May 9, 2013, 5:27 p.m.
IT

Value of internal double checks in your code

During my career I have come across many developers who frowned at my pedantic use of double checks in various layers and modules in my code. Most developers will place a layer of parameter validation and assertions at the boundary between the external and internal layers. That is because of the common wisdom that you should never trust user input or external data.

I take it a step further. Internally between different modules I also add a layer of parameter validation and assertions. So the question becomes why? Because I do not trust myself - or my team members. Mind you, this is not in the bad kind of way. I do not trust that I cannot create a bug. That a team member cannot forget about a certain assumption made elsewhere. And this very practise saved my butt yesterday.

In one large enterprise system I created, data integrity is particularly crucial, and it is particularly hard to detect any inadvertent data corruption. There is a process whereby certain data can be set up that will be processed a couple of weeks later. These are two distinct (but co-located) modules in the system. I designed and implemented both. However, the processing engine has some assertions regarding the format and structure of the data it processes. Even though the data setup module enforces these restrictions, the ones pertaining to the data processing module are re-checked before the processing module starts processing the data. In this case, an assertion made in the processing module caused the whole processing to be aborted with a neat, concise and accurate description of the problem.

Without this second layer of assertions, this issue would have had gone undetected, and massive data corruption would have occurred. The check itself might cost 20ms of processing time each month, but it saved days of manual labour. The problem is that the code that created the data structures allowed an invalid condition to exist, it did not have the needed checks to ensure this invalid condition was prevented from ever reaching the database. This is a bug, and no amount of testing will ever eliminate all bugs.

My advise is to ensure you write your assertions in code, not in comments, and enforce them everywhere you can. It is almost always better to have your application fail than to allow internal data corruption to occur.