Feeds

Code Quality

An open source perspective

Combat fraud and increase customer satisfaction

Book review With his first book, Code Reading, Diomidis Spinellis broke new ground. Here was a major book on the oft-neglected but important skill of reading source code.

Given that software maintenance is a huge and ever-growing burden that all developers have to endure, it is surprising that the major emphasis in education and in the industry at large is on writing code. Yet being able to quickly read and understand code is such an important - and obvious - skill yet there are few courses or books devoted to it.

Now, with this follow-up study, Spinellis continues to champion the skills required to understand and maintain large bodies of code.

As with the first book, Spinellis focuses his attention on a range of large open source applications for his examples - including the Apache web server, Tomcat, NetBSD, and the HSSQLDB Java database. This isn't to pick on open source software as being hard to maintain or buggy by default, it's more a recognition that for his purposes real software is more useful than manufactured examples or contrived snippets of code. And of course, it's easy to supply the source code to readers, who can download it or use the CD that accompanied Code Reading.

Code quality itself is a slippery term, it means different things to different people, and so the book begins by defining the key quality attributes that it addresses: reliability, security, time performance, space performance, portability and maintainability. Each of these gets a chapter, along with a final chapter devoted to floating point arithmetic.

Within each of these chapters there is very detailed discussion of specific topics - buffer overflows in the security, for example - and within these topics there is a focus on looking at concrete examples, with plenty of C, C++ and Java source code to illustrate the points.

The choice of C, C++ and Java reflects a preponderance of these languages in the open source world. While this limits the usefulness of the code examples for developers in other languages, many of the principles are generic, particularly when dealing with algorithmic or data structure issues.

Of necessity, this is a book that's heavy going at times; it's difficult to see how it could be otherwise. But the nitty gritty of this bit of code versus that bit of code is always contextualised. There's plenty of computer science here, with reference to major concepts in terms of data structures, architecture, algorithmic analysis, software metrics and the like. In this respect, it's more than an exercise in scouring source code for the sake of it. However, this isn't the sort of book that is designed to be read cover to cover. The organisation of the material makes it easy to navigate to individual topics very quickly, making it useful as a reference book to turn to in day to day situations.

Code Quality

code quality

Verdict: While this book doesn't break new ground in the way Code Reading did, the focus of the book and the emphasis on using real code makes it a useful and interesting read.

Author: Diomidis Spinellis

Publisher: Addison Wesley

ISBN: 0321166078

Media: Book

Buy this book at Cash 'n' Carrion

Combat fraud and increase customer satisfaction

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.