BKCQTOSP.RVW 20061229 "Code Quality: The Open Source Perspective", Diomidis Spinellis, 2006, 0-321-16607-8, U$54.99/C$73.99 %A Diomidis Spinellis www.spinellis.gr/codequality dds@aueb.gr %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2006 %G 0-321-16607-8 %I Addison-Wesley Publishing Co. %O U$54.99/C$73.99 416-447-5101 800-822-6339 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0321166078/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0321166078/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0321166078/robsladesin03-20 %O Audience a+ Tech 3 Writing 2 (see revfaq.htm for explanation) %P 569 p. %T "Code Quality: The Open Source Perspective" The preface points out that it is easy to test for the functional requirements of an application: either the program performs the function or it doesn't. Nonfunctional requirements (including such characteristics as reliability, portability, usability, interoperability, adaptability, dependability, and maintainability) are much harder to assess, and yet may be more important. (In an automated train system, for example, the lack of a function to change the schedule from within a given train still allows you to use the train within a given schedule. Unreliability of the braking system means the system is worse than useless.) In addition, "Code Reading" (the title of Spinellis' previous book) is pointed out as the most common activity for developers, and yet is a skill seldom taught in the programming curriculum. The author has avoided using fictional code for the examples in this (and the prior) work by providing sample code from open source software projects, thus using working (but available) source code for illustrations. Chapter one introduces the structure of the text by mapping characteristics from the ISO 9126 quality standard to the chapters and sections of the book. Inherent conflicts between different aspects of quality are also noted. (For example, large numbers of discrete operations enhance the functionality of a system, but at some cost in terms of usability.) Reliability is examined, in chapter two, in terms of common flaws. Examples of such flaws are given, followed by an explanation of the specifics of the problem. This is followed by samples of code that address the problem stated. Each point and section is accompanied by questions and discussion points that could be used in a course teaching the issues of code quality. (Unlike all too many sets of questions these are rigorous and challenging. Sometimes they may be a little bit too demanding: occasionally the discussion would require intimate knowledge of the internals of a specific programming language.) The chapter ends with a summary of the points and factors covered. Various security vulnerabilities and coding points are illustrated in chapter three, but, in comparison to the rest of the work, this material is weak and disappointing. Performance issues in relation to time are reviewed in chapter four, and to space in five. The different factors of latency and bandwidth, and the trade-offs between memory and speed are noted. It is rather odd that Spinellis is at pains to point out that time efficiencies negatively affect simplicity and portability, while he goes to great lengths to provide suggestions for space optimizations for a variety of specific architectures (which wouldn't help portability either). Chapter six looks at a number of factors relating to portability, between both hardware and operating system platforms. Maintainability is the longest chapter (seven) in the book, and bears the closest relation to Spinellis' previous work on "Code Reading." There is a special section on the characteristics of object-oriented code. Chapter eight, on floating point arithmetic, notes the sometimes surprising sources of inaccuracy. In the information technology and development fields we are constantly obsessed with production of code and the speedy release of the next version. We need to stop and take a good look at the quality of what we produce: as it frequently stated, the greatest source of computer problems is computer solutions. In regard to security, it is demonstrably true that the exploits and difficulties that we find are those that would never have been created if only programmers had paid a little more attention to the fundamental concepts they were first taught. I believe Spinellis' text should be required reading for all programming courses and programs. In addition, those involved with analysis, maintenance, and change control should consider it a bible to be read and re-read until the lessons are firmly implanted. copyright Robert M. Slade, 2007 BKCQTOSP.RVW 20061229