Skip to content

Code Review Checklist

This guide provides a comprehensive checklist for reviewing code quality, maintainability, and best practices across different programming languages.

🎯 Code Review Categories

1. Code Quality & Readability

Assess how clean and understandable the code is.

Naming Conventions

## Naming Standards Check

### Variables and Functions
- [ ] **Descriptive Names**: Variables and functions clearly describe their purpose
  - `student_name`, `calculate_average()`
  - `s`, `calc()`, `temp_var`

- [ ] **Consistent Style**: Follows language-specific conventions
  - **Java**: `camelCase` for variables, `PascalCase` for classes
  - **Python**: `snake_case` for variables and functions
  - **C**: `snake_case` or `camelCase` (consistent)
  - **Oracle**: `v_variable`, `c_constant`, `procedure_name`

- [ ] **No Abbreviations**: Avoid unclear abbreviations
  - `user_authentication`
  - `user_auth`, `usr_auth`

### Constants and Types
- [ ] **UPPER_CASE**: Constants use uppercase with underscores
  - `MAX_RETRY_ATTEMPTS`, `DEFAULT_TIMEOUT`
  - `maxRetry`, `default_timeout`

- [ ] **Type Names**: Clear, descriptive type names
  - `StudentRecord`, `DatabaseManager`
  - `SR`, `DBM`

Code Structure

## Organization Standards

### Function Length
- [ ] **Single Responsibility**: Each function does one thing well
- [ ] **Reasonable Length**: Functions under 50 lines (ideally under 30)
- [ ] **Clear Purpose**: Function name matches its behavior

### Class/Module Organization
- [ ] **Logical Grouping**: Related methods grouped together
- [ ] **Public/Private Separation**: Clear interface vs. implementation
- [ ] **Dependency Management**: Minimal coupling between components

### Comments and Documentation
- [ ] **Purpose Comments**: Explain "why" not "what"
- [ ] **Complex Logic**: Document non-obvious algorithms
- [ ] **API Documentation**: Function parameters and return values documented
- [ ] **No Commented Code**: Remove dead code, don't comment it out

2. Correctness & Logic

Verify the code works as intended.

Algorithm Implementation

## Logic Verification

### Edge Cases
- [ ] **Empty Input**: Handles empty arrays, null values, zero-length strings
- [ ] **Boundary Conditions**: Correct behavior at limits (0, 1, MAX_VALUE)
- [ ] **Invalid Input**: Validates input parameters and handles errors
- [ ] **Type Safety**: Appropriate type checking and conversion

### Control Flow
- [ ] **Loop Termination**: All loops have clear exit conditions
- [ ] **No Infinite Loops**: Loop variables are properly modified
- [ ] **Correct Conditions**: If/else logic covers all cases
- [ ] **No Dead Code**: Unreachable code is removed

### Data Handling
- [ ] **Data Integrity**: Maintains data consistency
- [ ] **Memory Management**: Proper allocation and deallocation
- [ ] **Resource Cleanup**: Files, connections, and resources are properly closed
- [ ] **Thread Safety**: Appropriate synchronization if needed

Error Handling

## Exception Management

### Error Detection
- [ ] **Input Validation**: Checks parameters before use
- [ ] **Error Conditions**: Identifies and handles error states
- [ ] **Resource Limits**: Handles memory, file size, or network limits

### Error Recovery
- [ ] **Graceful Degradation**: Fails gracefully when possible
- [ ] **Error Messages**: Clear, actionable error messages
- [ ] **Logging**: Appropriate error logging for debugging
- [ ] **Resource Cleanup**: Resources cleaned up even in error cases

3. Performance & Efficiency

Evaluate code performance and resource usage.

