What is an adequate amount of commentary on code?

moycullen14 wrote: »

It's just that in a long(ish) career here and in the UK, I have rarely come across it being done systematically. One of the few places I saw it had terrible problems
with it. Temper tantrums, dysfunctional behavior, the lot. It was down to a lack of coding standards, mainly, so everything was based on prejudice.

Maybe with API & Framework based systems, it should be less contentious.

One thing for sure, most environments would benefit hugely from code walk-throughs - just as long as I don't have to do it!

I worked in a highly specialised environment which almost certainly contributed to the culture, plus it had been the culture in the place pretty much since day one. If it's all you've ever known, maybe you never take it personally. I suspect if you bring in code review, people start to feel defensive about errors being found and do take it personally.

That being said, I can't see how you'd get an effective code review process working if there are no clear local standards; I guess the next problem is if you try to introduce them, that causes arguments as well.

Interestingly, while there is a lot of discussion about commentary in college courses I've attended since I started programming, the question of coding standards isn't something that has come up so much.

GreeBo wrote: »

The relevance is that if I have complex code that is being changed, I want a confidence level that nothing unexpected/unnoticed has been broken.

Unit tests give you this confidence level. I think there is always a benefit to having unit tests, sure there may be a cost, but there is a cost with any code you write, error handling for example, logging another, but we accept that cost because the benefits outweigh it.

My point is that the benefits of having a particular test does not always outweigh the costs of having that test.

This is obvious to me.

But here's an example. Lets say its a fairly small 2 person project working on some math code, for a video game we are writing. You want to calculate the error of a prediction, using squared error.
Lets say you know that code is only going to be called with positive double values in the range between -1 and 1.

public double getErrorInPredictions(double target, double prediction) {
    double distance = target - prediction;
    return distance * distance;
}

Should you write unit tests for this code?

Maybe we should write a test that puts in (5,7) and checks we get approximately 4 back?
And another that checks it works with whole number values? And that it works when target is negative? And when prediction is negative? And when both are negative?
Maybe we should write a whole battery of tests like that?

In general, no, we shouldn't. Maybe write one unit test, but probably zero, as long as there's a functional test elsewhere that we're reasonably happy drives this code (e.g. in our game, we can see the monster that uses this code intercept the player)

This is the same reason we don't write a comment like:

//the distance is the difference between the target and the prediction.

Even with simple tests, even if the test is simple, and the code being tested is simple, the tests add to the complexity of our codebase overall.

You mention error handling.
Its the same thing with error handling.

Its very important to know when to leave error handling out.
Newbie programmers do things like write error handling in every method they write, even when the method is only called by some other code they've just written - on the basis that, well, it could change in future.

By the time you do this, you've covered your code in error handling; you can no longer see what the code actually does; and that costs you more than it benefits.


Everything should be done only when assessing the cost and the benefit.

And, if you assert that every test's benefit outweighs its cost - or that every piece of error handling code's benefit outweighs its cost - or the same for comments - then I'm pretty sure you're wrong.


Again, cost benefits - if you are writing the code for the last-ditch killer-asteroid intercept mission, then you do things differently than if you are writing for a video game - obviously.

fergalr wrote: »

My point is that the benefits of having a particular test does not always outweigh the costs of having that test.

This is obvious to me.

But here's an example. Lets say its a fairly small 2 person project working on some math code, for a video game we are writing. You want to calculate the error of a prediction, using squared error.
Lets say you know that code is only going to be called with positive double values in the range between -1 and 1.

public double getErrorInPredictions(double target, double prediction) {
    double distance = target - prediction;
    return distance * distance;
}

Should you write unit tests for this code?

Maybe we should write a test that puts in (5,7) and checks we get approximately 4 back?
And another that checks it works with whole number values? And that it works when target is negative? And when prediction is negative? And when both are negative?
Maybe we should write a whole battery of tests like that?

In general, no, we shouldn't. Maybe write one unit test, but probably zero, as long as there's a functional test elsewhere that we're reasonably happy drives this code (e.g. in our game, we can see the monster that uses this code intercept the player)

This is the same reason we don't write a comment like:



Even with simple tests, even if the test is simple, and the code being tested is simple, the tests add to the complexity of our codebase overall.

You mention error handling.
Its the same thing with error handling.

Its very important to know when to leave error handling out.
Newbie programmers do things like write error handling in every method they write, even when the method is only called by some other code they've just written - on the basis that, well, it could change in future.

