An open source perspective
Book review With his first book, Code Reading, Diomidis Spinellis broke new ground. Here was a major book on the oft-neglected but important skill of reading source code.
Given that software maintenance is a huge and ever-growing burden that all developers have to endure, it is surprising that the major emphasis in education and in the industry at large is on writing code. Yet being able to quickly read and understand code is such an important - and obvious - skill yet there are few courses or books devoted to it.
Now, with this follow-up study, Spinellis continues to champion the skills required to understand and maintain large bodies of code.
As with the first book, Spinellis focuses his attention on a range of large open source applications for his examples - including the Apache web server, Tomcat, NetBSD, and the HSSQLDB Java database. This isn't to pick on open source software as being hard to maintain or buggy by default, it's more a recognition that for his purposes real software is more useful than manufactured examples or contrived snippets of code. And of course, it's easy to supply the source code to readers, who can download it or use the CD that accompanied Code Reading.
Code quality itself is a slippery term, it means different things to different people, and so the book begins by defining the key quality attributes that it addresses: reliability, security, time performance, space performance, portability and maintainability. Each of these gets a chapter, along with a final chapter devoted to floating point arithmetic.
Within each of these chapters there is very detailed discussion of specific topics - buffer overflows in the security, for example - and within these topics there is a focus on looking at concrete examples, with plenty of C, C++ and Java source code to illustrate the points.
The choice of C, C++ and Java reflects a preponderance of these languages in the open source world. While this limits the usefulness of the code examples for developers in other languages, many of the principles are generic, particularly when dealing with algorithmic or data structure issues.
Of necessity, this is a book that's heavy going at times; it's difficult to see how it could be otherwise. But the nitty gritty of this bit of code versus that bit of code is always contextualised. There's plenty of computer science here, with reference to major concepts in terms of data structures, architecture, algorithmic analysis, software metrics and the like. In this respect, it's more than an exercise in scouring source code for the sake of it. However, this isn't the sort of book that is designed to be read cover to cover. The organisation of the material makes it easy to navigate to individual topics very quickly, making it useful as a reference book to turn to in day to day situations.
Verdict: While this book doesn't break new ground in the way Code Reading did, the focus of the book and the emphasis on using real code makes it a useful and interesting read.
Author: Diomidis Spinellis
Publisher: Addison Wesley
Buy this book at Cash 'n' Carrion
Sponsored: Becoming a Pragmatic Security Leader