Time Complexity

## Performance Analysis

### Algorithm Efficiency
- [ ] **Appropriate Complexity**: Algorithm suitable for problem size
- [ ] **No Unnecessary Loops**: Avoids nested loops when possible
- [ ] **Efficient Data Structures**: Uses appropriate collections/types
- [ ] **Cache Usage**: Caches expensive computations when beneficial

### Database Operations (for SQL/PL/SQL)
- [ ] **Index Usage**: Queries use existing indexes
- [ ] **No N+1 Queries**: Avoids multiple queries in loops
- [ ] **Bulk Operations**: Uses bulk operations for large datasets
- [ ] **Query Optimization**: Efficient SQL with proper joins and filters

Space Complexity

## Memory Management

### Memory Usage
- [ ] **No Memory Leaks**: All allocated memory is properly freed
- [ ] **Efficient Data Structures**: Uses memory-appropriate structures
- [ ] **Large Object Handling**: Handles large datasets efficiently
- [ ] **Garbage Collection**: Code doesn't interfere with GC (Java/Python)

### Resource Management
- [ ] **File Handles**: Files are properly closed
- [ ] **Network Connections**: Connections are properly closed
- [ ] **Database Connections**: Connections are properly managed
- [ ] **Lock Management**: Locks are properly released

4. Security

Ensure code follows security best practices.

Input Validation

## Security Standards

### Injection Prevention
- [ ] **SQL Injection**: Uses parameterized queries or bind variables
- [ ] **XSS Prevention**: Properly escapes user input for web output
- [ ] **Path Traversal**: Validates file paths and directory access
- [ ] **Command Injection**: Avoids executing user input as commands

### Data Protection
- [ ] **Sensitive Data**: No hardcoded passwords, API keys, or secrets
- [ ] **Data Encryption**: Sensitive data is properly encrypted
- [ ] **Access Control**: Proper authorization checks
- [ ] **Input Sanitization**: User input is properly sanitized

5. Testing & Maintainability

Assess code testability and future maintenance.

Test Coverage

## Testing Standards

### Unit Tests
- [ ] **Test Coverage**: Critical paths have unit tests
- [ ] **Edge Case Testing**: Tests cover edge cases and error conditions
- [ ] **Test Quality**: Tests are meaningful and not just coverage fillers
- [ ] **Test Independence**: Tests don't depend on each other

### Integration Tests
- [ ] **Component Integration**: Tests verify component interactions
- [ ] **API Testing**: External interfaces are properly tested
- [ ] **Database Testing**: Database operations are tested
- [ ] **Error Scenarios**: Error conditions are tested

Maintainability

## Maintainability Standards

### Code Modularity
- [ ] **Single Responsibility**: Each module/class has one clear purpose
- [ ] **Loose Coupling**: Minimal dependencies between components
- [ ] **High Cohesion**: Related functionality is grouped together
- [ ] **Interface Segregation**: Small, focused interfaces

### Documentation
- [ ] **README Files**: Clear setup and usage instructions
- [ ] **API Documentation**: Public interfaces are well documented
- [ ] **Code Comments**: Complex algorithms are explained
- [ ] **Change Log**: Important changes are documented

🔧 Language-Specific Checklists

Java Code Review

## Java-Specific Checks

### Java Best Practices
- [ ] **Exception Handling**: Proper use of try-catch-finally
- [ ] **Collection Usage**: Appropriate collection types (ArrayList vs. LinkedList)
- [ ] **String Handling**: Uses StringBuilder for string concatenation in loops
- [ ] **Resource Management**: Uses try-with-resources for AutoCloseable objects
- [ ] **Null Checks**: Proper null value handling
- [ ] **Equals/HashCode**: Implemented correctly when needed
- [ ] **Immutable Objects**: Used where appropriate
- [ ] **Design Patterns**: Appropriate use of design patterns

Python Code Review

## Python-Specific Checks

### Python Best Practices
- [ ] **PEP 8 Compliance**: Follows Python style guidelines
- [ ] **List Comprehensions**: Used appropriately instead of loops
- [ ] **Generator Usage**: Uses generators for memory efficiency
- [ ] **Context Managers**: Uses 'with' for resource management
- [ ] **Type Hints**: Includes type annotations for better code clarity
- [ ] **Import Organization**: Imports are properly organized
- [ ] **Exception Handling**: Specific exceptions are caught and handled
- [ ] **Pythonic Code**: Uses Python idioms and conventions

