C# code review checklist

 
My current client uses PSP extensively, so I've been putting together a checklist for reviewing C# code for use on our new project.  Your comments or additions appreciated:
  1. Are exceptions used to indicate error rather than returning status or error codes?
  2. Are all classes and public methods commented with .NET style comments?  Note that <summary> comments should discuss the "what" of public methods.  Discussion of "how" should be in <remarks> blocks or in-line with the code in question.
  3. Are method arguments validated and rejected with an exception if they are invalid?
  4. Are Debug.Asserts used to verify assumptions about the functioning of the code?  Comments like, "j will be positive" should be rewritten as Asserts. 
  5. Do classes that should not be instantiated have a private constructor?
  6. Are classes declared as value types only infrequently used as method parameters, returned from methods or stored in Collections?
  7. Are classes, methods and events that are specific to an assembly marked as internal?
  8. Are singletons that may be accessed by multiple threads instantiated correctly?  See the Enterprise Solution Patterns book, p. 263.
  9. Are methods that must be overriden by derived classes marked as abstract?
  10. Are classes that should not be overriden marked as sealed?
  11. Is "as" used for possibly incorrect downcasts? 
  12. Do classes override ToString instead of defining a Dump method for outputting the object's state?
  13. Are log messages sent to the logging component instead of Console?
  14. Are finally blocks used for code that must execute following a try? 
  15. Is foreach used in preference to the for(int i...) construct?
  16. Are properties used instead of implementing getter and setter methods?
  17. Are readonly variables used in preference to properties without setters?
  18. Is the override keyword used on all methods that are overriden by derived classes?
  19. Are interface classes used in preference to abstract classes?
  20. Is code written against an interface rather than an implementing class?
  21. Do all objects that represent "real-world" or expensive resources implement the IDisposable pattern?
  22. Are all objects that implement IDisposable instantiated in a using block?
  23. Is the lock keyword used in preference to the Monitor.Enter construct?
  24. Are threads awakened from wait states by events or the Pulse construct, rather than "active" waiting such as Sleep()?
  25. If equals is overridden, is it done correctly?  The rules for overriding equals are complex, see Richter p153-160 for details.
  26. If == and != are overridden, so they redirect to Equals?
  27. Do all objects that override Equals also provide an overloaded version of GetHashCode that provides the same semantics as Equals?  Note that overrides to GetHashCode should take advantage of the object's member variables, and must return an unchanging hash code.
  28. Do all exception classes have a constructor that takes a string and and another constructor that takes a string and an exception?
  29. Do all exception classes derive from the base Matrix exceptions and fit correctly into the exception hierarchy?
  30. Are all classes that will be marshaled or remoted marked with the Serializable attribute?
  31. Do all classes marked with the Serializable attribute have a default constructor?  This includes Exception and EventArgs classes.
  32. Do all classes that explicitly implement ISerializable provide both the required GetObjectData and the implied constructor that takes a SerializationInfo and a StreamingContext?
  33. When doing floating point calculations, are all constants doubles rather than integers?
  34. Do all delegates have a void return type and avoid using output or ref parameters?
  35. Do all delegates send the sender (publisher) as the first argument?  This allows the subscriber to tell which publisher fired the event. 
  36. Are all members of derived EventArg classes read-only?  This prevents one subscriber from modifying the EventArgs, which would affect the other subscribers.
  37. Are delegates published as events?  This prevents the subscribers from firing the event, see Lowy, p. 102 for details.
  38. Is common setup and teardown nUnit code isolated in Setup and Teardown methods that are marked with the appropriate attribute?
  39. Do negative nUnit tests use the ExpectedException attribute to indicate that an exception must be thrown?
References:
Juval Lowy, "Programming .NET Components"
Jeffrey Richter, "Applied Microsoft .NET Framework Programming"
"Enterprise Solution Patterns using Microsoft .NET" - available in published form or as a free pdf
Published 19 December 2003 03:56 PM by Ted_Graham
Filed under: ,

Comments

# Suresh said on 19 December, 2003 06:19 PM
Thanks for this list ..hope u add more in near future...

Suresh
# Adam Weigert said on 19 December, 2003 07:12 PM
Change for #23 ... if you check the most recent guidelines for class library designers they suggest you use the System.Threading.Interlocked class. Its actually quite interesting and they say it is MUCH better for performance and locking ...
# Josh said on 19 December, 2003 09:24 PM
I personally do not like coding standards in the form of a question. It is not always clear whether you want the answer to be positive or negative. Usually they are written so that the desired response is postive which helps alleviate the issue, but I've seen them intermixed.

