CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

Defensive Programming

quality Intermediate
debt(d5/e5/b5/t5)
d5 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'specialist tool catches' (d5). PHPStan and Psalm (from detection_hints.tools) can detect missing type declarations, overly broad catch blocks, and some validation gaps through static analysis. However, the pattern 'external data used without validation' requires careful configuration and won't catch all cases — many defensive programming violations only surface in code review or runtime testing.

e5 Effort Remediation debt — work required to fix once spotted

Closest to 'touches multiple files / significant refactor in one component' (e5). The quick_fix mentions validating at system boundaries and using guard clauses — implementing this properly means adding validation layers at HTTP controllers, queue handlers, and file readers. It's not a single-line fix but a systematic approach across input entry points, though typically contained within boundary code rather than architectural rework.

b5 Burden Structural debt — long-term weight of choosing wrong

Closest to 'persistent productivity tax' (b5). Applies to web, cli, and queue-worker contexts per applies_to. Defensive programming is a cross-cutting concern that shapes how every boundary interaction is written. Done well, it becomes habit; done poorly (validating at every layer per common_mistakes), it creates noise that slows down many work streams. The choice of where to trust vs. validate becomes load-bearing.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception field explicitly states the trap: developers assume defensive programming means 'validating every input with the same intensity' when it actually means 'calibrating defences to trust level.' This is a documented gotcha that most devs eventually learn — external input needs maximum validation while internal module calls rely on contracts, not redundant checks.

About DEBT scoring → scored by claude-opus-4-5-20251101 · 2026-05-07 · reviewed by human

Also Known As

defensive coding fail-safe programming input validation mindset

TL;DR

Writing code that anticipates and handles invalid inputs, unexpected states, and failures gracefully.

Explanation

Defensive programming assumes that callers will pass invalid data, external services will fail, and unexpected states will occur. Defences include: validating all input at trust boundaries, checking postconditions of external calls, handling all branches of switch/match, using guard clauses to reject invalid state early, and writing tests for edge cases. Taken too far, defensive programming produces code cluttered with redundant checks — balance it with Design by Contract, which makes assumptions explicit rather than defending against everything everywhere.

Common Misconception

Defensive programming means validating every input with the same intensity. It means calibrating defences to trust level — external input gets maximum validation, internal module calls rely on contracts and tests rather than redundant runtime checks that obscure the code.

Why It Matters

Defensive programming assumes inputs and system state will be invalid and handles it explicitly — it converts silent failures into detectable, traceable exceptions or errors.

Common Mistakes

  • Not validating method arguments — passing null or out-of-range values causes failures far from the source.
  • Catching Exception too broadly and suppressing errors instead of handling them specifically.
  • Defensive checks at every layer instead of trusting validated input from the boundary — creates noise.
  • Not using PHP type declarations and strict_types=1 which provide free defensive checks at the language level.

Code Examples

✗ Vulnerable 
function divide(int $a, int $b): float {
    return $a / $b; // crashes with division by zero, no guard
}
✓ Fixed 
function divide(int $a, int $b): float {
    if ($b === 0) {
        throw new \DivisionByZeroError('Divisor cannot be zero');
    }
    return $a / $b;
}

// For value objects, validate in constructor so callers can't create invalid state:
readonly class Divisor {
    public function __construct(public int $value) {
        if ($value === 0) throw new \DivisionByZeroError();
    }
}
Added 15 Mar 2026
Edited 22 Mar 2026
Views 33

Curated in Warsaw under one editorial standard. 1,445 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 1 ping T 1 ping W 1 ping T 0 pings F 2 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 1 ping S 1 ping S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S
Agents 1
No pings yesterday
Amazonbot 8 Perplexity 6 Ahrefs 5 SEMrush 3 Unknown AI 2 Majestic 1 Google 1 ChatGPT 1
Also referenced
Input Validation vs Output Encoding 32 Fail Fast Principle 30 Design by Contract 27 Guard Clause Pattern 23
How they use it
crawler 27
Related categories
quality 2.8k general 1.5k style 1.1k
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Medium
⚡ Quick Fix
Validate all inputs at system boundaries (HTTP request, queue message, file read) and use guard clauses to reject invalid state early — trust nothing from outside your module
📦 Applies To
any web cli queue-worker
🔗 Prerequisites
🔍 Detection Hints
External data used without validation; assumptions about input format documented in comments not enforced in code
Auto-detectable: ✗ No phpstan psalm semgrep
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: High ✗ Manual fix Fix: Medium Context: Function Tests: Update
✓ schema.org compliant