Solid Code: Optimizing the Software Development Life Cycle

Book description

Get best-in-class engineering practices to help you write more-robust, bug-free code. Two Microsoft .NET development experts share real-world examples and proven methods for optimizing the software development life cycle—from avoiding costly programming pitfalls to making your development team more efficient. Managed code developers at all levels will find design, prototyping, implementation, debugging, and testing tips to boost the quality of their code—today.

Optimize each stage of the development process—from design to testing—and produce higher-quality applications.

  • Use metaprogramming to reduce code complexity, while increasing flexibility and maintainability

  • Treat performance as a feature—and manage it throughout the development life cycle

  • Apply best practices for application scalability

  • Employ preventative security measures to ward off malicious attacks

  • Practice defensive programming to catch bugs before run time

  • Incorporate automated builds, code analysis, and testing into the daily engineering process

  • Implement better source-control management and check-in procedures

  • Establish a quality-driven, milestone-based project rhythm—and improve your results!

  • Table of contents

    1. Recommendations for Solid Code
    2. Foreword
    3. Acknowledgements
    4. Introduction
      1. Who Is This Book For?
      2. Organization of This Book
      3. System Requirements
        1. The Companion Web Site
        2. Find Additional Content Online
        3. Support for This Book
    5. 1. Code Quality in an Agile World
      1. Traditional Methods of Software Development
      2. Agile Methods of Software Development
        1. Scrum
        2. eXtreme Programming
        3. Test-Driven Development
      3. Moving Quality Upstream
      4. Inside Microsoft: Windows Live Hotmail Engineering
        1. Engineering Principles
          1. Focus on quality of service, performance, and security
          2. Leverage iterative development
          3. Ensure predictable and repeatable processes
          4. Use common tools, processes, and terminology
        2. Key Success Factors
          1. Delivering testable units
          2. Running daily builds
          3. Running automated BVTs with daily builds
          4. Ship to a “dogfood” environment early and often
      5. Tactics for Writing Solid Code
        1. Focus on Design
          1. Class design and prototyping
          2. Metaprogramming
          3. Performance
          4. Scalability
          5. Security
        2. Defend and Debug
          1. Memory management
          2. Defensive programming techniques
          3. Debugging
        3. Analyze and Test
          1. Code analysis, coverage, and testing
        4. Improve Processes and Attitudes
          1. Improving engineering processes
          2. Attitude is everything
      6. Summary
      7. Key Points
    6. 2. Class Design and Prototyping
      1. Collaboration in Visual Studio
      2. Think First, Code Later
      3. Software Modeling
        1. Unified Modeling Language
          1. Visio Example
        2. Prototyping
          1. Tracing
          2. Visual Studio Class Designer
          3. Create a Class Diagram
          4. Prototyping with the Class Designer
            1. Automating Enter and Exit Methods
          5. Prototyping Example
      4. Summary
      5. Key Points
    7. 3. Metaprogramming
      1. What Is Metadata?
      2. Metadata in Managed Applications
        1. Application Configuration Files
          1. Configuration Settings Basics
          2. Application Configuration Storage
          3. Application Configuration Example
          4. Database Connection String Configurations
          5. Custom Configurations
          6. Custom Configuration Section Example
          7. Application Configuration in Practice
      3. Metadata in Your Applications
        1. Store application configurations in metadata
        2. Store application details in metadata
        3. Drive application behavior with metadata
      4. Inside Microsoft: Configuration Management in Windows Live Spaces
        1. Gaining Flexibility with Metaprogramming
          1. All features are configuration driven whenever possible
          2. Configuration updates are managed dynamically
      5. Summary
      6. Key Points
    8. 4. Performance Is a Feature
      1. Common Performance Challenges
        1. Network Latency
          1. Network reliability is poor in certain regions
          2. Average round-trip time is high
          3. Packet loss is high
        2. Payload Size and Network Round Trips
          1. Compression is not enabled
          2. Using multiple small static image files
        3. Limited TCP Connections
        4. Poorly Optimized Code
          1. Overuse of redirects
          2. Excessive DNS lookups