The best C# coding standards document I've found (and adopted at work) is at:

http://www.tiobe.com/standards/gemrcsharpcs.pdf

It's mostly based on the MSDN guidelines, but I like their format. It leans more towards a "standards", whereas your seems to include more "best practices" (which is fine).
# Darrell said on 19 December, 2003 10:18 PM
Josh, this is not a coding standard. Ted is doing this for the Personal Software Process (PSP). This would be used *in addition to* a coding standard.

The checklist is supposed to be a list of the most common mistakes that a programmer often makes. During a code review, all these items are checked, supposedly capturing the vast majority of mistakes.
# Scott said on 20 December, 2003 12:45 AM
"Is foreach used in preference to the for(int i...) construct?"

This is an interesting one.

Referencing this article http://www.c-sharpcorner.com/Code/2003/April/IterationsInNet.asp
it would seem to be that the for(int i...) is faster than a foreach. I've always found anecdotatl evidence that a foreach is slower than a for(int i...) loop. What is your experience using the two and why do you prefer foreach?
# SrinathV said on 20 December, 2003 11:57 AM
Our last project had detail security checklist broken down by App. life-cycle and technologies....

Arch & Design security review:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh05.asp

Security code Review: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh21.asp

Index of Checklists (related to security):
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/CL_Index_Of.asp
# TrackBack said on 20 December, 2003 05:24 PM
# TrackBack said on 26 August, 2004 02:35 PM
# JG Vimalan said on 22 August, 2007 10:34 AM

Thanks Ted. Informative.

# Chris Tolleson said on 06 September, 2007 12:11 PM

Thanks for the checklist - covers some items I hadn't put on my PSP C# checklist.

# Roiy Zysman said on 09 January, 2008 03:28 PM

Code reviews are generally underrated. From my perspective and experience , if they are being conducted

# nemo said on 23 July, 2008 11:10 AM

This one is not too bad either: (it seems like a comprehensive security checklist)

iase.disa.mil/.../dot-net-checklist-v1r2-1.pdf

Nima

//---------------------------------------------------------

Information Security Software Tools

cryptoexperts.blogspot.com

//---------------------------------------------------------

# Vijay said on 22 October, 2008 06:24 AM

Thanks. I would like to add Refactoring also in this checklist.

# fabiola-mr said on 28 November, 2008 06:34 AM

<a href= http://fasster.angelfire.com >baltimore and convention center and headquarters</a> <a href= http://gertui.angelfire.com >nasdaq 100 tennis tournament</a>

# fabiola-bx said on 28 November, 2008 01:38 PM

<a href= http://fairra.angelfire.com >landls end</a> <a href= http://vonucshka.angelfire.com >chancellor internal med</a>

# fabiola-vj said on 28 November, 2008 06:43 PM

<a href= http://chkola.angelfire.com >avlastkey</a> <a href= http://bustersw.angelfire.com >how to start a strawberry patch in alabama</a>

# fabiola-px said on 28 November, 2008 11:47 PM

<a href= http://kustur.angelfire.com >dad vail regatta</a> <a href= http://trututa.angelfire.com >ratings apartments eagle ridge alabama</a>

# Albina-yv said on 26 December, 2008 06:25 AM

<a href= membres.lycos.fr/maffals >genetic disorters</a>

# Talent Certificartion said on 12 January, 2009 12:46 PM

"Is foreach used in preference to the for(int i...) construct?"

This is an interesting one.

Referencing this article www.c-sharpcorner.com/.../IterationsInNet.asp

it would seem to be that the for(int i...) is faster than a foreach. I've always found anecdotatl evidence that a foreach is slower than a for(int i...) loop. What is your experience using the two and why do you prefer foreach?

# No More Hacks said on 12 February, 2009 06:10 AM

I like the points, but I think as a checklist there are too many items here. I might know all these things as an expert developer, but as an aide-memoir a check list need to be short enough so that every item can be covered and, if need be, signed off with consuming hours for ever code review.

My own checklist is much shorter: nomorehacks.wordpress.com/.../code-review-checklist

# Albina-po said on 28 February, 2009 11:17 PM

<a href= adultpersonalsfinder.com >singles</a>

# Sanjay said on 09 June, 2009 09:43 AM

Hi Thanks a lot!

I am not OIK with point # 17 : Are readonly variables used in preference to properties without setters?

Don't you think this violets encapsulation?

