• Page 26: How can I avoid off-by-one errors?
• Page 143: Are Trojan Horse attacks for real?
• Page 158: Where should I look when my application can't handle its workload?
• Page 256: How can I detect memory leaks?
• Page 309: How do I target my application to international markets?
• Page 394: How should I name my code's identifiers?
• Page 441: How can I find and improve the code coverage of my tests?

Diomidis Spinellis' first book, Code Reading, showed programmers how to understand and modify key functional properties of software. Code Quality focuses on non-functional properties, demonstrating how to meet such critical requirements as reliability, security, portability, and maintainability, as well as efficiency in time and space.

Spinellis draws on hundreds of examples from open source projects--such as the Apache web and application servers, the BSD Unix systems, and the HSQLDB Java database--to illustrate concepts and techniques that every professional software developer will be able to appreciate and apply immediately.

Complete files for the open source code illustrated in this book are available online at: http://www.spinellis.gr/codequality/

Diomidis Spinellis has been developing the concepts presented in this book since 1985, while also writing groundbreaking software applications and working on multimillion-line code bases. Spinellis holds an M.Eng. degree in software engineering and a Ph.D. in computer science from Imperial College London. Currently he is an associate professor in the Department of Management Science and Technology at the Athens University of Economics and Business.

List of Tables xv List of Figures xvii Foreword xxiii Preface xxv

Chapter 1: Introduction 1

1.1 Software Quality 1 1.2 How to Read This Book 9

2.1 Input Problems 17 2.2 Output Problems 21 2.3 Logic Problems 26 2.4 Computation Problems 42 2.5 Concurrency and Timing Problems 51 2.6 Interface Problems 56 2.7 Data-Handling Problems 69 2.8 Fault Tolerance 85

3.1 Vulnerable Code 102 3.2 The Buffer Overflow 106 3.3 Race Conditions 112 3.4 Problematic APIs 115 3.5 Untrusted Input 125 3.6 Result Verification 131 3.7 Data and Privilege Leakage 134 3.8 Trojan Horse 143 3.9 Tools 146

4.1 Measurement Techniques 156 4.2 Algorithm Complexity 173 4.3 Stand-Alone Code 179 4.4 Interacting with the Operating System 182 4.5 Interacting with Peripherals 190 4.6 Involuntary Interactions 191 4.7 Caching 194

5.1 Data 209 5.2 Memory Organization 227 5.3 Memory Hierarchies 231 5.4 The Process/Operating System Interface 239 5.5 Heap Memory Management 246 5.6 Stack Memory Management 264 5.7 Code 274

6.1 Operating Systems 290 6.2 Hardware and Processor Architectures 296 6.3 Compilers and Language Extensions 302 6.4 Graphical User Interfaces 307 6.5 Internationalization and Localization 309

7.1 Measuring Maintainability 326 7.2 Analyzability 351 7.3 Changeability 403 7.4 Stability 418 7.5 Testability 432 7.6 Effects of the Development Environment 451

8.1 Floating-Point Representation 466 8.2 Rounding 478 8.3 Overflow 481 8.4 Underflow 483 8.5 Cancellation 487 8.6 Absorption 491 8.7 Invalid Operations 495

Appendix A: Source Code Credits 503

Bibliography 505 Index 523 Author Index 563