5
pages
English
Documents
2013
Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus
Découvre YouScribe en t'inscrivant gratuitement
Découvre YouScribe en t'inscrivant gratuitement
5
pages
English
Documents
2013
Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus
design
Editor: Martin Fowler ■ ThoughtWorks ■ fowler@acm.org
Fail Fast
Jim Shore
he most annoying aspect of software de- nullsent? A common approach is to return
or a default value: velopment, for me, is debugging. I don’t
mind the kinds of bugs that yield to a
public int maxConnections() {few minutes’ inspection. The bugs I
string property = hate are the ones that show up only af-T getProperty(“maxConnections”);ter hours of successful operation, under
if (property == null) {unusual circumstances, or whose stack traces
return 10;lead to dead ends.
}Fortunately, there’s a simple technique that
else {will dramatically reduce the number of these
return property.toInt();bugs in your software. It won’t re-
}duce the overall number of bugs, at
}least not at first, but it’ll make
most defects much easier to find.
In contrast, a program that fails fast willThe technique is to build your
software to “fail fast.” throw an exception:
Immediate and public int maxConnections() {
visible failure string property =
Some people recommend mak- getProperty(“maxConnections”);
if (property == null) {ing your software robust by work-
throw new NullReferenceExceptioning around problems automatically.
(“maxConnections property not This results in the software “failing slowly.”
found in “ + The program continues working right after an
this.configFilePath);error but fails in strange ways later on.
}A system that fails fast does exactly the op-
else {posite: when a problem occurs, it fails imme-
return property.toInt();diately and visibly. Failing fast is a nonintuitive
}technique: “failing immediately and visibly”
}sounds like it would make your software more
fragile, but it actually makes it more robust.
Imagine this method is part of a Web-basedBugs are easier to find and fix, so fewer go into
production. system that’s undergoing a minor upgrade. In this
For example, consider a method that reads release, let’s say the developer accidentally intro-
a property from a configuration file. What duces a typo in the configuration file, triggering
should happen when the property isn’t pre- the error-handling code. For the code that returns
0740-7459/04/$20.00 © 2004 IEEE Published by the IEEE Computer Society IEEE SOFTWARE 21DESIGN
public class Assert {
public static void true(bool condition, string message) {
if (!condition) throw new AssertionException(message);
}
public static void notNull(object o) {
if (o == null) throw new NullReferenceException();
}
public static void cantReach(string message) {
throw new UnreachableCodeException(message);
}
public static void impossibleException(Throwable e, string message) {
throw new UnreachableCodeException(e, message);
}
}
Figure 1. An assert class in Java. Most languages have built-in assertions,
but they don’t always throw exceptions.
They’re also usually pretty generic, limit-
1 public static void Main() ing expressiveness and causing duplica-
2 { tion. For these reasons, I usually prefer to
3 WriteCenteredLine(null); implement my own assertion class, as Fig-
4 } ure 1 shows.
5 However, it’s tough to know when to
6 public void WriteCenteredLine(string text) add assertions. One way to tell is to look
7 { for comments. Comments often docu-
8 int screenWidth = 80; ment assumptions about how a piece of
9 int paddingSize = (screenWidth – text.Length) / 2; code works or how it should be called.
10 string padding = new string(‘ ‘, paddingSize); When you see those comments, or feel
11 Console.WriteLine(padding + text); like writing one, think about how you
12 } can turn it into an assertion instead.
When you’re writing a method, avoid
writing assertions for problems in the
Figure 2. A stack trace a default value, everything will seem fine. But method itself. Tests, particularly test-driven de-
that leads to a null when customers start using the software, they’ll velopment, are a better way of ensuring the cor-
reference (C#). encounter mysterious slowdowns. Figuring it out rectness of individual methods. Assertions shine
could take days of hair pulling. in their ability to flush out problems in the
The outcome is much different when we seams of the system. Use them to show mis-
write the software to fail fast. The instant the takes in how the rest of the system interacts
developer introduces the typo, the software with your method.
maxConnectionsstops functioning, saying
Writing assertionsproperty not found in c:\projects\
SuperSoftware\config.properties. The A good example of the finesse needed to
Assert.notNull().developer slaps his or her forehead and spends use assertions well is
30 seconds fixing the problem. Null reference exceptions are a common
symptom of defects in my programs, so I’d
Fail-fast fundamentals like my software to tell me when a null refer-
Assertions are the key to failing fast. An as- ence is created inappropriately.
