A car magazine once declared that a car has "character" if it takes 15 minutes to explain its idiosyncrasies before it can be loaned to a friend. By that standard, every piece of software has character -- all too often, right of the box.
Most programming "peculiarities" are unique to a particular context, rendering them highly obscure. Websites that deliver XML data, for example, may not have been coded to tell the browser to expect XML data, causing all functions to fall apart until the correct value fills the field.
[ Also on InfoWorld: Find out which 7 programming languages are on the rise in today's enterprise. | Keep up on key application development insights with the Fatal Exception blog and Developer World newsletter. ]
But certain programming practices send the majority of developers reaching for their hair upon opening a file that has been exhibiting too much "character." Spend some time in a bar near any tech company, and you'll hear the howls: Why did the programmer use that antiquated structure? Where was the mechanism for defending against attacks from the Web? Wasn't any thought given to what a noob would do with the program?
Creatures of habit, we developers seem locked into certain failure modes that can't be avoided, such is the frequency with which we fall prey to a particular poor programming practice.
Below you will find the most common programming pitfalls, each of which is accompanied by its opposing pair, lending further proof that programming may in fact be transforming into an art -- one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes.
Failing to shore up the basics is the easiest way to undercut your code. Often this means overlooking how arbitrary user behavior will affect your program. Will the input of a zero find its way into a division operation? Will submitted text be the right length? Have date formats been vetted? Is the username verified against the database? Mistakes in the smallest places cause software to fail.
The worst part about sloppy programming is that advances in language design aimed to fix these problems don't do their job. Take the latest version of Java, which tries to make null-pointer checking easier by offering shorthand syntax for the endless pointer testing. Just adding a question mark to each method invocation automatically includes a test for null pointers, replacing a rat's nest of if-then statements, such as:
In the end, however, such syntax improvements can only prevent code from crashing, not ensure that it's useful. After all, it doesn't eliminate the root of the problem: the proliferation of null values due to fast and loose programming.
On the flip side, overly buttoned-up software can slow to a crawl. Checking a few null pointers may not make much difference, but some software is written to be like an obsessive-compulsive who must check that the doors are locked again and again so that sleep never comes.
Relentless devotion to detail can even lock up software if the obsessive checking requires communicating with a distant website over the network. I have several packages that slow to a crawl if I fire them up on a laptop without a Wi-Fi connection because they're frantically trying to phone home to see if a new version might be available. The Wi-Fi LED flickers, and the software hangs, constantly looking for a hotspot that isn't there.
The challenge is to design the layers of code to check the data when it first appears, but this is much easier said than done. If multiple developers work on a library or even if only one does all of the coding, it's difficult to remember whether and when the pointer was checked.
Too often, developers invite disaster by not simplifying control over tasks in their code.
Mike Subelsky, one of the co-founders at OtherInBox.com, is a keen advocate of there being one and only one place in the code for each job. If there are two places, odds are someone will change one but not the other. If there are more than two, the odds get even worse that someone will fail to keep them all working in the same way.
"Having worked on one code base for three-plus years, my biggest regret is not making the code more modular," Subelsky says. "I've learned the hard way why the Single Responsibility Principle is so important. I adhere to it strongly in new code, and it's the first thing I attack when refactoring the old code."
Subelsky, as you may surmise, is a Ruby on Rails programmer. The framework encourages lean code by assuming most of the structure of the software will fall into well-known patterns, a philosophy that Rails programmers often summarize as "convention not configuration." The software assumes that if someone creates an object of type Name with two fields first and last, then it should immediately create a database table called Name with two columns, first and last. The names are specified in only one place, avoiding any problems that might come if someone fails to keep all of the layers of configuration in sync.
Sometimes the magic tools lead only to confusion. By abstracting functionality and assuming what we want, frameworks can all too often leave developers at a loss for what's gone wrong in their code.
G. Blake Meike, a programmer based near Seattle, is one of many developers who finds over-reliance on automated tools such as Ruby on Rails a hindrance when it comes to producing clean code.
"Convention, by definition, is something outside the code," Meike says. "Unless you know Ruby on Rails' rules for turning a URL into a method call, for instance, there is no way, at all, that you will ever figure out what actually happens in response to a query."
He finds that reading the code often means keeping a manual close by to decipher what the code is doing behind his back.
"The rules are, while quite reasonable, not entirely trivial. In order to work on a Ruby on Rails app, you just have to know them. As the app grows, it depends on more and more of these almost-trivial bits of external knowledge. Eventually, the sum of all the almost-trivial bits is decidedly not trivial. It's a whole ecosphere of things you have to learn to work on the app and remember while you are debugging it," he says.
Next page: How much trust to put in a client, and how not to reinvent the wheel