Feeds

Code Quality

An open source perspective

Reducing security risks from open source software

Book review With his first book, Code Reading, Diomidis Spinellis broke new ground. Here was a major book on the oft-neglected but important skill of reading source code.

Given that software maintenance is a huge and ever-growing burden that all developers have to endure, it is surprising that the major emphasis in education and in the industry at large is on writing code. Yet being able to quickly read and understand code is such an important - and obvious - skill yet there are few courses or books devoted to it.

Now, with this follow-up study, Spinellis continues to champion the skills required to understand and maintain large bodies of code.

As with the first book, Spinellis focuses his attention on a range of large open source applications for his examples - including the Apache web server, Tomcat, NetBSD, and the HSSQLDB Java database. This isn't to pick on open source software as being hard to maintain or buggy by default, it's more a recognition that for his purposes real software is more useful than manufactured examples or contrived snippets of code. And of course, it's easy to supply the source code to readers, who can download it or use the CD that accompanied Code Reading.

Code quality itself is a slippery term, it means different things to different people, and so the book begins by defining the key quality attributes that it addresses: reliability, security, time performance, space performance, portability and maintainability. Each of these gets a chapter, along with a final chapter devoted to floating point arithmetic.

Within each of these chapters there is very detailed discussion of specific topics - buffer overflows in the security, for example - and within these topics there is a focus on looking at concrete examples, with plenty of C, C++ and Java source code to illustrate the points.

The choice of C, C++ and Java reflects a preponderance of these languages in the open source world. While this limits the usefulness of the code examples for developers in other languages, many of the principles are generic, particularly when dealing with algorithmic or data structure issues.

Of necessity, this is a book that's heavy going at times; it's difficult to see how it could be otherwise. But the nitty gritty of this bit of code versus that bit of code is always contextualised. There's plenty of computer science here, with reference to major concepts in terms of data structures, architecture, algorithmic analysis, software metrics and the like. In this respect, it's more than an exercise in scouring source code for the sake of it. However, this isn't the sort of book that is designed to be read cover to cover. The organisation of the material makes it easy to navigate to individual topics very quickly, making it useful as a reference book to turn to in day to day situations.

Code Quality

code quality

Verdict: While this book doesn't break new ground in the way Code Reading did, the focus of the book and the emphasis on using real code makes it a useful and interesting read.

Author: Diomidis Spinellis

Publisher: Addison Wesley

ISBN: 0321166078

Media: Book

Buy this book at Cash 'n' Carrion

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.