Legacy code is something we all have to deal with at one point or another. It's all around us. Even if we find it scary we have to learn how to handle it without being petrified in the process. This article will look at some techniques that I have used to tackle legacy code. It's a collection of things that have helped me go from feeling scared and apprehensive when working in legacy code to feeling challenged.

Before we dive in I'll start with defining what legacy code is. I've done so before on this blog. Since then I've learnt a much simpler and more precise way to describe it. Legacy code is all production code which makes you scared when you have to change it.

But what is production code? Production code is any code that provides the business with value. This includes, but is not limited to, code that executes in production, test code, automation code and any other code that helps the business do it's business.

So here we are then, with the legacy code. How can we go about doing this scary job without causing to much pain to the customer, who probably doesn't want to be disturbed at all? What should we think about? What patterns and tools would be helpful?

When the customer asks us to work on a legacy system we need to ask them why. Why does the customer want us to muck around in this old thing in the first place? What is the expected value of the change? Is it possible to deliver this value to the customer? Can we deliver this value in a better way? Can we get an of the shelf product and replace the legacy system with? Should we make a system rewrite instead? (this one should be approached with utter care)

The answers to these questions will not just question the need for change. It will also help guide you in your work. It will give you the indications you need to know how ambitious you should be. When you start on the path of reworking an application through slow, steady improvements rather then a big rewrite you will find that ambition level is important. It is what will guide you when you decide how much effort you should spend on improvements. What is the expected lifetime of the system you are working on?

Once you have the answers it's time to figure out where to start. The most obvious place to start is of cause where you stand. This is usually an approach that works when you know pretty well what needs to be done and where. If you are about to add a feature to an already existing part of a system or fix a well known issue then you should start where you stand.

When you are not quite sure where the problem is or when you need to find out where the real problem hot spots in your system are there is another tool that can be really useful. It is called Offender Profiling. The technique was create by Adam Tornhill and is presented in his book "Your code as a crime scene". He also has several talks (for example here) on the subject. Adam combines many years experience as a programmer with theories from forensic psychology. This have allowed him to think outside the box and be able to find patterns hidden in our version control system's (VCS) history data.

By using the history data from your VCS, combined with some very simple complexity metrics, this will allow you to find the most likely candidates for issues in your code base. The inspiration comes from a forensic technique called offender profiling.

Adam has in his book combined various other psychology concepts with VCS data which will help organisations make better use of their software. But that is for another time.

Now that we know where to start we have to understand what the code does. This is usually the biggest reason for fear in legacy code. That we don't quite understand how the code works. What does the requirements for this code look like. How do I know I haven't broken anything when I think I'm done? There are several different ways to attack this. We will look at four different patterns, starting with test.

First out is a way to mine requirements from executing code using tests. The tests are called Specification tests.They are pretty much the same thing as the tests we create when working with Behaviour Driven Development. What we aim to do is to understand how the system we are about to change should work by writing black box tests. To do so we use Gherkin's Given When Then syntax. We then run the tests on a running system. This whole process should ideally be fully automated and executable from the command line. But if that's not possible, just manually be able to run repeatable regression tests is a huge benefit. There are a couple of different frameworks to help with this. For Java and Ruby there is Cucumber, for .Net SpecFlow, JavaScript has Karma. There are many other frameworks available as well and for most other languages. You can also use tools like  Selenium to execute your specification directly on the UI. Even if you are executing your tests directly against the graphical user interface and the cost of maintenance seems high this is a good investment. If this is an old application the UI will likely not change much. Also, you will get automated feedback on stuff the user will notice. If you can, sit down with users and watch how they use the UI. Then write the tests based on your observation.

With some test in place to make sure we don't have regression from the clients perspective it's time to start understanding the architecture and the code. We will look at two of Michael M. Feather's patterns from his book "Working effectively with legacy code" (WELC). We will also look at how we can use Simon Brown'sC4 model for architecture to understand the architecture of an existing system.

The first of Michael Feathers patterns is Conversational Scrutiny (WELC p. 224). When you sit with an extra hairy bit of code like a long method or complex class, you often talk with one or more colleagues to get some help understanding it. The conversation that ensues is well worth paying attention to. It will often contain the abstractions that are missing from the code. The abstractions and the words that would have made the code easier to understand. The conversation in it self is of cause the key to understanding what the code does. But also make sure to listen carefully for the hidden abstractions required to make improvements. They tend to be embedded in the reoccurring words used during the conversation.

What is also important to remember is that a mess often asks for more messiness. Even a good team of developers have a scary tendency to keep adding messy code to messy sections of the code base. When scrutinising the conversation and noting the missing abstractions, don't forget to add them in the code. Don't forget to continuously improve the code.

The second of the patterns from Michael Feathers is Telling the Story of the System (WELC p. 216). This is a technique used to understand how submodules and modules work together. Each participant is responsible for telling the others the story of e's module. The story should be as brief as possible, preferably just a few words. It should also be told as if the audience knows nothing of the system.

By doing the exercise we become aware of what responsibility belongs where, as well as where it is currently located. It is a great way to understand how the system should be re-structured as well as how it currently hangs together.