          3. Poorly organized JavaScript and CSS
      2. Analyzing Application Performance
        1. Fiddler
        2. Network Monitor
        3. Visual Round Trip Analyzer
        4. HTTPWatch
        5. Analyzing the Performance of Live Search
      3. Tactics for Improving Web Application Performance
        1. Reduce Payload Size
          1. Reduce total bytes by using HTTP compression
          2. Minify JavaScript and CSS
          3. Re-palletize images
        2. Cache Effectively
          1. Set expiration dates
        3. Optimize Network Traffic
          1. Increase parallel TCP ports
          2. Enable Keep-Alives
          3. Reduce DNS lookups
          4. Avoid redirects
          5. Leverage a Content Delivery Network
          6. Incorporate CSS Sprites
        4. Organize and Write Code for Better Performance
          1. Make JavaScript and CSS files external
          2. Ensure CSS are in the top of the page
          3. Place JavaScript at the bottom of the page
      4. Incorporating Performance Best Practices
        1. Establish a Performance Excellence Program
          1. Establish usage scenarios and priorities
          2. Analyze competition
          3. Set performance goals
          4. Implement best practices
          5. Measure and test
      5. Inside Microsoft: Tackling Live Search Performance
        1. Web Performance Principles
          1. Set performance budgets for key scenarios
          2. Continuously analyze and test application performance
          3. Experiment and understand user behavior
          4. Understand usage patterns and optimize performance accordingly
        2. Key Success Factors
          1. Understand end-user perceived performance
          2. Incorporating performance test tools
          3. Learn and live the best practices
      6. Summary
      7. Key Points
    9. 5. Designing for Scale
      1. Understanding Application Scalability
        1. Approaches to Scalability
          1. Scaling Up
          2. Scaling Out
        2. Database Scalability
      2. Tactics for Scaling Web Applications
        1. Choose Scalable Application Designs
          1. Design simple application architectures
          2. Design to scale out
          3. Partition data effectively
        2. Design Application Infrastructure to Scale
          1. Load balance with hardware
          2. Choose the appropriate hardware
          3. Use common cluster configurations
        3. Defend Against Application Failure
          1. Ensure that the application is fault tolerant
          2. Build redundancy into the application
          3. Insulate against dependency failures
        4. Ensure Manageability and Maintainability
          1. Instrument the application code
          2. Actively monitor the application
          3. Establish key live site metrics and goals
          4. Plan for growth and failures
      3. Inside Microsoft: Managing the Windows Live Messenger Service Infrastructure
        1. Engineering Principles
          1. Design to scale out
          2. Design every aspect of the application to fail gracefully
          3. Automate key manageability tasks
          4. Continuously evaluate and plan infrastructure capacity
          5. Plan to recover from outages
      4. Summary
      5. Key Points
    10. 6. Security Design and Implementation
      1. Common Application Security Threats
      2. Principles for Designing Secure Applications
        1. Security Design Principles
          1. Establish a Security Process
          2. Incorporate Defense-in-Depth
          3. Apply the SD3+C Strategy for Secure Applications
      3. SD3+C Strategy and Practices for Secure Applications
        1. Secure by Design
          1. Implement Threat Modeling and Risk Mitigation Tactics
          2. Apply Best Practices to Application Design
            1. Apply .NET authentication and authorization mechanisms
            2. Encrypt sensitive data
            3. Assume external applications and code is insecure
            4. Design to fail, and fail securely
            5. Handle errors and exceptions securely
            6. Implement least privilege
            7. Implement privilege separation
            8. Sanitize input
            9. Validate security coding best practices with FxCop
            10. Incorporate security-focused code reviews
        2. Secure by Default
          1. Install only necessary components by default
          2. Configure restrictive permissions by default
        3. Secure in Deployment and Communication
          1. Establish a support and bug remediation process
          2. Provide setup and configuration guidance to users
          3. Adhere to compliance requirements
          4. Involve users in the security dialog
          5. Establish a security response and communication plan
      4. Understanding .NET Framework Security Principles
        1. Runtime Security Policy
