[mrweasel]

Kinda off topic, but I've been searching for good introduction and best practises for defensive programming, but never really found much. Any recommendations?

[scott_w]

I don’t know of any real posts on it, it just ends up being kind of a “assume it’ll go wrong,” then figure out how you know something has gone wrong and track it down. Your starting point is, after an issue is reported, add a load of logs around places that seem like candidates for the flow. Over time, you get a sense of where things can break and you add that telemetry ahead of time.

[tstrimple]

I feel like this is sort of like reading a book to get better at self defense. Yeah, you'll probably pick up a few interesting things that may be of questionable use. But when you train in martial arts, you often get to go through the motions and put the moves into practice. Even then "real" fights will feel quite different and a lot of the stuff you've learned will likely fly out the window. If you've been in real fights a lot, you've begun to internalize your training and your moves become more like instinct. It's quite difficult to go from book knowledge to instinct without getting beat up a lot in between I think. The real valuable lessons come from building something that breaks and getting to fix it yourself.

[smokel]

This is something where modern chatbots will probably be very helpful. From the top of my head:

1. Validate input, expect all external input (both human and machine generated) to be completely bogus.

2. Fail fast and early. If something seems off, crash straight away, and do not expect things to magically repair itself at a later stage.

3. Use pre- and post-conditions where appropriate.

I'm not sure about the exact definitions of defensive programming, but static type checking, and possibly unit testing, might also be part of it.