Application Security Testing: An Integral Part of DevOps
|Bruce Eckel's Thinking in Java||Contents | Prev | Next|
You should address performance only after you have a correct and fully tested program:
- Measure the program’s performance under realistic conditions. If it meets your requirements, you are finished. If not, go to the next step.
- Find the most critical performance bottleneck. This might require considerable ingenuity, but the effort will pay off. If you simply guess where the bottleneck is and try to optimize there, you’ll waste your time.
- Apply the speed improvement techniques discussed in this appendix, then return to Step 1.
Finding the critical bottleneck is the key to cost-effective effort – Donald Knuth  improved a program where 50 percent of the time was spent in less than 4 percent of the code. He changed a few lines in an hour of work and doubled the program speed. Working on the rest of the program would have dissipated his valuable time and effort. To quote Knuth, “Premature optimization is the root of all evil.” It is wise to restrain your impulses to optimize early because you may forgo many useful programming techniques, resulting in code that’s harder to understand, riskier, and requires more effort to maintain.