# Andrey Sanches - MVP ASP/ASP.NET said on 28 June, 2009 08:11 PM

Que bacana !!!! Procurando por um checklist para fazer um Code Review de um projeto que estou atuando

# saurabh said on 03 February, 2010 02:24 AM

Thanks for the checklist

# Technology Blog » C# Code Review Checklist said on 22 March, 2010 06:49 AM

Pingback from  Technology Blog &raquo; C# Code Review Checklist

# Technology Blog » C# Code Review Checklist said on 20 April, 2010 12:44 PM

Pingback from  Technology  Blog &raquo; C# Code Review Checklist

# Technology Blog » C# Code Review Checklist said on 29 April, 2010 10:33 AM

Pingback from  Technology  Blog &raquo; C# Code Review Checklist

# kikus said on 12 June, 2010 05:10 PM

интеретсный блог почему только так мало читателей на нём

# puma said on 17 July, 2010 08:07 AM

thanks for your checklist。

# How To Climb said on 22 November, 2010 05:11 PM

found your site on del.icio.us today and actually liked it.!! i bookmarked it and will be back to check it out some much more later !!!.

--------------------------------------------

my website is  

http://toclimb.org

Also welcome you!

# Down ShiRt said on 07 December, 2010 03:43 PM

You are a incredibly wise person!

--------------------------------------------

my website is  

http://howtobbq.org

Also welcome you!

# develop ipad app said on 17 December, 2010 06:17 PM

When all else is lost the future still remains.

-----------------------------------

# ipad touch review said on 24 December, 2010 12:21 PM

You have to believe in yourself . That's the secret of success.

-----------------------------------

# best ipad case said on 03 January, 2011 02:06 AM

-----------------------------------------------------------

"Please, are you able to PM me and tell me few much more thinks about this, I am genuinely admirer of one's blog.

# photo printer reviews said on 17 January, 2011 12:10 AM

"Hey - nice weblog. Just checking out some blogs, seems a fairly great system you are using. I am currently employing Wordpress for a few my blogs but I am not  pleased with it thus far. I am searching to alter one of them more than to a system similar to yours (BlogEngine) as a trial operate. Anything in certain you'd  suggest about it?"

--------------------------------------------------------------------  

I have a <a href="onlytopreviews.com/">digital slr reviews</a> Website,i love him.Mania !You are welcome to look!

# video cameras reviews said on 12 March, 2011 03:54 PM

their is a dilemma inside the very first spot.

--------------------------------------------------------------------    

Romance Languages and Literatures

# praca said on 12 April, 2011 06:24 PM

ou did a sympathetic nuisance creating a regulations conducive to photographers like me with no finish feeling with stock. You explained so much that I needed to know. I studio it with astute interest. You are a great writer. I’m on a-one of the life to have met you and opinionated that you are as abundant and approachable as your separate manifest indicates. Your fleet is appreciated.

# tateassupyita said on 17 April, 2011 09:35 PM

<a href=www.jewelforless.com/pandora-jewelry>pandora beads silver</a>

i0p0418j

# flieniapaigue said on 20 April, 2011 02:53 AM

convert dvd to iphone

dvd to ps3 converter

dvd to hd converter

nidesoft dvd to creative zen converter 5.6

 <a href=www.dvdripper.org/.../>dvd to mp3 converter</a>

 dvd to mkv

convert dvd to flash

i0p0420301d

# Walker Messineo said on 30 June, 2011 11:59 AM

Beneficial visiting that web site.

# Marilyn Oliver said on 04 July, 2011 11:16 PM

The following absolutely a fantastic internet web page you've visiting this website. The matter is rather helpful furthermore to direct clear. Ecstatic to learn to read a different recommendation of your blog next time.

# Pupeevetlylit said on 02 September, 2011 07:21 PM

Доброго времени суток,  

Хочу представить вам свежий лавка курительных смесей

сайт магазина http://spice-family.ru  

3г микса Weaken - 1,500 р. + доставка (ems, pony set)  

По вопросам опта писать вразброд в скайп - FomaX2

# C# Code Review Checklist | Blog by S Ahuja said on 16 September, 2011 05:47 PM

Pingback from  C# Code Review Checklist | Blog by S Ahuja

# C# Code Review Checklist | Blog by S Ahuja said on 17 September, 2011 12:24 PM

Pingback from  C# Code Review Checklist | Blog by S Ahuja

# review by marola - Pearltrees said on 12 January, 2012 03:52 AM

Pingback from  review by marola - Pearltrees

# ReageasencyuI said on 28 January, 2012 06:47 AM

чем отличается юмор от сатиры?    

<a href=http://xn--c1aeb8eua.xn--p1ai/>сплин романс видео</a>

# uuu said on 31 January, 2012 03:37 AM

explain 6th point in checklist

Leave a Comment

(required) 
(required) 
(optional)
(required)