Building cohesion into programming

Time is of the essence

Combat fraud and increase customer satisfaction

There are many reasons for getting cohesive.

The principle of locality, which is normally considered with respect to locality of reference when using resources such as memory, can also apply to the organisation of APIs and classes and the partitioning of packages, components and header files. This criterion for cohesion is based on the idea that things that are used together belong together.

Popular as the practice appears to be, it makes little sense to bundle all of your exception classes into a single package named exceptions or all of your compile-time constants in a single header file named "constants.h".

The cohesion is coincidental and doesn't reflect how the code is used or what it means: If usage of a particular class can result in a specific exception, why is the exception not defined close to the class? If you need a particular constant, such as a service name, why should that also bring in unrelated constants, such as a default buffer length?

It turns out that there is in another criterion that can be used to arrive at the same conclusion in this case: stability. Or, put another way, put things together that change together. The change in question is not runtime change but development-time change: the change that code endures over the software lifecycle.

The other side of the partitioning coin from cohesion is coupling, and stability also applies here: a unit (function, class, header, package, layer, etc) should ideally depend on units that are more, not less, stable than itself. Put simply: prefer to build on solid ground.

In the case of the exceptions package, all the feature packages whose classes need to throw exceptions that are defined in the exceptions package depend on the exceptions package, as do the users of the feature packages. This is likely to make the exceptions package one of the most, if not the most, heavily depended upon packages in a system.

Unfortunately, it is also likely to be one of the least stable: any new exception for a feature package will affect the exceptions package, as will the addition of any new feature package that needs new exception types. This conceptual instability can manifest itself concretely if the compiled classes for lower layers are deployed separately from those that are higher up, i.e. placing the code for application features in one JAR file and the code for so-called utility classes, such as exceptions, in another.

The same problem exists for a "constants.h" header, but the churn problem shows up sooner during the compilation–link cycle: every time the header file is modified, a rebuild is triggered, regardless of whether or not an including source file depends on the constant in question. Changing a default buffer length will still cause a rebuild for files whose only interest is in a service name. So the lack of cohesion, from the perspective of common use, makes changes more likely: it reinforces the lack of cohesion from the perspective of stability.

The solution in both cases is to split up the package and the header and relocate their constituent parts according to the features they relate to.

In the case of the constants, there is one more refinement that can further reduce coupling and isolate change... but we'll discuss that another day.

SANS - Survey on application security programs

More from The Register

next story
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.