<h1>Defensive Programming</h1>
<p><img src="images/1line.png" dwidth=100% /></p>


<p>Our previous lessons have introduced the basic tools of programming: variables and lists, file I/O, loops, conditionals, functions and OOP. What they <em>haven&rsquo;t</em> done is show us how to tell whether a program is getting the right answer, and how to tell if it&rsquo;s <em>still</em> getting the right answer as we make changes to it.</p>
<p>To achieve that, we need to:</p>
<ul>
<li>Write programs that check their own operation.</li>
<li>Write and run tests for widely-used functions.</li>
<li>Make sure we know what &ldquo;correct&rdquo; actually means.</li>
</ul>
<p>The good news is, doing these things will speed up our programming, not slow it down.</p>

<h2 id="assertions">Assertions</h2>
<ul>
<li>The first step toward getting the right answers from our programs is to assume that mistakes <em>will</em> happen and to guard against them.</li>
<li>This is called defensive programming, and the most common way to do it is to add assertions to our code so that it checks itself as it runs.</li>
<li>An assertion is simply a statement that something must be true at a certain point in a program.</li>
<li>When Python sees one, it evaluates the assertion&rsquo;s condition.</li>
<li>If it&rsquo;s true, Python does nothing, but if it&rsquo;s false, Python halts the program immediately and prints the error message if one is provided.</li>
</ul>



In [1]:
numbers = [1.5, 2.3, 0.7, -0.001, 4.4]
total = 0.0
for num in numbers:
    assert num > 0.0, 'Data should only contain positive values'
    total += num
print('total is:', total)


AssertionError: Data should only contain positive values

<ul>
<li>Programs like the Firefox browser are full of assertions: 10-20% of the code they contain are there to check that the other 80&ndash;90% are working correctly.</li>
<li>Broadly speaking, assertions fall into three categories:
<ul>
<li>A <strong>precondition</strong> is something that must be true at the start of a function in order for it to work correctly.</li>
<li>A <strong>postcondition</strong> is something that the function guarantees is true when it finishes.</li>
<li>An <strong>invariant</strong> is something that is always true at a particular point inside a piece of code.</li>
</ul>
</li>
</ul>
<h2 id="test-driven-development">Test-Driven Development</h2>
<ul>
<li>An assertion checks that something is true at a particular point in the program.</li>
<li>The next step is to check the overall behavior of a piece of code, i.e., to make sure that it produces the right output when it&rsquo;s given a particular input.</li>
<li>For example, suppose we need to find where two or more time series overlap. The range of each time series is represented as a pair of numbers, which are the time the interval started and ended.</li>
<li>The output is the largest range that they all include:</li>
</ul>
<p><img style="display: block; margin-left: auto; margin-right: auto;" src="images/range_overlap.png" alt="Ranges -3 to 5, 0 to 4.5, -1/5 to 2.0, 0.0 to 2.0" width="441" height="196" /></p>
<p>Most novice programmers would solve this problem like this:</p>
<ol>
<li>Write a function <code class="language-plaintext highlighter-rouge">range_overlap</code>.</li>
<li>Call it interactively on two or three different inputs.</li>
<li>If it produces the wrong answer, fix the function and re-run that test.</li>
</ol>
<p>This clearly works &mdash; but it isn't repeatable &mdash; this is a better way:</p>
<ol>
<li>Write a short function for each test.</li>
<li>Write a <code class="language-plaintext highlighter-rouge">range_overlap</code> function that should pass those tests.</li>
<li>If <code class="language-plaintext highlighter-rouge">range_overlap</code> produces any wrong answers, fix it and re-run the test functions.</li>
</ol>
<p>Writing the tests <em>before</em> writing the function they exercise is called test-driven development (TDD). Its advocates believe it produces better code faster because:</p>
<ol>
<li>If people write tests after writing the thing to be tested, they are subject to confirmation bias, i.e., they subconsciously write tests to show that their code is correct, rather than to find errors.</li>
<li>Writing tests helps programmers figure out what the function is actually supposed to do.</li>
</ol>
<p>Here are three test functions for <code class="language-plaintext highlighter-rouge">range_overlap</code>:</p>



In [2]:
assert range_overlap([ (0.0, 1.0) ]) == (0.0, 1.0)
assert range_overlap([ (-2.0, 3.0), (2.0, 4.0) ]) == (2.0, 3.0)
assert range_overlap([ (0.0, 1.0), (0.0, 2.0), (-1.0, 1.0) ]) == (0.0, 1.0)