C Code Review

## C-Specific Checks

### C Best Practices
- [ ] **Memory Management**: All malloc/calloc calls have corresponding free
- [ ] **Buffer Safety**: No buffer overflows or unsafe string operations
- [ ] **Pointer Safety**: Pointers are properly initialized and checked
- [ ] **Array Bounds**: Array access is within bounds
- [ ] **Initialization**: All variables are initialized before use
- [ ] **Error Handling**: Function return values are checked
- [ ] **Const Correctness**: Uses const where appropriate
- [ ] **Header Guards**: Include guards in header files

Oracle PL/SQL Code Review

## Oracle-Specific Checks

### PL/SQL Best Practices
- [ ] **SQL Injection**: Uses bind variables, not string concatenation
- [ ] **Cursor Management**: Cursors are properly opened and closed
- [ ] **Exception Handling**: Comprehensive exception handling with specific exceptions
- [ ] **Transaction Management**: Proper commit/rollback handling
- [ ] **Bulk Operations**: Uses BULK COLLECT and FORALL for large datasets
- [ ] **Performance**: Queries use indexes and are optimized
- [ ] **Naming**: Follows PL/SQL naming conventions (v_variable, c_constant)
- [ ] **Error Logging**: Errors are properly logged for debugging

📊 Review Scoring System

Quality Metrics

## Scoring Rubric

### Code Quality (0-25 points)
- **Excellent (21-25)**: Clean, readable, follows all conventions
- **Good (16-20)**: Mostly clean with minor style issues
- **Fair (11-15)**: Some readability issues but functional
- **Poor (6-10)**: Significant readability problems
- **Unacceptable (0-5)**: Very difficult to read and understand

### Correctness (0-25 points)
- **Excellent (21-25)**: Handles all edge cases, robust error handling
- **Good (16-20)**: Correct for main cases, minor edge case issues
- **Fair (11-15)**: Some logic errors or missing edge cases
- **Poor (6-10)**: Significant logic problems
- **Unacceptable (0-5)**: Incorrect implementation

### Performance (0-25 points)
- **Excellent (21-25)**: Optimal algorithms, efficient resource usage
- **Good (16-20)**: Good performance with minor inefficiencies
- **Fair (11-15)**: Some performance issues but functional
- **Poor (6-10)**: Significant performance problems
- **Unacceptable (0-5)**: Very poor performance

### Security (0-15 points)
- **Excellent (13-15)**: Follows all security best practices
- **Good (10-12)**: Good security with minor issues
- **Fair (7-9)**: Some security concerns
- **Poor (4-6)**: Significant security vulnerabilities
- **Unacceptable (0-3)**: Major security risks

### Maintainability (0-10 points)
- **Excellent (9-10)**: Well-modularized, documented, testable
- **Good (7-8)**: Good structure with some improvements needed
- **Fair (5-6)**: Moderate maintainability
- **Poor (3-4)**: Difficult to maintain
- **Unacceptable (0-2)**: Very difficult to maintain

Overall Assessment

## Final Evaluation

### Score Ranges
- **90-100**: Excellent - Production ready
- **80-89**: Good - Minor fixes needed
- **70-79**: Fair - Moderate improvements required
- **60-69**: Poor - Significant rework needed
- **Below 60**: Unacceptable - Major rewrite required

### Review Summary
- **Strengths**: List of well-done aspects
- **Areas for Improvement**: Specific issues to address
- **Priority Issues**: Critical problems that must be fixed
- **Recommendations**: Suggestions for improvement

🎯 Review Process

Pre-Review Preparation

  1. Understand Requirements: Review specifications and user stories
  2. Set Context: Understand the purpose and scope of changes
  3. Prepare Environment: Set up development environment for testing
  4. Review History: Check previous comments and related issues

Review Execution

  1. Automated Checks: Run linting, tests, and static analysis
  2. Manual Review: Apply checklist systematically
  3. Functional Testing: Test the code if possible
  4. Documentation Review: Check comments and documentation

Feedback Delivery

  1. Constructive Comments: Focus on improvement, not criticism
  2. Specific Examples: Provide concrete examples of issues
  3. Priority Ranking: Highlight critical issues first
  4. Positive Feedback: Acknowledge good practices and improvements

🔗 Language-Specific Reviews