Offensive programming explained

Offensive programming is a name used for the branch of defensive programming that expressly departs from defensive principles when dealing with errors resulting from software bugs. Although the name is a reaction to extreme interpretations of defensive programming, the two are not fundamentally in conflict. Rather, offensive programming adds an explicit priority of not tolerating errors in wrong places: the point where it departs from extreme interpretations of defensive programming is in preferring the presence of errors from within the program's line of defense to be blatantly obvious over the hypothetical safety benefit of tolerating them. This preference is also what justifies using assertions.

Distinguishing errors

The premise for offensive programming is to distinguish between expectable errors, coming from outside the program's line of defense, however improbable, versus preventable internal errors that shall not happen if all its software components behave as expected.

Contrasting examples:

Expectable errors Preventable errors
Invalid user input Invalid function arguments
Depletion of OS resources (such as storage, memory) Value out of defined range (e.g. enum)
Hardware failure (such as network, storage) Undocumented return value or exception

Bug detection strategies

Offensive programming is concerned with failing, so to disprove the programmer's assumptions. Producing an error message may be a secondary goal.

Strategies:

See also