NameError: name 'range_overlap' is not defined

<ul>
<li>The error is actually reassuring: we haven&rsquo;t written <code class="language-plaintext highlighter-rouge">range_overlap</code> yet, so if the tests passed, it would be a sign that someone else had and that we were accidentally using their function.</li>
<li>And as a bonus of writing these tests, we&rsquo;ve implicitly defined what our input and output look like: we expect a list of pairs as input, and produce a single pair as output.</li>
<li>Something important is missing, though. We don&rsquo;t have any tests for the case where the ranges don&rsquo;t overlap at all or two segments that touch at their endpoints</li>
</ul>
<div class="language-python highlighter-rouge">
<div class="highlight">
<pre class="highlight"><code><span class="k">assert</span> <span class="n">range_overlap</span><span class="p">([</span> <span class="p">(</span><span class="mf">0.0</span><span class="p">,</span> <span class="mf">1.0</span><span class="p">),</span> <span class="p">(</span><span class="mf">5.0</span><span class="p">,</span> <span class="mf">6.0</span><span class="p">)</span> <span class="p">])</span> <span class="o">==</span> <span class="err">???<br /><span class="k">assert</span> <span class="n">range_overlap</span><span class="p">([</span> <span class="p">(</span><span class="mf">0.0</span><span class="p">,</span> <span class="mf">1.0</span><span class="p">),</span> <span class="p">(</span><span class="mf">1.0</span><span class="p">,</span> <span class="mf">2.0</span><span class="p">)</span> <span class="p">])</span> <span class="o">==</span> ???</span>
</code></pre>
</div>
</div>
<ul>
<li>What should <code class="language-plaintext highlighter-rouge">range_overlap</code> do in this case: fail with an error message, produce a special value like <code class="language-plaintext highlighter-rouge">(0.0, 0.0)</code> to signal that there&rsquo;s no overlap, or something else?</li>
<li>Writing the tests first helps us figure out which is best <em>before</em> we begin coding.</li>
<li>Since we&rsquo;re planning to use the range this function returns as the X axis in a time series chart, we decide that:</li>
</ul>
<ol>
<li style="list-style-type: none;">
<ol>
<li>every overlap has to have non-zero width, and</li>
<li>we will return the special value <code class="language-plaintext highlighter-rouge">None</code> when there&rsquo;s no overlap.</li>
</ol>
</li>
</ol>
<ul>
<li>our last two tests should be:</li>
</ul>
<div class="language-python highlighter-rouge">
<div class="highlight">
<pre class="highlight"><code><span class="k">assert</span> <span class="n">range_overlap</span><span class="p">([</span> <span class="p">(</span><span class="mf">0.0</span><span class="p">,</span> <span class="mf">1.0</span><span class="p">),</span> <span class="p">(</span><span class="mf">5.0</span><span class="p">,</span> <span class="mf">6.0</span><span class="p">)</span> <span class="p">])</span> <span class="o">==</span> <span class="bp">None</span>
<span class="k">assert</span> <span class="n">range_overlap</span><span class="p">([</span> <span class="p">(</span><span class="mf">0.0</span><span class="p">,</span> <span class="mf">1.0</span><span class="p">),</span> <span class="p">(</span><span class="mf">1.0</span><span class="p">,</span> <span class="mf">2.0</span><span class="p">)</span> <span class="p">])</span> <span class="o">==</span> <span class="bp">None</span>
</code></pre>
</div>
</div>
<h4>Coding the Function</h4>


In [4]:
def range_overlap(ranges):
    """Return common overlap among a set of [left, right] ranges."""
    max_left = 0.0
    min_right = 1.0
    for (left, right) in ranges:
        max_left = max(max_left, left)
        min_right = min(min_right, right)
    return (max_left, min_right)



<ul><li>We put our tests into a single method so we can re-run our tests with one function call.</li></ul>

In [5]:
def test_range_overlap():
    assert range_overlap([ (0.0, 1.0), (5.0, 6.0) ]) == None
    assert range_overlap([ (0.0, 1.0), (1.0, 2.0) ]) == None
    assert range_overlap([ (0.0, 1.0) ]) == (0.0, 1.0)
    assert range_overlap([ (-2.0, 3.0), (2.0, 4.0) ]) == (2.0, 3.0)
    assert range_overlap([ (0.0, 1.0), (0.0, 2.0), (-1.0, 1.0) ]) == (0.0, 1.0)
    assert range_overlap([]) == None

test_range_overlap()


AssertionError: 

<ul>
<li>The first test that was supposed to produce <code class="language-plaintext highlighter-rouge">None</code> fails, so we know something is wrong with our function.</li>
<li>We <em>don&rsquo;t</em> know whether the other tests passed or failed because Python halted the program as soon as it spotted the first error.</li>
<li>If we trace the behavior of the function with that input, we realize that we&rsquo;re initializing <code class="language-plaintext highlighter-rouge">max_left</code> and <code class="language-plaintext highlighter-rouge">min_right</code> to 0.0 and 1.0 respectively, regardless of the input values.</li>
<li>This violates another important rule of programming: <em>always initialize from data</em>.</li>
<li>Try fixing the code so the unit tests run without errors.</li>
</ul>