The Definitive Guide to Building Code Quality

by Don Jones


The Definitive Guide to Building Code Quality presents a comprehensive review of modern techniques used to transform raw source code into finished product. In addition to exploring current tools and methods, the guide reviews common techniques and best practices for debugging, testing, and preparing code for commercial release. Throughout, the emphasis is on completeness of coverage in test cases, complete exercise and optimization of code, and use of appropriate procedures and workflows to ensure that changes to code bases are properly recognized, tested, and integrated.

The primary development environment targeted in this book is Visual Studio 2008, but even those who use other development environments and toolsets will find the exploration of code analysis and metrics, taxonomies and illustrations of common coding errors, and automated code optimization techniques to be of great interest. The discussion includes methods to reduce code complexity, make most effective use of resources, analyze code path length, and determine optimal use of code libraries, and predefined objects and methods.


Chapter 1: Quality Coding for Visual Studio and the .NET Framework

There are many things that contribute to the quality of an application. From the initial requirements through the functional specifications, data modeling, security considerations, and choice of interfaces and support services all contribute to how well the application performs, how easy it is to maintain, and how well people will adopt it. But for all these factors, nothing is as directly telling as the quality of the code itself. A set of crystal clear requirements, a brilliant architecture, the most friendly of user interfaces (UIs)s is nothing if the code does not perform reliably, errors are not well handled, and the code does not perform the expected tasks quickly.

In this guide, I intend to walk you through the process of building a quality coding practice. I’m assuming that you’re either a professional developer yourself, or that you manage developers as a major part of your job. I’m assuming that you’ve worked with recent versions of Visual Studio quite a bit, too. From getting the most from the development environment to writing clear and efficient code to analyzing and eliminating errors before they become issues to making the applications run at peak efficiency, this guide will help you refine your code practice and churn out better code faster.

This guide isn’t just about indenting your code and how to capitalize variable names; we’ll also tackle more complicated topics such as the right way to conduct a peer code review, how to address security and performance problems, and more—everything that contributes to quality code. We’ll begin by making sure we’re on the same page with toolset and technologies.

Chapter 2: Coding Standards and Best Practices

If coding standards began by addressing issues such as formatting and naming, they’ve definitely evolved to include much more. In fact, the switch from the word “style” to "standard" implies the additional depth that modern coding standards address: How modules are linked, how error handling is performed, how classes are constructed, and even in some cases, how user interface elements are utilized.

Recognizing that different organizations will adopt different standards for varying reasons, this chapter will focus first on approaches to standards - general principles, if you will - before looking at some of the more popular standards currently used for Visual Basic, C#, C++, and ASP.NET.

Chapter 3: Code Analysis and Peer Reviews

All the coding standards in the world, combined with all the testing in the world, cannot provide the same level of code quality that you can achieve when you add in automated code analysis and peer code reviews. Consider this: Developers are people. Quite often they’re smart people, and they’re often smart people under pressure from deadlines. If you remember the 1980s television show “MacGyver,” you know what smart people do under pressure: they improvise. Merely making sure that code compiles and runs properly doesn’t mean improvisation didn’t occur—you can have some pretty ugly-looking code that will pass those two tests. Consider this pseudo-code:


This code might violate a few standards. For one, it has multiple exit points—it can exit by falling to the end of the function and through the Return statement in the middle. Variable naming is shoddy—what do “S” and “X” represent? Multiple operations—a Connect and Reboot—are being conducted on a single line of code. All of these are generally held as bad practices by some professional developers, but the code would compile and execute just fine. Code analysis and a peer review, however, might catch these problems. Fixing them would result in less-complex code, easier-to-maintain code, and so forth—all of which leads to higher-quality code.

Chapter 4: Addressing Coding Errors

Without a doubt, coding errors—that is, bugs—are one of the first things anyone thinks about when they speak of code quality. And obviously, code that works is perceived as being of higher quality than code that doesn't! As I've mentioned in previous chapters, focusing on bugs as your exclusive measurement of quality is shortsighted, but that doesn’t mean we can't spend plenty of time getting rid of bugs, because bug-free code is definitely higher-quality code.

In this chapter, then, we'll focus on types of coding errors because there are quite a few. Each type has distinct techniques for avoidance and removal, and we'll spend the bulk of this chapter focusing on these techniques as well as the tools that help implement those techniques more quickly and efficiently.

Chapter 5: Addressing Performance and Security Problems

Performance and security: two aspects of your application that users are perhaps most likely to perceive as poor quality. Sure, users might be irritated by a recurring bug, but bugs can often be worked around, where poor performance becomes an unwanted and unwelcome part of daily life. Security is likewise a great way for your application to earn a reputation for poor quality: Either security is cumbersome and gets in users’ way, or it isn’t complete and ends up causing a major incident within users’ organizations.

Too many development projects focus on performance and security last, if at all, but they are every bit as important to your application as making sure all the necessary end‐user functionality is properly implemented. In fact, while security and performance are commonly referred to as nonfunctional requirements, you should definitely consider them to be a core part of your application’s general functionality—things users will notice if they’re not done properly.

In this chapter, we’ll look at common sources of both security and performance problems, and examine specific ways to help eliminate those problems in a variety of scenarios. We’ll also look at general techniques for measuring the results of your security and performance tuning efforts so that you can begin to develop a feel for the exact amount of effort required to generate a specific amount of additional value in your applications.

Chapter 6: Testing Code for Errors, Inefficiencies, and Performance

Testing, testing, testing. It certainly isn’t the only way to improve the quality of your code, but testing is definitely one of the most important tools we have as developers to produce higher‐quality code. Although testing can’t help improve things like not following best practices and coding standards, it can help catch two of the main problems that end users perceive as poor application quality: bugs and performance. In this chapter, I’ll take a look at tools and techniques that can be used to spot more code errors, detect inefficient code, and home in on performance problems.

Overview of Testing Techniques

When I began testing the first commercial‐quality code I ever wrote (a retail point‐of‐sale system written for Windows 95), testing was simply running the application through as many scenarios as I could think of, checking to see whether anything broke, and checking to make sure I got the correct results for whatever input I provided. That’s really still the essence of testing, but I’ve since learned to be a lot more formal and systematic about it.

One problem with the way many developers test—just running the application as if they were an end user—is that we developers aren’t usually our application’s end users. We tend to use an application the way it was meant to be used; we don’t actively try to break it, we don’t approach it from the same viewpoint as our end users, and we’ll almost never use it in exactly the same way as the application’s end users.

Chapter 7: Benefits of Automated Debug, Analysis, and Test

Much of this book has been about improving your processes and procedures, adopting tools for automation, and improving practices for both development and testing. But what are the real‐world advantages of these improvements? In other words, after investing time and money in adopting changes and tools, what kind of return can you expect on that investment? That’s what this chapter is all about: Wrapping up everything that has come before with a focus on the actual business benefits.

However, before I dive into that, let me remind you that this book has never been simply about tools. It is extremely unlikely that simply purchasing and using tools will gain you the many benefits I’ll be writing about. These benefits come primarily from changes in your practices and procedures; tools are—as I’ve written previously—simply a way to accomplish those practices and procedures more quickly. Tools can also make it a bit easier to stick with certain practices and procedures by offering to help enforce them for you, but it’s ultimately your dedication to improved practices and procedures that will set you on the path to achieve the various benefits I’ll be describing.

Tools are obviously beneficial in that they provide automation and enforcement, so you’ll definitely want to add good development and code quality tools to your environment. Which tools will you select? I have a couple of strong opinions that I’ll share.