Simon Brown, author of Software Architecture for Developers, have described a way to explain software architectures he calls the C4 model. This is a very powerful way to illustrate what a system architecture looks like. Used correctly on a legacy system it's almost embarrassing how bad most architectures are designed. The tldr; of it is that you have four types of diagrams. Each describes a model of the system. At the top level we have a Context diagram. This describes how the system fits into the rest of the world. One level down we have a Container diagram. This will show which "containers" the system is made up of. A containers is a deployable unit. This can be an IIS or JEE server, a database, a Docker Container or something else that is deployable. At the third level down we have the Component diagrams. They will describe the different components in some detail and how they interact with other components. At the bottom is the Class diagram. Class diagrams are sometimes very illustrative but often to detailed and can be left out.

The audience for C4 is mainly developers. The diagrams are there to help understand  how the high level architecture is structured. When the model is true to the actual system it is also a very good place to start when looking to change the current architecture into something more fitting.

Now that we have, hopefully, understood how the system works, it's time to look at some patterns for how to make changes without fear. Or at least as fearless as we can be.

Let's start with a pattern from Martin Fowler's bliki called Preparatory Refactoring. This is a practice we should be doing all the time. Actually, the failure to do so is the main reason to why we have problematic legacy code in the first place. The basic idea is pretty simple. You have a new feature which does not fit into the code where it's supposed to. To make sure you don't create a mess when plugging it in you first refactor the existing code. You are done with the refactoring when the new feature fits in as if it had always been there. The effects is that the code is cleaner and more suitably structured to the requirements it is there to serve now.

When doing this in a legacy code base you end up adding loads of test. Remember, you can't do refactoring without covering tests, then it's not refactoring. Dan North and Michael Feathers came up with a name of this practice of adding tests to a legacy system in order to be able to change a part of it. They called it Light the Forest.

Imagine you have been asked to chop down a tree in the depths of a large dark forest. You have problems seeing your hand in front of you. The sensible thing to do is to light your way in, cutting a path and mounting torches, so that you can find your way back again.

When diving in to the depths of a legacy code base you are well advised to do the same. Lighting your way with tests. We call these tests assumption tests. They prove that assumptions we make on our journey are correct and stay correct.

As you work with your legacy code base and apply Light the forest over and over again you will start to see patterns in the forest. It's like seams starts to appear in the system. Along these seams you can start splitting the system up into components which are possible to test individually. Michael Feathers calls this the Seams Model. His definition of a seam is:

“A seam is a place where you can alter behaviour in your program without editing in that place.” (WELC p. 31)

The seams are places where you can inject tests, mocks, stubs and other things. It is also places where you can start breaking up the system into smaller more understandable pieces.

To break the system apart at the seams we use what is called Dependency Breaking Techniques. Michael Feather describes several in his book (WELC). Dependency breaking is often common refactorings made more difficult by the legacy code base. In statically typed languages such as Java and C# mocking frameworks can help allot when introducing tests and breaking dependencies. I don't generally use mocking frameworks when creating new code. But in legacy systems they can be a real life saver.

Another way to understand what happens when you want to break out a certain dependency is to pass in a null reference. The test harness will then quickly tell you if the specific parameter is used by throwing null pointers when the code under test tries to use the dependency.

If mocking or passing nulls doesn't work a possible way is subclassing. By subclassing a dependency, or some times even the SUT (System Under Test), you can stub away especially troublesome parts whilst using the real code in others. You can either create a specific test double or let the test class extend the dependency directly. This technique allows you to understand the SUT in a very intimate way. It will usually also make the code uglier. This is OK as long as it is done in a controlled manner and is removed as soon as possible.

Another thing that tends to be lacking in legacy systems is good names. Helpful names, providing good abstraction, is what make code changeable, flexible and ultimately non-legacy. It is one of the key aspects of a good code base. So when you work in a legacy system it is important to continuously find and add the missing names and abstractions to the code. As we know naming can be very hard. The conversational patterns presented earlier can be of great help in this work, as is the conversation that happens when pair programming.

Something Kent Beck said a couple of years back that helps allot when it come to names as well is: If you can't come up with a good name, then come up with a really bad one. A good name will come to you at some point in the future and the really bad name will poke you in the eye so you remember to replace it.

What good names tends to do in the long run is to help create good abstractions. This can be such a simple thing as extracting a class for an ID. If the ID is just a string or number it's hard to find where it's used. When extracted to a value object you are bound to find places where certain simple operations are preformed on the ID. Such as an equals operation. In some places there will be a null check, in others not. A common problem for bugs and a headache when changes are to be made. If ID instead becomes a class all this functionality finds a home. And all of a sudden ID's are not longer some random string in the system. It's a thing that we can reason about, not just on the whiteboard but also in code.

When you have found the names, and the classes or functions you want to create, you can use a number of common refactorings to extract them. Some are: Compose Method, Method as a Comment, Extract Method and Extract Class.

This article only scratches the surface of the subject legacy code. But I do hope it has tickled your curiosity enough to continue explore. A good place to start is the literature I've mentioned. Especially Michael Feathers and Adam Tornhill.

I would love to get your feedback, thoughts and ideas on the article and the subject in general. Did I miss something? Is there something that's not correct? Do you disagree? Or do you have furthers insights, thought and ideas you'd like to share?  Please do post a comment.

The article is derived from a talk I do about tackling legacy code. If you are interested in this you are welcome to get in touch.