By the time you do this, you've covered your code in error handling; you can no longer see what the code actually does; and that costs you more than it benefits.


Everything should be done only when assessing the cost and the benefit.

And, if you assert that every test's benefit outweighs its cost - or that every piece of error handling code's benefit outweighs its cost - or the same for comments - then I'm pretty sure you're wrong.


Again, cost benefits - if you are writing the code for the last-ditch killer-asteroid intercept mission, then you do things differently than if you are writing for a video game - obviously.

Honestly I think your example is flawed, why would you test that subtraction works? Unit tests should be testing your (complicated) logic to confirm changes haven't broken it, not that the compiler our runtime still works as expected.

With error handling, if my code needs to do something in the case of an error then I handle it, that might mean throw an exception or maybe close resources etc, but its the job of my code, not just rely on fixing it later when it's a problem, so I disagree with you strongly here tbh.

Even with costs benefits, it doesn't have to be mission critical, for your company it is critical, you can't just trot out the old "no one died" when you discover a bug in production...

Stark wrote: »

You can't catch every single bug in a product.

Technically, you can (effectively at least). However it's expensive so few do it. But "you can't" and "you don't want to pay for it" are different things.

As to not handling errors... folks, please don't ever write a network stack or anything else low-level? M'kay? Life's hard enough for the rest of us as it is.

GreeBo wrote: »

Honestly I think your example is flawed, why would you test that subtraction works?

The example is an example of a method that I would not test.

Because the complexity after adding a test, outweighs the benefit of testing this code.

Once we all agree that such examples occur, we then are just arguing about where to draw the line. And thats my point - whether or not to test - much like whether or not to comment - is a judgement call, which depends on the context.


(Secondly: The method calculated squared error, not subtraction.)

GreeBo wrote: »

Unit tests should be testing your (complicated) logic to confirm changes haven't broken it, not that the compiler our runtime still works as expected.

Sure - but there's no clear and bright line between those two things.

There's a sliding scale of method complexity. I think its obvious that the method I wrote doesn't need to be testing - i.e. that, as long as the compiler is correct, its going to work (or I can be sure enough of that that I dont need to test.)

But, as I add lines to the method, I'll eventually reach a point of complexity where that's not the case, and where it makes sense to introduce a test.

I should not test before that point, and I should test afterwards.

The exact point will depend on context - what I'm building, the cost of bugs, the cost of complexity, etc.

GreeBo wrote: »

With error handling, if my code needs to do something in the case of an error then I handle it, that might mean throw an exception or maybe close resources etc, but its the job of my code, not just rely on fixing it later when it's a problem, so I disagree with you strongly here tbh.

If you've a method A, that is only called from one other place in your video game, which you've just wrote, do you always write error handling in method A, for the case where its given bad parameters? I often don't, if its a small self contained project.

Sparks wrote: »

Technically, you can (effectively at least). However it's expensive so few do it. But "you can't" and "you don't want to pay for it" are different things.

You can increase your confidence, but you can't ever be sure - which you are acknowledging when you say 'effectively at least' - so agreed there.

Sparks wrote: »

As to not handling errors... folks, please don't ever write a network stack or anything else low-level? M'kay? Life's hard enough for the rest of us as it is.

It depends, it depends... depends on why you are writing it, whats the context... is it a proof of concept? For a new network analysis startup? Or the prototype new netcode that has to ship in a week? For an academic paper? Or is it going to be embedded into firmware? Maybe its the low level code that safeguards the nukes?

You can't be dogmatic about this stuff. Maybe sometimes you want 'defense in depth' where every part of the system distrusts every other part, and checks the input it gets; other times that'll screw up the code so that its hard to see the logic of what your system is doing.

What is considered best practice changes all the time - SaaS has changed a lot - you can fix an internal bug almost instantly, you don't have to ship CDs.

Its like, when Nintendo used to ship a game on the SNES, they'd have to have found almost all the big bugs; now you can patch your game after release; changes like that in your deployment have got to impact how you handle and respond to errors, if you are doing things right.

