Programming Mistakes To Avoid

snydeq writes "InfoWorld's Peter Wayner outlines some of the most common programming mistakes and how to avoid them. 'Certain programming practices send the majority of developers reaching for their hair upon opening a file that has been exhibiting too much "character." Spend some time in a bar near any tech company, and you'll hear the howls: Why did the programmer use that antiquated structure? Where was the mechanism for defending against attacks from the Web? Wasn't any thought given to what a noob would do with the program?' Wayner writes. From playing it fast and loose, to delegating too much to frameworks, to relying too heavily on magic boxes, to overdetermining the user experience — each programming pitfall is accompanied by its opposing pair, lending further proof that 'programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes.'" What common mistakes do you frequently have to deal with?

Printable version - All on one page

[Yuioup]

And now for the printable version with all the tips on one page:

http://infoworld.com/print/145292

Y

Re:Printable version - All on one page

[CountBrass]

'programming may in fact be transforming into an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes.' Bullshit. Programming has always been an art that required skill and a creative mind. The only people who have claimed otherwise have been managers, who would prefer all techies were interchangable cogs, and crap programmers: the gimps and muppets of our trade.

Re:Printable version - All on one page

[commodore64_love]

>>>Programming has always been an art that required skill and a creative mind

plus logical thinking (like the machine you're programming). It always surprised me when my Professor/Director of Engineering said programming should not be considered a "science" or "engineering". He said they were the equivalent of bus drivers - just human beings running a machine.

At first I thought, 'Well maybe he has a point' but no not really. Driving a machine is a skill that can be learned in a day or two. Programming a machine requires years - the same amount of time needed to learn any engineering discipline.

 

Tests, Manual, Support by programmer.

[Barryke]

What common mistakes do you frequently have to deal with?
- Software only tested by programmer.
- Manual only written by programmer.
- Support can't do a day without programmer.

A good programmer should know when to delegate. Or their boss should. Depends on office culture perhaps.

Re:Tests, Manual, Support by programmer.

[Tridus]

Don't think thats the fault of the programmer in a lot of cases. I'd love to have someone in my office to write a manual and do proper QA. But the budget doesn't include those things, and I don't get to set the budget.

Sometimes the reality is that you either get a program that doesn't have those things, or you try to do those things and don't have enough money to build anything.

Re:Tests, Manual, Support by programmer.

[Jimmy+King]

I agree. This is a very big problem for me as management keeps cutting back the tech staff where I work.

I write the code, I test the code, I write the docs for people. I've tried explaining over and over again that this is terrible. I shouldn't be the final tester. I already think it works or I wouldn't have written it that way and wouldn't be at the point of testing. This affects my testing and causes me to miss things. I also know how it's supposed to work too well and so don't even think to try stupid stuff that users inevitably do which breaks stuff.

Documentation is similar. I know how it works and how it was intended to work. At times this makes things obvious to me that are not necessarily obvious to someone else and so they may not find their way into the documentation.

Maintaining code by others are always a nightmare

[TheViciousOverWind]

Until you spend enough time with it, to learn why the original programmer did as he did.

As I see it, most projects start out with a good structure and the best of intentions, and then comes deadlines and the developer having to juggle several projects at once, and then a shortcut is taken here, then there. And suddenly you end up with a non-documented project where the only person that knows how it works is the original developer.

There will however always be BAD code by bad programmers. I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application) and PHP projects which should be OOP'ed but consisted of about 500 files that included each other in a huge confusing net.
I've also had to take over projects where the original developer was using new technology because he thought it would be fun (at the expense of the customer). Having a huge website in PHP/MySQL and then having crucial parts of it in Ruby/PostreSQL is just a maintenance nightmare.

Missing from the article

[eagleyes]

The most common programming mistake to avoid: Reading badly written articles about "what programming mistakes to avoid".

Re:do x but not too much!

[Chrisq]

Doesn't mistake number 2 contradict number 1? Or am I missing something?

The whole lot is full of contradictions:

4: Delegating too much to frameworks 8: Reinventing the wheel
9: Opening up too much to the user 10: Overdetermining the user experience
5: Trusting the client 6: Not trusting the client enough

I think that there is a meta-message, akin to Buddha's middle way. Don't take any rule to extremes.

Programming Mistake #0

[Voulnet]

Programming mistake #0: Believing that your computer degree (Computer Engineering or Computer Science alike) automatically puts your code in a high level of quality.

Not to bring any academia vs industry argument, but many students miss the idea of a Computer degree with programming courses in it: The degree intentionally doesn't go to details because it needs to give you a background into a broader set of subjects. Industry needs one to be very attentive to details in that one thing he's doing at the moment.

