes, I think you shouldn't compare these two practices at all. You should do them both.

Comments

  1. javin paulJune 16, 2011 at 7:21 AM

    Code review is single best development practice I recommend since code spent 90% time in maintenance and only 10% in initial development , a code which has comments and readable is easy to maintain and understand and saves a lot of time to understand and less error prone while making any changes but at the same time there should be guidelines for maintainers also because I have seen code quality getting degraded with every version.

    Thanks
    How to use ArrayList in Java 1.5 with generics

    ReplyDelete
  2. calbertjacotMarch 3, 2022 at 7:01 PM

    Best Casino Games with real money in 2021 | DrmCD
    There is a huge 대구광역 출장마사지 range of gambling games available for everyone, and our 아산 출장안마 team have created 강릉 출장안마 a list of the best online 익산 출장안마 casinos that offer real 충청북도 출장마사지 money.

    ReplyDelete

Post a Comment

Popular posts from this blog

Multi-threading skills - what do you mean by that?

A while ago I mentioned the possible need of brushing up our multi-threading skills. Having said that, I cannot but share the post I came across a few years ago in the RSDN.ru forum . Disclaimer: I am not the author of the original post, I merely translated it, hoping its content can be useful. Lately, many Java Developer job openings started to include Java concurrency/multi-threading as one of the requirements. As a response, many developers immediately added the corresponding line to their resumes. Being the one who runs interviews, I'd like to dispel some of the misunderstanding that is related to the term. I'd like to split all multi-threading-related projects into 3 levels: the ones that use multi-threading; the ones that are based upon multi-threading and the ones which are multi-threading itself. The first level ("the ones that use") includes projects that are meant to run in the multi-threaded enviroment. E.g., there is BlahBlahFactory class and you n
Read more

Spring Framework and Code Obscurity

I just realized why what I don't like about Spring Framework. Don't get me wrong. I love Spring Framework. I use it daily. In fact, I am a huge fan of it. But there is a constant "something is wrong" buzz in the corner of my mind. And I finally caught it. The name is Obscurity Yes, all the Spring annotation fairy dust magic just works. It is great. It removes boilerplate code. It is supposed to make your code easier to read and maintain. And it does - to a point when it doesn't. A simple example: @Scheduled(fixedDelayString="${execution.delay_ms}") public void scheduledJob(){ // your code goes here } Easy, right? A few lines of code, a configurable property to define a delay between runs, what can be more simple? A few questions: How do you know what threadpool this scheduled job used? How do you to configure the threadpool? How do you test the scheduling part of your code? Ouch, painful!
Read more

High-volume sampling: algorithms’ comparison

Goal : To determine the most efficient way to perform high-volume sampling. Set-up : The sampler's goal is to give permission to sample use a given sampling rate; (approximately) each 1000th request should result in actual sampling. There are several samplers: AtomicSampler: uses AtomicInteger to keep track of sampling attempts;  RandomSampler: uses an instance-wide Random instance to determine if a sample should be taken.  RandomSampler2: uses a local Random instance to determine if a sample should be taken, which is initialized each time.  XorShiftSampler: uses a XOR-Shift algorithm to produce psedo-random numbers ( http://www.javamex.com/tutorials/random_numbers/xorshift.shtml )  Before actual measurement each sampler is called 50K times to warm it up and give a hot-spot compiler a chance to compile the samplers' bytecode into a native high-performance code. Then 10 runs are performed, using a variety of scenarios. 10M sampling attempts are performed during each
Read more