Testing branches is far more important than testing lines of code, branches imply business logic, lines of code imply nothing
You could have 60% line coverage and not be testing anything bar your compiler / runtime.

fergalr wrote: »

You can increase your confidence, but you can't ever be sure

Just on that point, we don't actually know that yet (and most of the Formal Methods research field would disagree with you, they just can't prove their case yet either )

True for physics where we're guessing at the rules and checking our guesses and the system wasn't our invention. Formal methods goes the other way - we invented the system, proved the fundamentals and every step thereafter which is proven is basically irrefutable (there's no error bars involved - a mathematical proof is an all-or-nothing sort of thing for various reasons relating to the nature of maths and follow that rabbit hole into metaphysical argument only if you have nothing better to be doing with your time and have a bout of insomnia). Since FM's basic thesis is to find a way to create a mathematical expression of a given program to prove its correctness, if you could pull it off, you could then state that there are no bugs within the program without any qualifiers implied or explicit.

Of course, FM hasn't yet developed methods or tools that let them do that on anything past a fairly trivial level yet and it's an open question if it's even possible, but thus far nobody's been able to prove that it cannot be done, only that it's desperately difficult (so was landing people on the moon in 1950, but we did it faster than someone in 1950 could produce a new voter, so saying something's impossible just because it's difficult should be something we've all learnt to avoid doing by now )

Here is mr rails talking about tests damaging designs etc; presumably now it'll be much easier to get people to believe testing isn't free, so thats good:

http://david.heinemeierhansson.com/2014/test-induced-design-damage.html

Giblet wrote: »

You say you know it's going to be called with a range of -1 and 1 but you don't guard against this.

Think about what you just wrote for a second.

Of course you shouldn't guard against things you know.


Its the same reason you don't write a test to check integer assignment.


You should guard against assumptions you have that might be wrong, where the chance of something violating the assumption, combined with the impact of the assumption being violated, outweighs the cost of checking the assumption. Sure.

But if you know the method is only going to be called with a certain range, you don't guard against it.


Programmers reading this might be thinking "Oh, haha, well, that's naive. You haven't worked in the real world. In the real world, your assumptions get violated all the time, because Johnny who inherits your code won't know your assumptions. blah blah"


Well, its naive to be absolutist about these things, either direction. It depends on the situation. In my example, it was a 2 person project shipping a game. So, you are either the programmer writing the code that calls that method, or someone you work closely with is. And your game is going to ship or not ship soon, and probably that method will be thrown away next week anyway.

So, if you write error handling the guards everything against everything, you just take too long to develop anything, and you've made the wrong cost/benefit tradeoff, and you are being a suboptimal developer.

Again, the point I've been making, is that you'd make different decisions for the code you write for the asteroid intercept mission, and different decisions again, for the same mission, but if your launch window is closing in 24 hours.

Giblet wrote: »

A simple unit test would have helped you write this method better. It's a public method, so you don't know the caller.

Public and private is just a way of formalising in code, what you do and don't know about who'll call your code. Its a way of putting boundaries around your assumptions, so you don't drown in error checking and documentation of interfaces.

But its an imperfect capture of what programmers actually know in their head. It can't precisely model those risk boundaries, which have to do with things like organisational structure, which programmers are writing which code, passage of time, which code is more fertile ground for bugs etc.

So its wrong to say 'oh, its a public method, so you dont know the caller'. The knowledge of whether or not I know the caller comes first. The public method is just an expression of that - an attempt to capture it. You've gotten the causality mixed up - your tail is wagging your dog.

Giblet wrote: »

It may sound obvious, but the error will probably crash the game, not return a glitchy result.

getErrorInPredictions(Double.MinValue,1)

Except it wont crash the game because that wont happen.


Its like the karate kid. Best block is not be there.

Best way to handle errors is not have errors.


In practice you can't always do this, OF COURSE.
There are interfaces where you don't have control over them, or where they are interacting with some fluid part of the system, or something where you can't trust what comes into the interface.

For everything else, there's [just assuming things are correct].

int x = 50;
int y = 20;


if ((x*y) > 50000) {
    //handle error
}

See the code above in a CRUD app? Fire the programmer.

See the code above in your micro satellite code? Well, you probably want to have a better discussion about how you handle cosmic radiation interference, but its a discussion, not a termination interview.

Giblet wrote: »

I would argue that you probably don't need to write the tests first, but you need to refactor in some tests at some point.

Yes, generally 'some tests at some point' is very easy to get behind. I agree.

Giblet wrote: »

DHH above makes a point about TDD in rails, and controllers. I agree with him, in ASP MVC I do not unit test controllers either (bear in mind he still suggests integration tests!), but only because my controllers don't do anything that hasn't been covered already, so to test them is to retest what I've already tested and testing private methods doesn't make sense in a lot of cases.

You see - its all about knowledge boundaries. Its not about public and private or about testing everything or tests being free. Its about cost vs benefit, and basic risk analysis.

