A code review is a meeting. All meetings have inputs, attendees, agendas, and outputs. In the case of a code review, it could look something like:
- Inputs: Code to be reviewed; Specifications for said code
- Attendees: Author, moderator, reviewers (no, the author cannot moderate the review of his code)
- Agenda: Review the code
- Outputs: Suggestions for improvements
So, document that. A couple thoughts:
- Some people talk about non-meeting code reviews, where people review the code at their leisure and give feedback via email. This system sucks because there's no impetus to do anything.
- Unless you have management backing, you will not get people to give the amount of time necessary to review code properly. This breaks down as so (for roughly 100-200 lines of code spanning 2-3 functions):
As you can see, this could be up to an entire workday per reviewer. And this doesn't count any followup reviews should the code in question need to be rewritten.
- 30min - 1h reading and understanding specifications (you have specs, right?)
- 30min - 2h reading and understanding the context of the code (calling code, called code, environment, etc)
- 1h - 3h reading and understanding the code in question
- 1h for the actual meeting (Code reviews should never go past 1h. Anything more and the code needs rewritten or chunked better.)
Now, this will get better over time, but you should expect that in the worst case (and we all plan for the worst case, right?).
- Expect a lot of egos, especially at first. It's difficult to hear someone you think is your inferior tell you what's wrong with your baby, particularly if they're right. This is why the author cannot be the moderator.
- Don't even think you're going to teach the reviewers with your code. That's arrogance at its finest.
My criteria for good software:
- Does it work?
- Can someone else come in, make a change, and be reasonably certain no bugs were introduced?