Verdict: Highly recommended (for the correct audience).
It is a number of years since I last felt motivated to review a book on programming. Just after I had added Robert to my Facebook Friends (react any way you like) he announced that his latest book was just released. Knowing his expertise in both C and issues of secure coding, I asked if he could get me a review copy. His publisher very promptly supplied me with an electronic copy, and a printed copy arrive post haste a couple of days later.
This is an introductory book on C and we all know how problematic such books can be. The first issue concerns accuracy, does the book follow the Standard correctly or does it wander off (as too many do) into an author’s (mis)understanding of the language? I can put your mind at rest here, Robert knows Standard C better than 99% of those using it. He should do as he has been actively participating in WG14 (ISO work group responsible for the C Standard) for over a decade and is well familiar with current C18 (the cover still uses the prior designation of C17) version. He is also aware of the likely changes coming with C2x (still a long way off). You can rest assured that he talks and writes Standard C in all its dialects and is well acquainted with how it has changed and how it is likely to change.
Robert is also an expert on secure coding techniques. This is particularly important when it comes to those intending to learn C. Well-written C can meet very rigorous requirements exactly because the dangers are well understood. (I am reminded of C Traps and Pitfalls (1989) by Andrew Koenig that remained in print for at least 28 years which must be a record for any unrevised book on programming, and Safer C (1994) by Les Hatton which is also still available. (Both books are pretty dated and both are based on the original C Standard.)
In my opinion, one of the great failings of K&R is that it does not adequately address code quality issues and assumes that the reader will be using tools such as lint that are never mentioned in the book. It led to a generation of C programmers who did not know how to use tools to make their code more secure. Understanding that is very important because there are design decisions deep in the core of C that produce a powerful language, but one that can very easily be abused. Much of the bad rep that C has in some quarters is down to that.
Back to this book. There is a hard problem with writing a book for newcomers because it is well-nigh impossible to write one that avoids forward references. The various basic topics are so interwoven that the writer either writes a book that dumbs things down to a ridiculous degree, trivialises the content or has to trust the reader to be patient and be willing to reread earlier chapters in the light of new understanding gained from the latest chapter. Robert has chosen the last of those.
There is also the issue as to whether a book is for the lone reader who must grasp everything without the aid of a teacher or tutor. Even in the days of the Internet there is a marked difference between using a book as part of a course and using it for solo study.
A quick look at the 11 chapter headings will confirm that Robert has chosen the course of dealing with each major topic (e.g. arithmetic types, control flow, expressions and operators etc.) in separate chapters. He has also chosen to trust the reader to be able to look up technical usage (i.e. jargon). The reader needs to be aware of the golden rule for reading technical writing; ‘if you think you know the meaning of every word but the sentence does not make sense, at least one word is used with a meaning you are unaware of’.
The book is an excellent introduction to Modern C. Source code is idiomatic and Robert takes time to highlight potential security problems so that by the time the reader has finished their introductory study of C using this book, they will have developed a good coding style that mitigates most of the fundamental security issues. In other words, the reader will have become (albeit an inexperienced) professional C programmer.
However, I have some reservations as to the potential readership. While there will be exceptions, someone who has never previously programmed in any language will find this book hard going. Those who have a prior exposure to C will need to read attentively so that their (almost inevitable) existing misconceptions are corrected. If they think they know better than the author over any point, they are probably wrong.
I think this book is best for two uses:
- An individual who is already a competent programmer in some other language and wants to learn C at a professional standard. They need to put aside the way their current language(s) of choice do things and accept that C has its own way. Those coming from other languages in the C family (such as C++, C# or Java) will need to be particularly careful. For example, C has no destructors so resource clean-up must be done manually. Robert shows how a correct use of the often derided
goto
statement can be used to ensure correct clean-up of multiple resources in a context when the allocation of nay one of them can fail. - A book for use as the core for a course on C. I think that, were I inclined to return to teaching C, I would happily use this book both in a classroom and for remote learning.
Website: nostarch.com/Effective_C