Feeds

Code Quality

An open source perspective

Security and trust: The backbone of doing business over the internet

Book review With his first book, Code Reading, Diomidis Spinellis broke new ground. Here was a major book on the oft-neglected but important skill of reading source code.

Given that software maintenance is a huge and ever-growing burden that all developers have to endure, it is surprising that the major emphasis in education and in the industry at large is on writing code. Yet being able to quickly read and understand code is such an important - and obvious - skill yet there are few courses or books devoted to it.

Now, with this follow-up study, Spinellis continues to champion the skills required to understand and maintain large bodies of code.

As with the first book, Spinellis focuses his attention on a range of large open source applications for his examples - including the Apache web server, Tomcat, NetBSD, and the HSSQLDB Java database. This isn't to pick on open source software as being hard to maintain or buggy by default, it's more a recognition that for his purposes real software is more useful than manufactured examples or contrived snippets of code. And of course, it's easy to supply the source code to readers, who can download it or use the CD that accompanied Code Reading.

Code quality itself is a slippery term, it means different things to different people, and so the book begins by defining the key quality attributes that it addresses: reliability, security, time performance, space performance, portability and maintainability. Each of these gets a chapter, along with a final chapter devoted to floating point arithmetic.

Within each of these chapters there is very detailed discussion of specific topics - buffer overflows in the security, for example - and within these topics there is a focus on looking at concrete examples, with plenty of C, C++ and Java source code to illustrate the points.

The choice of C, C++ and Java reflects a preponderance of these languages in the open source world. While this limits the usefulness of the code examples for developers in other languages, many of the principles are generic, particularly when dealing with algorithmic or data structure issues.

Of necessity, this is a book that's heavy going at times; it's difficult to see how it could be otherwise. But the nitty gritty of this bit of code versus that bit of code is always contextualised. There's plenty of computer science here, with reference to major concepts in terms of data structures, architecture, algorithmic analysis, software metrics and the like. In this respect, it's more than an exercise in scouring source code for the sake of it. However, this isn't the sort of book that is designed to be read cover to cover. The organisation of the material makes it easy to navigate to individual topics very quickly, making it useful as a reference book to turn to in day to day situations.

Code Quality

code quality

Verdict: While this book doesn't break new ground in the way Code Reading did, the focus of the book and the emphasis on using real code makes it a useful and interesting read.

Author: Diomidis Spinellis

Publisher: Addison Wesley

ISBN: 0321166078

Media: Book

Buy this book at Cash 'n' Carrion

Security and trust: The backbone of doing business over the internet

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.