defensive programming tactics - solid code



I run into a lot of students in college or beginners who are just starting out writing software or snippets of code. here are some tactics you should use to make sure your code is bulletproof.

My instructor told me that displaying error messages was not always wise. This can be true if you have a web server and you are writing server-side PHP/ASP/JSP/CF code.

Nowadays with the load of hackers out there, HANDLING error conditions and buffer overflows is paramount (having solid code is now a security issue)! You can in one case trick the compiler into making sure your code is solid at compile time for certain cases.

There is a book from Microsoft Press called "Writing Solid Code", and it's very valuable.

solid code

  • old way of coding:
    if (variable==constant) {
    new way of coding:
    if (constant==variable) {
    what this does is, if you accidentally use = instead of ==, the compiler will throw an error and stop because it is a syntax error to assign a variable to a constant, whereas before, it would simply assign the constant to the variable (really difficult to find the bug)... note that = in the languages mentioned is assignment,and == is a comparison relop. This applies to Java, C, C++, D, J#, and Javascript to my knowledge, and probably C#.
  • use hungarian naming conventions, where you put a data type code in front of the variable name. this prevents improper use of pointers.
  • find that bug and nail it. you may not find them all at once. In fact, you will probably need a 2nd set of eyes to point them out... good communication is paramount. remain objective in your communications.
  • initialize your variables. many a flaky/intermittent bug has come about I'm sure (and been summarily dismissed by the engineers) from uninitialized variables.
  • always use code blocks where the option presents itself. in C, these are curly braces on if's, for statements, while's, do...while's, etc. same for basic. don't leave dangling code that with the slightest modification will break or act strangely.
    old code:
    if (condition) return true;
    new code:
    if (condition) {
        return true;
    this prevents the possibility of accidents. it also makes the code more readable.
  • choose a curly brace style and stick with it. your boss will probably choose it for you - he or she will probably have a programming style guideline standard document they will hand you that they want you to follow.

defensive programming

  • check for and handle error conditions wherever possible.
  • always validate your input. if it's not valid, handle like it's an error condition and do something appropriate.
  • security in programming is now a requirement. learn it.
  • avoid buffer overflows. for instance, instead of strcpy(), use strncpy(). avoid buffer overflows in your database as well, so check your data up front!
  • check that the functions you call, whether library or system, return the proper results. if they don't, do something appropriate.
Writing Solid Code, available from Barnes and Noble $0.01
excellent programming rules