Automated code review
Encyclopedia
Automated code review
software checks source code for compliance with a predefined set of rules or best practices. The use of analytical methods to inspect and review source code to detect bugs has been a standard development practice. This process can be accomplished both manually and in an automated fashion. With automation, software tools provide assistance with the code review and inspection process. The review program or tool typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found.
Some static code analysis
tools can be used to assist with automated code review. They compare favorably to manual reviews, but they can be done faster and more efficiently. These tools also encapsulate deep knowledge of underlying rules and semantics required to perform this type analysis such that it does not require the human code reviewer to have the same level of expertise as an expert human auditor. Many Integrated Development Environments also provide basic automated code review functionality. For example the Eclipse
and Microsoft Visual Studio
IDEs support a variety of plugins that facilitate code review.
Next to static code analysis
tools, there are also tools that analyze and visualize software structures
and help humans to better understand these. Such systems are geared more to analysis because they typically do not contain a predefined set of rules to check software against. Some of these tools (e.g. SonarJ
, Sotoarc
, Structure101, Resharper
) allow one to define target architectures and enforce that target architecture constraints are not violated by the actual software implementation.
Code review
Code review is systematic examination of computer source code. It is intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers' skills...
software checks source code for compliance with a predefined set of rules or best practices. The use of analytical methods to inspect and review source code to detect bugs has been a standard development practice. This process can be accomplished both manually and in an automated fashion. With automation, software tools provide assistance with the code review and inspection process. The review program or tool typically displays a list of warnings (violations of programming standards). A review program can also provide an automated or a programmer-assisted way to correct the issues found.
Some static code analysis
Static code analysis
Static program analysis is the analysis of computer software that is performed without actually executing programs built from that software In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code...
tools can be used to assist with automated code review. They compare favorably to manual reviews, but they can be done faster and more efficiently. These tools also encapsulate deep knowledge of underlying rules and semantics required to perform this type analysis such that it does not require the human code reviewer to have the same level of expertise as an expert human auditor. Many Integrated Development Environments also provide basic automated code review functionality. For example the Eclipse
Eclipse (software)
Eclipse is a multi-language software development environment comprising an integrated development environment and an extensible plug-in system...
and Microsoft Visual Studio
Microsoft Visual Studio
Microsoft Visual Studio is an integrated development environment from Microsoft. It is used to develop console and graphical user interface applications along with Windows Forms applications, web sites, web applications, and web services in both native code together with managed code for all...
IDEs support a variety of plugins that facilitate code review.
Next to static code analysis
Static code analysis
Static program analysis is the analysis of computer software that is performed without actually executing programs built from that software In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code...
tools, there are also tools that analyze and visualize software structures
Software visualization
Software visualization is the static or animated 2-D or 3-D visual representation of information about software systems based on their structure, size, history, or behavior....
and help humans to better understand these. Such systems are geared more to analysis because they typically do not contain a predefined set of rules to check software against. Some of these tools (e.g. SonarJ
SonarJ
Sonargraph is a commercial tool for static code analysis of software written in Java. By parsing the compiled classes and the source code it builds an in memory dependency and metrics model of the analyzed code. The model dependencies can then be visualized graphically so that the user is able to...
, Sotoarc
Sotoarc
Sotoarc is a commercial static code analysis tool for software architects. It graphically visualizes the static structure of software systems written in Java, C# or in C++ code. The code structure is displayed as hierarchies of modules, packages and files.Besides the user can describe by...
, Structure101, Resharper
ReSharper
ReSharper is a refactoring and productivity extension by JetBrains that extends native functionality of Microsoft Visual Studio 2003, 2005, 2008 and 2010....
) allow one to define target architectures and enforce that target architecture constraints are not violated by the actual software implementation.