Re:Programming Mistake #0

[digitig]

True enough. And since every rule has to have a complement, 0a: Assuming that you don't need to learn any of that theory: algorithms, data structures, normalisation and so on

"Common" mistakes

[Alex+Belits]

The only common mistake I see is not firing the programmer who makes any of those "common" mistakes. There is absolutely no reason for any of this shit to be "common" unless "programmers" who make them are uneducated dumbasses who should never be allowed anywhere near software development.

Now, please, give me the list of "common mistakes" made by surgeons and aircraft engineers, and compare them with this list of amateurish crap.

Re:"Common" mistakes

[icebraining]

UK doctors leave 722 objects inside patients in 1 year

Re:"Common" mistakes

[tudorl]

Now that's what I call encapsulation :)

Re:"Common" mistakes

[Just+Some+Guy]

UK doctors leave 722 objects inside patients in 1 year

That's actually not the fault of the doctor, except in the "it's his O.R. so anything that happens in it is his responsibility" sense.

The "circulating" tech or nurse is the non-sterile person who fetches stuff out of cabinets, opens packages, and makes notes like "opened a package of 10 sponges" (typically by making a row of checkmarks on a pre-printed form).

The "scrub" tech or nurse is the sterile-gowned-and-gloved person standing next to the surgeon who passes instruments, puts knife blades on the scalpel handles, loads the needle drivers, and keeps track of the gazillion tiny pieces to everything. There are so many removable parts because everything has to be able to be broken down into pieces small enough to clean, sterilize, and package, and part of preparing for a surgery is re-assembling all the stuff so it'll be ready if the surgeon needs it.

The circulators and scrubs work together as a team. The circulator will say stuff like "here's the 10-pack of sponges", and the scrub will relay messages like "I counted them and there are 10 sponges there" or "I opened a package of 5 needles and there are actually 5 needles". The circulator will check off "10 sponges" or "5 needles" or "bolt and wingnut for the retractor" to build a list of everything that has been opened in the room which could possibly fit inside someone.

At some point, the surgeon will say, "OK, I'm getting ready to close". At this point, "the count" begins. The circulator will ask how many needles the scrub has, and the scrub will answer (including the one that the surgeon is actively using at that moment). If the counts match, the circulator will check off "needles" and move on to sponges, or knife blades, or wingnuts, or whatever else they'd opened earlier. When they're done, the circulator will announce that the count is correct and the surgeon will finish closing, which they're already well into by this point because the count is pretty much always correct.

Except when it's not.

The biggest ass-chewing I've ever received in my life was when I was in the Navy and scrubbing for some captain and we couldn't reconcile the number of sponges. One was missing, and the presumption was that it was still inside the patient. After a few minutes of pissed-off-high-ranking-officer-screaming, they wheeled the patient out anyway and prepared to X-ray them to find the missing sponge. Ideally, everyone would stop what they're doing and stand around while we searched, but the realities of surgery are that the anesthesiologist plans the sleeping and waking cycles and you really don't want to start putting them back down into deep anesthesia or keep them down longer than absolutely necessary.

So, we tore the room apart. We moved cabinets. We dismantled the surgical table. We dumped all the trash - clean and hazardous - onto the floor to dig through it. The captain would periodically stick his head in to ask why the hell we hadn't found the f'ing sponge yet and what the hell was wrong with us and did we know whether this was a courtmarshalling offense.

Finally, the anesthesia resident - a much lower-ranking officer fresh from med school - sheepishly asked what a sponge looked like. Turns out, one had fallen on the floor during the case and he'd "helped" us keep the room clean by throwing it in the anesthesia trash that he was responsible for.

As an enlisted person, that was the one time in my career that I actually yelled at an officer (who had the good grace to accept that he'd screwed up and had it coming to him). He went and told the surgeon what happened, X-rays were avoided, courtmarshalls were cancelled, and we scrubbed the room down from ceiling to floor because we'd strewn bloody trash all over the place while digging through it.

Anyway, so yeah. The counts are ultimately the responsibility of the surgeon, but the surgeon is not the person who actually does the counting - nor could they possibly be expected to without dramatically lengthening the time a patient would have to spend under anesthesia. Behind every object left inside a patient is a scrub and/or circulator who accidentally miscounted or who lied on the count sheet to hide their screwup.

