Software Development

Why Do You Need to Read the Source Code of Software Libraries?

Home

>

Blog

>

Software Development

>

Why Do You Need to Read the Source Code of Software Libraries?

Published: 2022/10/13

6 min read

Developers’ work is often based on the work of other people. They are constantly using somebody else’s code by attaching libraries, either from programming language authors or other third-party providers. At some point, every developer should wonder what exactly the logic introduced from an outside source accomplishes. 

Whether you incorporate open-source or proprietary software libraries in your project, it’s crucial to know what exactly is going on with their source code. Find out how developers can benefit from reading libraries and what challenges they might encounter when working with both types of libraries. 

Why should you check third-party libraries? 

Third-party libraries can be installed automatically by a dependency manager (a tool for managing various libraries and packages within a project’s technology stack) in your project or delivered manually into the system as a package. Quite often, these libraries are treated like a black box, in that you don’t intend to look inside. The problem with that approach is that software development is rather complex, and the behavior of different software components in a project can impact a project’s functioning. 

Additionally, libraries might contain bugs. And that’s not all that can complicate a developer’s work – faults in design, code quality debt or earlier design decisions made on the basis of currently obsolete programming paradigms and runtime environments. That’s why developers need to strive to deeply understand the libraries they use and avoid being overconfident about code they don’t yet know well. 

Documentation vs reality 

In an ideal world, if you need to know something about a library, documentation should suffice. But in reality, there are times when libraries behave in an unexpected manner, or there is simply not enough information to go by.  

It’s not unrealistic to assume that, as a developer, you will encounter behavior triggered by a library that you won’t be able to expect, name or even search for in the documentation. 

Programmers often say that code is the ultimate form of documentation, and they are right. It is not unusual for documentation to lag behind code simply because someone didn’t know the impact of the implemented changes or forgot to make a note of them and so on. When you read the actual code, what you see is what you get. 

New call-to-action

The importance of open-source libraries 

When assessing what kind of a third-party library or software would best suit a project, several factors need to be taken into account, such as usability, cost, proper license, maintenance and support availability. Sometimes using a paid library seems like a better solution for different reasons – it might be less expensive in the long term or it just makes more sense for the project to be supported by third-party technology.  

However, open-source grants developers more transparency as they can easily access the source code and bugs are usually made public. Open-source software also enables developers to apply changes directly to a library if a situation calls for it. The licenses often offer more flexibility too – for example, you can create proofs of concept without requesting an evaluation license (a license that allows you to use the software for evaluation or tests only). Of course, certain factors can make it unviable to go the open-source route. However, there is a hidden cost of using a proprietary piece of technology stack when developers don’t have access to the sources. It can negatively impact future changes in the software, complicate product support and even make it difficult for developers to complete their basic tasks. 

Using third-party libraries – practical examples 

Speaking from personal experience, while working mostly with an open-source stack, I can name a few situations when the lack of sources in proprietary libraries proved to be quite a headache. 

Vague documentation 

One of the few proprietary pieces of software I had to work with was a provided database. While it was serving its function, it also contained bugs. There were multiple situations when the developers working on the project tried to respond to a ticket, and it took way longer than expected, mainly because the bugs were difficult to replicate and we put too much trust into the support provided by the owner of the library. 

Without transparent access to the library’s sources, we assumed that the problem lay in something we’d done in the product itself. As a result, we wasted a lot of time and effort trying to identify the problem only to realize that the library had been updated without our knowledge. The technical details of the error were intentionally hidden in the output and required additional contact with the third party’s support. In the end, instead of releasing a patched version to fix the problem, the database provider supplied the team with a custom patcher tool. In simple terms – the fix required way more involvement from the development team than it should. 

Lack of flexibility 

Another problem you might encounter is when the commercially provided technology is too rigid to fulfill product requirements. With available sources, a development team can write their own version of certain functionalities and account for different behaviors, which can be more difficult to develop in a closed environment. 

Imagine, for example, a user interface (UI) library which provides a lot of features out of the box, but your product has a very specific requirement that is not actually included in the library’s feature list. If the library doesn’t provide a proper way to include this feature, using the library to develop the product becomes difficult. 

The transparency of open-source libraries 

On the other hand, open-source libraries often make it easier for developers to notice when a library – and not the product they’re developing – has bugs, when these bugs are fixed or how to write a workaround around them. If the documentation of an open-source library is not extensive enough, developers have the option to read a library’s actual code, which makes a world of difference. Though reverse engineering may not be ideal, it still is a credible approach to understanding code and improving it. 

Read more, learn more 

If you need an external library for your project, it’s likely that you want to develop something complex. The ability to read someone’s code is essential for software development. It’s an organic way to learn not only how a specific library works, but also what kind of tools and paradigms you have at your disposal. Depending on your area of expertise, you might even have a rare opportunity to actually apply some of the constructs available to you in your production code. 

More than that, reading professionally written code is one of the best ways to acquire knowledge of how something works in practice. You can read books and articles or watch webinars, but you have to keep in mind that these educational materials usually show examples aimed at illustrating the point of a presentation. It also means that these examples will be simplified to demonstrate techniques. Meanwhile, production code enables you to see what patterns are applied to certain real-life situations and problems. 

Finally, observing how a piece of code was used in tangible scenarios makes it easier for you to remember it. It’s a more hands-on way to learn different techniques so you can readily recall them in the future to write even better code of your own. 

Summary 

In product development you always have the opportunity to learn more, make better decisions for the future of your project and anticipate potential problems. When choosing a third-party library, you need to consider the pros and cons of both open-source and paid resources. Of course, some projects will require the use of proprietary libraries, but make sure you’re realistic about the limitations they can impose on your software development. Most importantly, though, always pay attention to the source code of the library you choose, in order to avoid issues down the road. 

With complex projects requiring a careful choice of tech stack, it’s important to have the support of experienced software developers. Software Mind’s cross-functional engineering teams have been building solutions from scratch and enhancing existing products across a wide range of industries, solving real-world challenges and engineering significant technical improvements. If you’re looking to boost your software development, reach out to us via the contact form. 

About the authorPrzemysław Kasprzyk

Senior Software Engineer

A Software Engineer with 7+ years’ experience in Java and Spring back-end development for financial services and HealthTech, Przemysław has also been involved in front-end, mobile and desktop app development. Apart from software engineering, he’s supported projects in various ways, such as Agile team leadership, code reviews, codebase maintenance and cybersecurity. A member of Software Mind’s Java Guild, he values constant improvements to workflows that drive high code quality, efficiency and app performance.

Subscribe to our newsletter

Sign up for our newsletter

Most popular posts