McConnell_2004_CH08_Defensive_Programming Flashcards
What is the core idea behind defensive programming…?
The idea is based on defensive driving.
In defensive programming, the main idea is that if a routine is passed bad data, it won’t be hurt, even if the bad data is another routine’s fault. More generally, it’s the recognition that programs will have problems and modifications, and that a smart programmer will develop code accordingly.
List 3 different general ways to handle Garbage in..?
- Check the values of all data from external sources.
- Check the values of all routine input parameters
- Decide how to handle bad inputs
What is an assertion?
Code that’s used during development - usually a routine or macro-that allows a program to check itself as it runs.
Write an assertion mechanism in PSUEDOCODE?
define ASSERT( condition, message ) { /
(CAN ONLY FIND IN C++)
C++ Example of an Assertion Macro
if ( !(condition) { /
LogError( “Assertion failed: “, /
#condition, message ); /
exit( EXIT_FAILURE ); /
}
}
What sort of code should be handled by error handling code
Error handling code checks for off-nominal circumstances that might not occur very often, but that have been anticipated by the programmer who wrote the code and that need to be handled by the production code. Error handling typically checks for bad input data; assertions checks for bugs in code.
If error-handling code is used to address an anomalous condition, the error handling will enable the program to respond to the error gracefully. If an assertion is fired for an anomalous condition, the corrective action is not merely to handle an error gracefully-the corrective action is to change the program’s source code, recompile, and release a new version of the software.
What sort of code should NOT be placed in an assertion?
Avoid putting executable code into assertions
Putting code into an assertion raises the possibility that the compiler will eliminate the code when you turn off the assertions. Suppose you have an assertion like this:
What sort of things should assertions document and check?
Use assertions to document and verify preconditions and postconditions:
List 10 different strategies for handling errors you expect to occur?
- Return a neutral value
- Substitute the next piece of valid data
- Return the same answer as the previous time
- Substitute the closet legal value
- Log a warning message to a file
- Return an error code
- Calls an error-processing routine/object
- Display an error message wherever the error is encountered
- Handle the error in whatever way works best locally
- Shut down
See pages 194-196 for information on them.
How can you program ‘offensively’?
Exceptional causes should be handled in a way that makes them obvious during development and recoverable when production code is running. Michael Howard and David LeBlanc refer to this approach as “offensive programming”
What sort of defensive programming should be left in production code?
- Leave in code that checks for important errors.
- Remove code that checks for trivial errors
- Remove code that results in hard crashes
- Leave in code that helps the program crash gracefully
- Log errors for your technical support personnel
- Make sure that the error messages you leave in are friendly.
(Page 209 to 210 for more information)