        2. Code Access Security
        3. Applying Runtime Security Policy
      5. Additional Security Best Practices
        1. Conduct security-focused testing
        2. Incorporate penetration testing
        3. Review application security before release
        4. Add protective infrastructure components
      6. Summary
      7. Key Points
    11. 7. Managed Memory Model
      1. Managed Heap
      2. Garbage Collection
        1. Managed Wrappers for Native Objects
        2. GC Class
        3. Large Object Heap
      3. Finalization
        1. Non-Deterministic Garbage Collection
        2. Disposable Objects
        3. Dispose Pattern
        4. Weak References
      4. Pinning
      5. Tips for the Managed Heap
      6. CLR Profiler
        1. CLR Profiler Walkthrough
      7. Summary
      8. Key Points
    12. 8. Defensive Programming
      1. Defensive Programming and C#
      2. Warnings
      3. Code Review
      4. Software Testing
        1. Test-Driven Development
        2. Code Coverage
        3. Self-Documenting Code
        4. Naming Conventions
        5. Pseudo Code
        6. Comments
          1. Documentation Comments
      5. Defensive Programming with Classes
        1. Modifiers
        2. Interfaces
      6. Defensive Programming Without Examples
        1. Defensive Programming with Examples
      7. Design Patterns
      8. Summary
      9. Key Points
    13. 9. Debugging
      1. Overflow Bug
      2. Pentium FDIV Bug
      3. Symbols
        1. Symbol Server
        2. Source Servers
      4. Preemptive Debugging
      5. Proactive Debugging
        1. Managed Debugging Assistants
          1. Visual Studio
          2. Environment variable
          3. Registry
        2. MDA Example
        3. Code Analysis
        4. Performance Monitoring
          1. Performance Monitor example
      6. Debugging
      7. Debugging Tools
        1. Visual Studio
          1. Production environment
        2. .NET Framework Tools
          1. ILDASM
          2. Reflector
          3. Son of Strike
        3. Debugging Tools for Windows
        4. CLR Profiler
        5. Sysinternals
      8. Tracing
        1. Web Application Tracing
          1. Page level tracing
          2. Tracing in the web.config file
        2. Exception Handling
      9. Production Debugging
        1. ADPlus
          1. ADPlus Configuration File
          2. ADPlus and Web Applications
      10. Summary
      11. Key Points
    14. 10. Code Analysis
      1. Invest in the Test Process
        1. Define a Test Rhythm
        2. Establish Test Work Item Tracking
      2. Incorporate Automated Code Analysis
        1. Use Static Code Analysis Tools
        2. Write Application Test Code
          1. Anatomy of a Unit Test
        3. Testing with Visual Studio
      3. Use Metrics to Understand Quality
        1. Measuring Complexity and Maintainability of Code
        2. Using Perspectives to Understand Quality
      4. Inside Microsoft: Managing Quality for the Microsoft.com Web Analytics Platform
        1. The Importance of Code Quality
        2. The Test Investment
        3. Managing Quality
      5. Summary
      6. Key Points
    15. 11. Improving Engineering Processes
      1. Tactics for Engineering Process Improvement
        1. Establish a Quality-Focused Project Rhythm
        2. Implement Source Control and Check-in Processes
          1. Managing Source Control
          2. Establishing Check-in Procedures and Criteria
            1. Feature development
            2. Unit test verification
            3. Unit verification
            4. Feature check-in
        3. Release and Test Code Daily
          1. Feature development
          2. Build
          3. Deploy
          4. Verification testing
        4. Automate Daily Builds
          1. NAnt
          2. MSBuild
          3. Team Foundation Build
        5. Using MSBuild
          1. Project file
          2. Items
          3. Tasks
          4. Properties
        6. Create and Enforce Quality Criteria
          1. Security
          2. Performance
          3. Scalability
      2. Summary
      3. Key Points
    16. 12. Attitude Is Everything
      1. Passion
      2. Linear versus Iterative
      3. Sales Are Good
        1. Features
      4. Flexibility
      5. Solve Real Problems
      6. You Are Responsible
      7. Port Code as New Code
      8. Refactoring
      9. Priorities
      10. Be Realistic
      11. Paradigm Shift
      12. Expand Your Perspective
    17. A. Agile Development Resources
    18. B. Web Performance Resources
    19. About the Authors
      1. Donis Marshall
      2. John Bruno
    20. Index
    21. About the Authors
    22. Copyright

    Product information

    • Title: Solid Code: Optimizing the Software Development Life Cycle
    • Author(s): Donis Marshall and John Bruno
    • Release date: February 2009
    • Publisher(s): Microsoft Press
    • ISBN: 9780735625921