The point is clearly about programming practice. In February 2014, Apple faced an SSL bug. This was a very simple code mistake due to conditional sequences.
Because of the conditional aspect, we easily focus on curly braces. Two comments suggested the solution to such a problem could be about test cases (both articles provide simple code extracts of the guilty section):
- Apple's SSL/TLS bug by Adam Langley
Reflections on Curly Braces
For sure, testing is an important point in code quality. In an ideal world there would be a test case for any code piece. For sure, there are excellent other tools. I previously wrote about design by contract. Coding a verified program, checking Hoare 's axioms is also an important topic. When it comes to software quality, I won't say any practice is inappropriate.
Stop dreaming about a world with perfect programs. Let the code verification/prove apart and come back to the code. Adam Langley also suggests code reviews are important. Curly braces ? Perhaps the point isn't central. What matter is a readable code. Some interesting code conventions exist, especially in large organizations such as Google (the naming section is especially interesting). But is respecting rules enough ? Many programmers write endless code sequences. What could be the solution ?
We, French people, tend to be very verbose in our texts. At school, we are taught to be concise. We do not succeed in any case. How would it be possible in code ? Think about Twitter 140 characters. Just consider what a French journalist could write in 2011. Nowadays, very few journalists still criticize the system. Conciseness can be very precious.
When it comes to quality control, human verifications are weak. I think the twitter limitation is an interesting idea. In writing programs, we have the advantage of compilation to induce strict checking. Why don't compilers warn when a function exceeds 100 lines (or any number that suits you, to be honest the guilty section is only 80 lines long) ? At first glance, this is not the exact topic because this would not have prevented programmers from coding that bug. In broader sight, I tend to think the solution to that kind of problem is in static checking . It won't be possible to automatically test any piece of written code, or even review it properly.