Sparks wrote: »

Well, strictly the problem there isn't the words you highlighted, but the one I've underlined.

If you know a method will only be called with certain parameters, then that's all there is to it.

It doesn't matter what other people know, that's a second order thing that's fully captured, for the purposes of the decision about whether to write a guard, in your estimate of the interface being violated.

Sure, you might be wrong, but then you didn't really know what you thought you did. But that's all you need to capture the decision to reason correct about in probabilistically. What you should pay to avoid the risk is the cost of it happening times the estimated probability of it happening.

Might be fun to formalise all that, in this context, but someone has probably done it already.

Sparks wrote: »

And the example you've given to say it's not always so is incredibly esoteric btw - two people working on a small chunk of code with a one-shot-and-forget ship is a really astonishingly rare sort of project.

You are overstating that. Its certainly not 'incredibly esoteric', for two people to work on a small chunk of code, that might be shipped, or canned etc.

It mightn't be the bulk of programming, but it happens a lot. It even happens within big organisations.


Now, all the big projects you work on might have started out as badly designed small projects which everyone thought would be deleted next year, but now power the economies of nations, and, uh-oh.

But that doesn't mean that most small projects are going to go on to power the economies of nations. (thats prosecutors fallacy of course). And you can't set out to write small projects, as if that's what they were all likely to do - not if you want them to succeed with the resources they have.

Sparks wrote: »

The vast vast majority of coding doesn't work that way. And frankly, even if there was just one other coder on the project, I'm still sticking an assert in there because paranoia's a job skill

Its a balance though - the best choice isn't the paranoid one, in a lot of circumstances. Yes, that totally depends on the organisation, the context, etc, but thats my point - I'm not talking about extreme edge cases.

fergalr wrote: »

If you know a method will only be called with certain parameters, then that's all there is to it.

I dont understand how you can state that you "know" it wont be called with negative values?
Its public...in 4 years time it could be living as some compiled jar somewhere that someone else starts to use...how do you know whats going to happen in the future?

Honestly I think your previous answer of "you havent worked in the real world" is correct, in the real world anyone can call a public method with anything, sometimes 10 years after you originally wrote it..

I never ever use public to mean "the actual public"...

Callable by anyone of course assumes it's part of a library being consumed, even internally, and the call is not encapsulated.

GreeBo wrote: »

I dont understand how you can state that you "know" it wont be called with negative values?
Its public...in 4 years time it could be living as some compiled jar somewhere that someone else starts to use...how do you know whats going to happen in the future?

Honestly I think your previous answer of "you havent worked in the real world" is correct, in the real world anyone can call a public method with anything, sometimes 10 years after you originally wrote it..

Stark's post answers this really well, in my opinion.

Like, 'knowing X' is believing that the probability of X being true is very high. Depending on how high that probability is, and the costs either way, you make your judgement call.

If you get dogmatic about it in either direction, you get bad code.

One way, you end up with fragile code that isn't robust against unanticipated user input, say.
The other way, you end up with code that checks the username is correct at every single step in the system; if you have enough such checks to do, when you look at your code, instead of simple clear methods, you see 20 lines of error checking and handling for a method that then does 3 lines of actual work, and you see this for all of your methods everywhere, and the code can't be easily changed.

A lot of this discussion reminds me of the arguments around checked exceptions vs unchecked exceptions:

http://tutorials.jenkov.com/java-exception-handling/checked-or-unchecked-exceptions.html

In short: for checked exceptions: everything's explicit, against: polluting your stack with throws declarations, makes it difficult to later make changes to your code.

Sparks wrote: »

Well, yes, that's the point.
(a) Changing the data is changing the design and that's not free so you expect a cost; and (b) the point of the asserts is that you change the code 5 times, not 4!

Why exactly? Good code should have separation of concerns and be easy to change.

If the business for example specifies that the largest payment a payment system should be able to process is say 500 euro to safeguard against an administrator making a mistake and bankrupting the company, then that magic 500 number should appear in at most a couple of places in the code. If in the future the business decides due to inflation that that number should be 750, the programmer shouldn't be turning around and saying "sorry, we deliberately made the cost of changing that validation high, we'll have to touch every part of our codebase and regress everything". It shouldn't be your concern if someone down the line takes your code and decides to make a payment system that processes 10,000 euro payments out of it. Your concern is making code that works well for its current purpose and is easy to change if requirements change in the future.

Sparks wrote: »

with the lovely comment identifying us as the original author but not the idiot who made a patchwork function without knowing the original assumptions.