Assert.sertion is a tiny piece of code that checks a con- On the other hand, if I used
notNull()dition and then fails if the condition isn’t met. So, after every single variable assign-
when something starts to go wrong, an assertion ment, my code would drown in a sea of useless
detects the problem and makes it visible. assertions. So I put myself in the shoes of the
22 IEEE SOFTWARE www.computer.org/softwareDESIGN
luckless developer debugging the system. When a
1 public class Example
null reference exception occurs, how can I make 2{
it easy for the developer to find the problem? 3 public static void Main()
Sometimes, the language will automatically 4{
tell us where the problem is. For example, Java 5 FancyConsole out = new FancyConsole();
and C# throw a null reference exception when 6 out.WriteTitle(“text”);
a method is called on a null reference. In simple 7}
cases, the exception’s stack trace will lead us to 8}
the source of the problem, as in this example: 9
10 public class FancyConsole()
System.NullReferenceException
11 {
at Example.WriteCenteredLine()
12 private const screenWidth = 80;
in example.cs:line 9
13 private string _titleBorder;
at Example.Main() in
14
example.cs:line 3
15 public FancyConsole()
16 {
Here, tracing backwards through the stack
17 _titleBorder = getProperty(“titleBorder”);
trace leads us to line 3, where we see a null ref- 18 }
erence being passed into a method (see Figure 19
2). The answer’s not always obvious, but a 20 public void WriteTitle(string text)
few minutes of digging will find it. 21 {
Now consider a more complicated case, 22 int borderSize = (screenWidth – text.Length)
such as /(_titleBorder.Length * 2);
23 string border = “”;
System.NullReferenceException
24 for (int i = 0; i < borderSize; i++)
at Example.Main() in
25 {
example.cs:line 22
26 border += _titleBorder;
at FancyConsole.Main() in
27 }
example.cs:line 6
28 Console.WriteLine(border + text + border);
29 }
Here, the stack trace leads to lines 6 and 22,
30 }
which doesn’t help at all (see Figure 3). The real
getProperty() returns null,error is at line 17:
_titleBorder is Figure 3. A stack trace that leads to a dead end (C#).causing an exception when
dereferenced at line 22. The stack trace leads to
a dead end in this case—typical of code designed
public string toString(Object parameter) {to fail slowly—requiring tedious debugging.
return parameter.toString();It’s this latter case that I want to prevent. I
}need the program to give me enough informa-
tion to find bugs easily. So for my code, I’ve in-
(a)stituted the following rule of thumb: in most
cases, the program will fail fast by default, so I
public class Foo {don’t do anything special about null references
private Object _instanceVariable;(see Figure 4a). However, when I assign a pa-
rameter to an instance variable, the program
public Foo(Object instanceVariable) {won’t fail fast without my help, so I assert that
Assert.notNull(instanceVariable);the parameter is not null (see Figure 4b).
_instanceVariable = instanceVariable;This rule of thumb could be helpful for
}your programs, too, but the main point here is
}the thought process I went through. When
adding assertions to your code, follow a line
(b)
of reasoning like the one I used for null refer-
ence exceptions. Think about what kinds of
Figure 4. An Assert.notNull() rule of thumb: (a) no assertion defects are possible and how they occur. Place
necessary and (b) assertion needed.your assertions so that the software fails ear-
September/October 2004 IEEE SOFTWARE 23DESIGN
lier—close to the original problem—making string result =
file.readProperty(key);the problem easy to find. What kinds of prob-
// assertion goes herelems are common in your code and how can
return result;you use assertions to make them easy to fix?
}
Eliminate the debugger
In some cases, a stack trace is all you need to You could write the assertion message in sev-
find an error’s cause. In other cases, you must eral different ways. One possibility is
know the contents of some variables. Although
Assert.notNull(result, “result was you can find the variable data by reproducing
null”);the error in a debugger, some errors are hard to
reproduce. Wouldn’t it be better if your pro-
but that merely rep