blog::wowinter13
Interstate 60: Driving down the road of Defensive Coding, Fault Tolerance, and Idempotency.
Posted on :: Updated on :: Tags: ruby, rails, defensive coding, fault tolerance, idempotency

Defensive coding is like driving down a winding road - you're constantly scanning for threats: deer, potholes, or that unexpected sharp turn. In programming, these "threats" are bugs, unclear logic, and landmines waiting for your future colleague (or future you). Writing defensively means anticipating what could go wrong and ensuring the road ahead is smooth for everyone.

And yes, sometimes the "threats" are not only the deer darting into your path but also the dog lazily sitting near the road. You might think, "That dog isn't in my lane now," but what if it decides to wander? Defensive coding is all about seeing the possibilities before they become problems. It's like being ready to hit the brakes for a deer while also wondering if the dog's lazy tail will trigger chaos.

Then there's Godzilla. Imagine your datacenter is Tokyo, and Godzilla's stomping through, smashing servers and chewing up notifications. Your job is to ensure that even if Tokyo is in ruins (ごめんなさい!), the system keeps running. Fault tolerance and defensive coding are your emergency response teams - building resilience so the city (or codebase) survives.

Let's dive into the core principles of defensive coding, fault tolerance, and idempotency, with plenty of Ruby/Rails examples. Some of these principles may sound pretty obvious to you, but remember the Curse of Knowledge - it doesn't guarantee that everyone knows what you know.

Defensive Coding: Avoiding Landmines

Code Comments: Less is More

A well-written method, class, or variable name should act as its own comment.

  • Bad: def do_stuff
  • Good: def save_reservation

Save comments for when something is truly weird or worth noting - like "don't refactor this; performance hack." Use comments to explain why, not what. If your code needs comments everywhere, you're driving with a blindfold and hoping for the best.

Chesterton’s Fence: Respect the Code

Chesterton's Fence is the idea that you shouldn't tear down a fence until you understand why it was put up. If you're refactoring, first ask: "What problem was this code solving?" Sometimes there's a good reason for that strange-looking loop or edge-case handling.

Don't be the developer who bulldozes fences and then wonders why the cows are loose.

And to hammer the point home, imagine walking into a field with an old, rusty gate. Before tearing it down, you need to ask: Was it keeping the cows in? Keeping the wolves out? Or maybe, just maybe, it's guarding a hidden treasure (or preventing you from falling into a ditch). Respect the fences; they're there for a reason.

Naming Matters

Method names should clearly state what they do. If you see def save_reservation, you'd expect it to save data to a database. If it doesn't, you're setting up the next developer for confusion.

To simplify:

  • Break long methods into smaller ones.
  • Name private methods descriptively.
  • Keep public interfaces minimal.
class ReservationUpdater
  def initialize(reservation)
    @reservation = reservation
  end

  def update!(attributes)
    assign_attributes!(attributes)
    save_reservation!
  end

  private

  def assign_attributes!(attributes)
    @reservation.assign_attributes(attributes)
  end

  def save_reservation!
    @reservation.save!
  end
end

By keeping private methods private, you limit the "blast radius" of changes. Less surface area means fewer chances for something to break.

Fault Tolerance: Prepare for the Worst

In the real world, things fail. Services go down, servers crash, and third-party APIs time out. Fault-tolerant code anticipates failure and handles it gracefully.

Retrying with Grace

Imagine you're sending email reminders to customers. If the mail server fails, you don't want to abandon the job entirely. Instead, retry it a few times with a delay.

class EmailReminderJob < ApplicationJob
  retry_on Net::SMTPServerBusy, wait: :exponentially_longer, attempts: 5

  def perform(customer_id)
    customer = Customer.find(customer_id)
    send_email_to(customer)
  end

  private

  def send_email_to(customer)
    ReminderMailer.remind(customer).deliver_now
  end
end

Retries give the system a chance to recover without manual intervention.

Dead Letter Queues

If retries fail, log the error and notify someone. For example, if a webhook to a third-party system fails, keep a record of the failed attempt and provide an endpoint where they can fetch missed events.

class WebhookSender
  def perform(webhook_id)
    webhook = Webhook.find(webhook_id)

    response = HTTParty.post(webhook.url, body: webhook.payload)

    if response.success?
      webhook.update!(status: :delivered)
    else
      webhook.update!(status: :failed)
      notify_client(webhook)
    end
  end
end

Pro tip: Show users when something isn't working - an error icon is better than silent failure.

Silence isn't golden when it comes to bugs; it's terrifying.

A brilliant example about Slack: if their scheduling system fails, they don't just drop the ball. They save your message in drafts so you can resend it later. That's fault tolerance done right.

Idempotency: Do It Once, Do It Right

Idempotency means running the same operation multiple times should yield the same result. It's like pressing the "delete" button twice: it shouldn't error out the second time.

Example: Safe Deletes

def delete_customer(customer_id)
  customer = Customer.find_by(id: customer_id)
  if customer
    customer.destroy!
  else
    Rails.logger.info("Customer #{customer_id} not found")
  end
end

If the customer doesn't exist, log the issue but don't crash.

Example: Job Idempotency

When sending emails, ensure customers don’t receive duplicates:

def send_email(customer)
  return if customer.email_sent?

  ReminderMailer.remind(customer).deliver_now
  customer.update!(email_sent: true)
end

Idempotency ensures that even if a job runs twice, it won't spam your users. Nobody likes an email campaign that turns into a spam cannon.

Composition Over Inheritance

Mixins are tempting but often lead to clutter. Instead, favor small, focused classes. For example:

class CustomerUpdater
  def initialize(customer)
    @customer = customer
  end

  def update!(attributes)
    @customer.update!(attributes)
  end
end

Use inheritance sparingly and only when classes share a clear, hierarchical relationship. For error handling, however, inheritance works well:

class CustomError < StandardError; end
class InvalidDataError < CustomError; end
class NotFoundError < CustomError; end

This allows you to rescue from CustomError for generic cases while handling specific errors as needed.

Excessive mixins are like giving your classes superpowers they didn't ask for and can't handle.

Final Thoughts

Defensive coding is about writing code that's not only functional but also resilient, clear, and maintainable. Fault tolerance ensures that your system bends but doesn't break. Idempotency guarantees consistency, no matter how many times an operation is performed.

And remember, every good developer knows that the road ahead is unpredictable. One moment it's a deer darting into the path, and the next it's a dog suddenly deciding the grass isn't greener and strolling into traffic. Be ready for it all.

Write code like you're leaving it for someone who knows where you live.

Happy coding!