Tbh, this is a good argument against having silly comments to say who wrote a piece of code. The original author of a piece of code often isn't the maintainer and it's wasteful to comment the code with audit information when we have SCM systems to indicate who wrote a file or changed a file.

Sparks wrote: »

Well, yes, that's the point.
(a) Changing the data is changing the design and that's not free so you expect a cost;

Absolutely - but what I'm saying is, that there is a benefit to minimising the cost of changes, and a cost to anything that increases the cost of changes.

In many situations, where codebase is dynamic, certain tests/guards/etc have a cost outweighing the benefit.

Other tests/guards/etc are even more valuable when the codebase is dynamic.

Sparks wrote: »

and (b) the point of the asserts is that you change the code 5 times, not 4!

And asserts are often great, for just that reason. I'm not saying 'never use asserts'. I'm saying 'think about whether the particular guard is worthwhile'.


Again, the overarching point I'm trying to make, is that:

Bad: "Its the right/best thing to do to write guards on any public method, so thats why I'm going to write a guard here."

Good: "Ok, I've wrote this public method. Does it make sense to write a guard in this case? Is it likely to be worth doing here, given what I know about how this is likely to be used?"

Sparks wrote: »

Well, yes, but games programming aside, not many of us have the luxury of assuming our code has a short lifespan and won't ever get repurposed, relinked, have its internal APIs abused by direct access, or worst yet, ctrl-c-ctrl-v'd into something else along with the lovely comment identifying us as the original author but not the idiot who made a patchwork function without knowing the original assumptions.

Sure, if you are in a situation where the code is going to be reused a lot, you do things differently.

Still, though, even in enterprise settings, as a project evolves, it'd be interesting to know what percentage of code thats written actually survives a long time. I remember working in enterprise settings, a surprising amount of projects and code were discarded or deleted within in a few months after they were written.

Sparks wrote: »

The rule for things like this is that the longer something's been around, the further away its end-of-life is.

Actually, kind of a technical point, but that's not actually incompatible with thinking that most code been written is going to be thrown away soon.
Might seem paradoxical, but lots of things are - totally logically - like that.

This is making me curious about whether people have studied these things - the distribution of the lifetime of a line of code, etc.

oscarBravo wrote: »

Just zooming in on this: the only reason I'd assert a range of values for a parameter is because the function's logic makes assumptions based on that contract. If the function is written in such a way as not to make any difference - the example function you provided is a case in point - then there's nothing to assert, because it will just work the same way.

I worked on some code this week that, inter alia, does duration calculations on time values. If I can be confident that the first argument will always be earlier than the second, I can take some shortcuts in how the code is written. But if the arguments are ever the other way around, those shortcuts break the code.

I'm making the case that in such circumstances, the correct approach is to assert the parameter ordering at the very start of the function. Then, in two years' time, when I decide to call the function with arbitrary times (forgetting the assumptions), instead of getting some really strange results that I have to hunt down, I get an assertion error, which reminds me of the need to either (a) pass the parameters in the correct order, or (b) remove the assertion, and rewrite the function to handle more cases.

That all makes total sense.


What about the case where you take the times from the database, and the SQL query returns them in sorted order?

Then you pass them through a helper function that increments them all by one.

Finally, you run the method you mentioned that relies on them being sorted.

Do you assert that they are sorted in every method? Check that they are still sorted when they come back from every other method?


Sometimes that would make sense - if defense in depth is important.

But other times, its a bad idea - your code just ends up looking like microsoft in this picture:

http://usingapple.com/wp-content/uploads/2011/06/Organizational-Chart-for-Apple-Amazon-Facebook-Google-Microsoft-and-Oracle.jpg

oscarBravo wrote: »

I guess I'd just summarise by saying that if a function makes assumptions about its parameters that it relies on in order to reliably produce a result, the function should assert those assumptions. If it's not asserting the assumptions, it shouldn't rely on them.

In general, thats a rule most people would agree with.

But you didn't answer the more specific scenario I gave.
If you take that general rule, and apply it to a system where the, e.g. user input gets passed down 10 levels of abstraction (i.e. 10 method calls) into the system, and if you call the helper functions to canoicalise/escape/security-check/check-non-null/guard that user input, and apply each of these guards at every one of the 10 steps, rather than just at some external system boundary, then you are probably doing things wrong.

Its a sensible general rule, but if you apply it everywhere without regard for cost, your code will be suboptimal.