Pointer typedefs

[QuoteMstr]

Pointer typedefs were a bad idea in the 1980s. They're just terrible today. One pet peeve of mine is this:

typedef struct _FOO { int Blah; } FOO, *PFOO;

void
SomeFunction(const PFOO);

That const doesn't do what you think it does. There was never a good reason to use pointer typedefs. There is certainly no good reason to do so today. Just say no. If your coding convention disagrees, damn the coding convention.

Re:Pointer typedefs

[$RANDOMLUSER]

His point was that a PFOO is a POINTER to a struct _FOO, and so when you say void SomeFunction(const PFOO), you're saying that the POINTER is constant, not the thing being pointed to, which is probably not what was intended. Since the definition of PFOO is located elsewhere, probably in another header file, it's easy to get yourself confused as to what data type you're dealing with.

Programming Mistakes To Avoid

[$RANDOMLUSER]

1) VB
2) Perl
3) Silver bullets
3) Writing your own "framework".
4) Using somebody else's "framework".

Re:Mistakes?

[Chrisq]

I very rarely see programming mistakes.

Neither do the bad programmers!

Re:#1 - Not managing the pointers and memory yours

[dhavleak]

#1 - If you are a programmer, BE A PROGRAMMER and manage the pointers and memory allocations yourself. Garbage collection is for little boys. Men deal with it on their own with techniques that work and are efficient.

So mega-strongly disagree dude. Not saying you shouldn't do heavy lifting when necessary -- just that you should only do it when necessary. Don't re-invent the wheel every time. Frameworks exist that do work for you for a reason. Chose your frameworks well, understand them in depth, and you can do good things. If you "start from the first principles" every time, you end up with a humongous fucking surface of new code -- which is bound to have a nasty bug or three. It comes down to choosing the best tools for the job.

#2 - Initialize all variables to known values. int i; doesn't cut it. int i=0; does.

True dat. Lots security pitfalls here too -- not just garden variety bugs.

#3 - Use descriptive variable names

So true. Corollary to that: because a variable name is descriptive, don't make wanton assumptions about it.

#4 - you shouldn't be allowed to program anything new until you've been a maintenance programmer for a few years and seen the crap code that others puke into the world. Your crap code stinks too, BTW.

I'd modify this to say "always, always, always have a peer-review process". Junior devs are prevented from checking in crap because it gets caught by senior devs. The junior devs also learn quality habits from reviewing senior devs' code. Multiple reviewers is always a good thing. Review your design among the entire team before anyone writes a single line of code. Remember to keep security in mind when reviewing code. Use static analyzers when you're done with the "human" aspect of the review. Apply every imaginable quality bar to your code, and only check it in once it has passed scrutiny.

Is this real?

[Psychotria]

I've not worked as a programmer for, hmm, maybe 15 years and all of this was known way back even before I "retired" from that line of work. Perhaps all these levels of abstraction upon abstraction make things harder to understand. Back in my days these "pitfalls" were obvious because we all (well, not all, but a lot) knew ASM and actually even used it regularly (even inline, *shudder*).

Someone above mentioned pointer typedefs and gave the example of typedef struct { int Blah; } FOO, *PFOO; (yes I left off the bit before the the opening brace deliberately.) and then suggesting that people don't know that void SomeFunction (const PFOO) {} doesn't behave as expected. Now this could, I suppose, be seen as a failure of the language. But, shit, any idiot who understands the underlying logic can see why that causes problems. Which goes back to my point of maybe all these modern levels of abstraction and getting away from the machine are, in some ways, detrimental.

Now, get off my lawn. Umm, except I don't have a lawn because I sprayed the growth inducing hormone RoundUp all over it, but that is beside the point. I think.

Re:Maintaining code by others are always a nightma

[BiggerIsBetter]

There will however always be BAD code by bad programmers. I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application) and PHP projects which should be OOP'ed but consisted of about 500 files that included each other in a huge confusing net.

I see this one as a lack-of-experience problem. People have good intentions and want to build scalable, extensible, maintainable code. This is good. Unfortunately however, they're wrong. The apps they're building are small irregardless of the amount of thought they put into them, and they won't have to scale and extend the way they think they might - you don't need interfaces and impls and arbitrary inheritance for everything when the webapp is 4 screens of Spring WebFlow! Sure, if you're building something that warrants it, this is the way to go, but most of aren't building apps that big or flexible. It seems to take time to learn this, and to know when to apply the patterns and when to just build it.

As a smarter man than I once said, Make things as simple as possible, but no simpler. If you do that, your code will work, it'll be understandable by the next guy, and you'll have a fighting chance of meeting your deadlines.

