Coding Style – Defensive Copying Patterns

coding-style

While watching a youtube video on Value Types in Swift, I was surprised by a simple example (around the 3:00 minute mark) that was given to demonstrate the pitfalls of reference types.

Example code:

let home = House()
let temp = Temperature()
temp.fahrenheit = 75
home.thermostat.temperature = temp.copy()

temp.fahrenheit = 425
home.oven.temperature = temp.copy()
home.oven.bake()

In the above code, House and Temperature are classes and therefore have reference type semantics. The justification for invoking the copy() method in several places is to ensure that mutating the temp variable for setting the oven doesn't modify the temperature of the house's thermostat (i.e. prevent unintended mutation due to reference semantics).

I personally find this a very strange coding style, but the presenter goes on for several minutes about how this so-called "defensive copying" is used throughout Apple's core librairies to prevent bugs so I'm wondering if I've been doing things wrong.

Personally, I would have written this along the following lines:

let home = House()
home.thermostat.temperature = Temperature()
home.thermostat.temperature.fahrenheit = 75   //actually I would personally have supplied this as a parameter to the initializer but I'm trying to remain as close to the original code as possible.

home.oven.temperature = Temperature()
home.oven.temperature.fahrenheit = 425
home.oven.bake()

In other words, I would explicitly create new instances of the Temperature class by calling its initializer (constructor) instead of reusing a local variable of that type and assigning copies of it. Not only does it avoid the last copy, which is useless, but the code seems clearer to me.

Now granted, this is a trivial example. In the case of a complex class with many members that share the same values between instances, recreating a new type from scratch and assigning every value over and over is a lot of programming overhead. However, in my experience at least, I've usually created initializers or factory methods that perform these common assignments so I only have to make a few changes where needed.

In the rare cases where the above doesn't apply, I find that explicitly calling a clone() or copy() method is fine. By only doing so rarely, it conveys the fact to me that something special is going on (e.g. deep copy of a tree for example).

Therefore, my question is: is Apple's above code a recommended practice? And if not, in what circumstances (other than deep copies) would manual copying as above be the preferred way of doing things?

Best Answer

I agree with Phil Lello that this has probably been over-simplified, possibly to the point that its confusing. A much clearer example of the need and undesirability of (needing to do) defensive copying is the following using C# for concreteness.

class House {
    private Thermostat thermostat;
    private ControlDisplay cc;
    // ...
    public void ShowDisplay() {
        // ...
        cd.SetTemperatureField(thermostat.Temperature.Clone());
        // ...
        cd.UpdateDisplay();
    }
}

Now, if Temperature is mutable, every time we want to show the control display we need to copy the thermostat's temperature even though it is unlikely to be changed by the display. Even if we control the code for ControlDisplay and thus can verify by looking at the source code that it doesn't mutate the passed in Temperature, we still copy because that may be changed in the future. There was no way to communicate and enforce that it shouldn't be changed.

If Temperature were immutable, on the other hand, there would be no need for this copying. The result would be cleaner, more efficient code, that simply makes certain mistakes and couplings impossible.

I imagine most of the instances in the Apple's core libraries are more like the above than like the example provided in the video. I can only imagine a few, somewhat odd, scenarios where code like the original example might conceivably be preferable to code more like your second example (or your alluded to rewriting).

Related Solutions

C++ Coding Style – unique_ptr and References Best Practices

foo.GetBar().DoSomething();

This violates the Law Of Demeter.

Generally I would avoid exposing Bar entirely:

foo::doBarSomething() { this->bar.doSomething(); }

Coding Style – Is Coding Style in Organizations Optional?

As far as I can tell, the statement that confused you is a pragmatic compromise made in order for the guidelines to serve as wide an audience as possible. Depending on your specific context (more on that below) you may have an option to adjust it and make more efficient use of the guidelines.

You see, guidelines refer to "strong personal objections" as a means to justify violation. Such objections are not something to ignore lightly, especially if these are coming from experienced developers.

These objections may be wrong, mind you, but (and this is a very very BIG BUT) they may also indicate that a particular rule is wrong - either generally or in the specific project's context (one example of rule misfit is a requirement to provide detailed logging in performance critical code).

I think that any sensible style guide should take the above into account and try to accommodate a possible need to adjust itself. Now, if the guide that confused you was targeted only to mature teams with efficient and smooth processes and environment, it could be stated much less ambiguously, for example like this:

The rules should be followed strictly, unless a challenge is raised against them - in which case challenged rule should stay ignored until this is resolved - either by rejecting the challenge or by accepting it and adjusting the rules to fit.

You might like the above better and you may wish it to be that way everywhere, for everyone, but look closer into that "challenge is raised / stay ignored / adjust" part and ask yourself how it can be implemented. Ask yourself how long it may take depending on the project and team. If it takes an hour, is that acceptable? What if it takes a day, or a week, or... a month?

You see, that challenge-and-ignore-until-resolved approach could open a wide door for abuse if it was presented as a guide for any project. "Yeah yeah we hear you, let's do it how the guide says. First, fill out this challenge form and get CEO / CFO / CTO approvals; expect this to take a week or two. After that, wait until we update our code checks; that may take another week or two. Meanwhile, please make sure that your performance critical code vomits properly formatted logging statements about every register move."

I can't read the guide authors' minds but it looks reasonable to assume that they wanted to avoid using it to justify a mess as described above. From this perspective it is simply safer to clearly state that the guide does not assume any enforcement - this way, however clumsy, still allows it to be usable for an arbitrarily wide range of teams and projects. There is probably an expectation that such a wide allowance leaves more mature and efficient teams the opportunity to reasonably narrow it down without damaging developer productivity.

Applied to your specific case, writing the coding style document for your team and failing the code review if the style doesn't match - I think you need to figure how long it might take for developers to challenge a particular rule, get it ignored, resolved, and have it either changed or recovered depending on resolution.

If you figure a way to make this process work without introducing many obstacles into your development workflow, then a formalized and easy to track challenge / resolution approach is indeed worth considering instead of the chaotic "violate if you cry loud enough".

As a side note, I would like to address what you wrote in another comment, "Assume that the coding style is ideal, and if that is not the case etc."

This is a dangerous assumption, really. I broke my nose on it (twice! in a single project! where I had vast experience and imagined that I know everything about it, go figure) and I strongly recommend you to drop it. It is safer to assume that the style guide may have mistakes and put an effort into thinking about what to do in case such mistakes are discovered.

Best Answer

Related Solutions

C++ Coding Style – unique_ptr and References Best Practices

Coding Style – Is Coding Style in Organizations Optional?

Related Topic