views:

180

answers:

6

Hey all!

So, I was just coding a bit today, and I realized that I don't have much consistency when it comes to a coding style when programming functions. One of my main concerns is whether or not its proper to code it so that you check that the input of the user is valid OUTSIDE of the function, or just throw the values passed by the user into the function and check if the values are valid in there. Let me sketch an example:

I have a function that lists hosts based on an environment, and I want to be able to split the environment into chunks of hosts. So an example of the usage is this:

listhosts -e testenv -s 2 1

This will get all the hosts from the "testenv", split it up into two parts, and it is displaying part one.

In my code, I have a function that you pass it in a list, and it returns a list of lists based on you parameters for splitting. BUT, before I pass it a list, I first verify the parameters in my MAIN during the getops process, so in the main I check to make sure there are no negatives passed by the user, I make sure the user didnt request to split into say, 4 parts, but asking to display part 5 (which would not be valid), etc.

tl;dr: Would you check the validity of a users input the flow of you're MAIN class, or would you do a check in your function itself, and either return a valid response in the case of valid input, or return NULL in the case of invalid input?

Obviously both methods work, I'm just interested to hear from experts as to which approach is better :) Thanks for any comments and suggestions you guys have! FYI, my example is coded in Python, but I'm still more interested in a general programming answer as opposed to a language-specific one!

+2  A: 

Checking within the function adds complexity, so my personal policy is to do sanity checking as far up the stack as possible, and catch exceptions as they arise. I also make sure that my functions are documented so that other programmers know what the function expects of them. They may not always follow such expectations, but to be blunt, it is not my job to make their programs work.

Ignacio Vazquez-Abrams
@Ignacio, but if you return incorrect results, they may not be discovered until far later in the program, and that is hell to debug. While I happen to read documentation before I use a function, I think most programmers actually do not read the documentation.
Michael Aaron Safyan
+5  A: 

I'd do the check inside the function itself to make sure that the parameters I was expecting were indeed what I got.

Call it "defensive programming" or "programming by contract" or "assert checking parameters" or "encapsulation", but the idea is that the function should be responsible for checking its own pre- and post-conditions and making sure that no invariants are violated.

If you do it outside the function, you leave yourself open to the possibility that a client won't perform the checks. A method should not rely on others knowing how to use it properly.

If the contract fails you either throw an exception, if your language supports them, or return an error code of some kind.

duffymo
And what do you do if the contract fails?
anon
@Neil: Throw an exception.
Stefan Kendall
@Stefan And if your implementation language doesn't support exceptions, as it may be the OP's doesn't? Please note I'm not disagreeing with PBC, but if you use it you must say, explicitly, what happens when the contract fails.
anon
You could return an error code, as if you were programming in 1970. My suggestion? Get a language with exceptions.
Stefan Kendall
@Neil, @Stefan: I dislike the knee-jerk response to throw an exception if a contract is violated. The exception becomes part of the contract, part of the interface if you will, and now all callers have to figure out how they're going to cooperate to deal with that exception. I prefer to use exceptions for actual control flow; if a contract is violated, a typical program should halt with an error message (and if necessary, the environment should launch another instance).
Norman Ramsey
@Norman, the callers don't have to figure anything out; if it is a logic error (such as dereferencing a null pointer, accessing an out of bounds index, passing an illegal argument, etc.), then the callers don't need to handle it at all... it will just percolate all the way back up to main where it will halt the program with an error message just like you want. The advantage to the exception, though, is that you can add more information as it goes up the chain or change the way the error is reported (e.g. you could choose to send it to a log file instead of to standard error).
Michael Aaron Safyan
@Michael the callers have to know that the exception can be raised, and someone (like `main`) has to agree to handle that exception. There are lots of good things about exceptions, but if you want to signal bad input by an exception it should be done in the validation function not in the processing function.
Norman Ramsey
Actually, main doesn't have to agree to handle exceptions, at all, at least not in most programming languages with exception handling. In both C++ and in Java, if an exception propagates out of main without being handled, then the result is termination of the program with an error message explaining the exception. In C++ you get the result of the "what()" function, and in Java, you get the result of the "printStackTrace()" function.
Michael Aaron Safyan
+2  A: 

It often makes sense to check the input in both places.

In the function you should validate the inputs and throw an exception if they are incorrect. This prevents invalid inputs causing the function to get halfway through and then throw an unexpected exception like "array index out of bounds" or similar. This will make debugging errors much simpler.

However throwing exceptions shouldn't be used as flow control and you wouldn't want to throw the raw exception straight to the user, so I would also add logic in the user interface to make sure I never call the function with invalid inputs. In your case this would be displaying a message on the console, but in other cases it might be showing a validation error in a GUI, possibly as you are typing.

Mark Byers
+1  A: 

How to handle errors depends on the programming language; however, when writing a commandline application, the commandline really should validate that the input is reasonable. If the input is not reasonable, the appropriate behavior is to print a "Usage" message with an explanation of the requirements as well as to exit with a non-zero status code so that other programs know it failed (by testing the exit code).

Silent failure is the worst kind of failure, and that is what happens if you simply return incorrect results when given invalid arguments. If the failure is ever caught, then it will most likely be discovered very far away from the true point of failure (passing the invalid argument). Therefore, it is best, IMHO to throw an exception (or, where not possible, to return an error status code) when an argument is invalid, since it flags the error as soon as it occurs, making it much easier to identify and correct the true cause of failure.

I should also add that it is very important to be consistent in how you handle invalid inputs; you should either check and throw an exception on invalid input for all functions or do that for none of them, since if users of your interface discover that some functions throw on invalid input, they will begin to rely on this behavior and will be incredibly surprised when other function simply return invalid results rather than complaining.

Michael Aaron Safyan
+2  A: 

"Code Complete" suggests an isolation strategy where one could draw a line between classes that validate all input and classes that treat their input as already validated. Anything allowed to pass the validation line is considered safe and can be passed to functions that don't do validation (they use asserts instead, so that errors in the external validation code can manifest themselves).

GSerg
+5  A: 
Norman Ramsey
Wow, this is a very detailed and insightful response, thanks! (others were of course good too!)
shawnjan