Two Major Mistakes

[grcumb]

My two most common mistakes:

1. Variable scoping
2. Memory leaks
3. Off-by-one errors

The PRE programming mistakes

[petes_PoV]

By the time the coding starts, most projects are already doomed. The basic mistakes that occur before any code is written have a far greater effect on the project. While these are almost all outside the control of the programmer, he/she always gets the blame due to the "last person who touched it, broke it" principle. My short list of favourites would be:

Allowing too many options / features in the design. The classic example being unable to decide whether feature A or B is best, and ducking the issue by including them both

Assuming 5 working-days of effort can be achieved in a working week. Conveniently forgetting about all the office overheads such as "progress" meetings, timesheet administration, interrupted work, all the other concurrent projects. Even the most efficient, single-threaded operation needs half a working-day per week just for the trivia.

Following on from that, conveniently forgetting about annual leave commitments, national holidays and the possibility of sickness. If 5 working-days per week is impractical, 12 working-months in a year is downright negligent.

The tacit assumption that testing will inevitably be followed by reelase - rather than bug-fixing.

Holding the end-date constant while delaying the start, or presuming that all delays in the specification, design, approval stages can somehow be reclaimed during coding (how: by thining faster?)

Re:do x but not too much!

[turbidostato]

"The whole lot is full of contradictions"

No, it isn't. It goes "don't do that... but don't fall in the other extreme".

That's on line with his central idea that programming is "an art, one that requires a skilled hand and a creative mind to achieve a happy medium between problematic extremes".

Don't get me started

[mrjb]

Don't get me started on preventing programming mistakes. If I'd address the most common programming mistakes that I've ran into in the wild and write an article about each of those mistakes at a time, I would end up with a whole book on the matter and would probably call it "Growing Better Software".

I find the given top 12 list of mistakes a bit weak- I'd be able to avoid all of these and yet write horrible code. My personal recommendation for a top 12 of programming mistakes to avoid would be:

1. Failing to check function parameters before using them: null pointers, limits, lengths, etc. This will make your program unstable and/or unpredictable.

2. Spending too little time thinking about and designing the data structure of the application. This will make you get stuck when maintaining/extending your application.

3. Following every market hype - When the marketing bubble bursts, you'll have to start over again.

4. Designing user interfaces without actually involving users - You'll be surprised how easy it is to confuse users.

5. Infinitely deeply nested if/else statements - This will make code absolutely unreadable.

6. No documentation whatsoever - Who's going to maintain your code after you change jobs?

7. Ignoring existing, universally accepted standards - so you'll cause interoperability issues or be doomed to either reinvent the wheel.

8. Hard-coded values/magic numbers - as a result, any change must be made in code rather than allowing power users to configure their own system.

9. Littering code with global variables - this implies statefulness of code, making it pretty near impossible to predict how a function will behave next time it is called.

10. Being unaware of the "Big O" order of your algorithms, causing code to be unnecessarily inefficient.

11. Strong platform dependency: This can shorten the lifetime of your application to whenever the next platform upgrade takes place, or keep you stuck at the current version of the current platform forever.

12. Thinking you can figure out everything by yourself - In learning by doing, experience can only follow from making mistakes. By getting yourself a mentor or an education, you can actually learn from the mistakes that thousands have made before you.

13. Stopping at 12.

Re:Maintaining code by others are always a nightma

[Savage-Rabbit]

There will however always be BAD code by bad programmers. I've taken over Java progress where everything was OOP'ed into hell (as in a bazillion classes more than was needed for the application) and PHP projects which should be OOP'ed but consisted of about 500 files that included each other in a huge confusing net.

Taking over projects fitting those descriptions is never a good idea. They are nothing but pain, it's impossible to resolve the problems with the app and the code unless you opt for a complete rewrite. If, however, you go that route the remaining developers will be pissed off because they wrote the crappy code and you are basically saying that their ugly baby is ... well ... UGLY! What's worse, you are saying it out loud for everybody including the PHBs to hear. Eventually you end up being frustrated, your PHB either caves in to complaints about you and puts you in your place or you get laid off. Unless, of course, you anticipate this and quit before he gets the chance. There is no substitute for writing code properly and designing and planning your application properly no matter how insignificant the application seems to be because you will never know which piece of shit app will take off and scale into something much, much bigger. Myself, I learned this from a friendly lecture I was given by my boss after I handed in my first project on my very first job. He made me rewrite the thing entirely claiming it was better that I learned the value of things like database abstraction and MVC separation right away. He was right.

Re:Programming Mistakes To Avoid...

...just try to avoid errors and you should be set.

But Warnings are ok. Just no errors. Warnings still compile.