Self-Documenting Code

My cut:<p><pre><code> const passwordRules = [&#x2F;[a-z]{1,}&#x2F;, &#x2F;[A-Z]{1,}&#x2F;, &#x2F;[0-9]{1,}&#x2F;, &#x2F;\W{1,}&#x2F;]; async function createUser(user) { const isUserValid = validateUserInput(user); const isPasswordValid = user.password.length &gt;= 8 &amp;&amp; passwordRules.every((rule) =&gt; rule.test(user.password)); if (!isUserValid) { throw new Error(ErrorCodes.USER_VALIDATION_FAILED); } if (!isPasswordValid) { throw new Error(ErrorCodes.INVALID_PASSWORD); } const userExists = await userService.getUserByEmail(user.email); if (userExists) { throw new Error(ErrorCodes.USER_EXISTS); } user.password = await hashPassword(user.password); return userService.create(user); } </code></pre> 1. Don&#x27;t use a bunch of tiny functions. This makes it harder for future eng to read the code because they have to keep jumping around the file(s) in order to understand control flow. It&#x27;s much better to introduce a variable with a clear name.<p>2. Don&#x27;t use the `a || throw()` structure. That is not idiomatic JS.<p>2a. Don&#x27;t introduce `throwError()`. Again, not idiomatic JS.<p>3. Use an enum-like object for error codes for clarity.<p>4. If we must use passwordRules, at least extract it into a global constant. (I don&#x27;t really like it though; it&#x27;s a bit too clever. What if you want to enforce a password length minimum? Yes, you could hack a regex for that, but it would be hard to read. Much better would be a list of arrow functions, for instance `(password) =&gt; password.length &gt; 8`.<p>5. Use TypeScript!

There is no such thing as universally self-documenting code, because self-documentation relies on an assumption of an audience — what that audience knows, what patterns are comfortable for them — that does not exist in general.<p>Self-documenting code can work in a single team, particularly a small team with strong norms and shared knowledge. Over time as that team drifts, the shared knowledge will weaken, and the &quot;self-documenting&quot; code will no longer be self-documenting to the new team members.

I don&#x27;t find this easier to read:<p><pre><code> !(await userService.getUserByEmail(user.email)) || throwError(err.userExists); </code></pre> I guess if I worked in a codebase that used that pattern consistently I&#x27;d get used to it pretty quickly, but if I dropped into a new codebase that I didn&#x27;t work on often I&#x27;d take a little bit longer to figure out what was going on.

If I were reviewing the original code, the first thing I’d question is the line<p><pre><code> user.password = await hashPassword(user.password); </code></pre> 1. As a rule, mutations are harder to understand than giving new names to newly defined values.<p>2. The mutation here apparently modifies an object passed into the function, which is a side effect that callers might not expect after the function returns.<p>3. The mutation here apparently changes whether user.password holds a safe hashed password or a dangerous plain text password, which are bad values to risk mixing up later.<p>4. It’s not immediately obvious why hashing a password should be an asynchronous operation, but there’s nothing here to tell the reader why we need to await its result.<p>At least three of those problems could trivially be avoided by naming the result hashedPassword and, ideally, using TypeScript to ensure that mixing up plain text and hashed passwords generates a type error at build time.<p>I do agree with many of the other comments here as well. However, I think the above is more serious, because it actually risks the program behaving incorrectly in various ways. Questions like whether to use guard clauses or extract the password check into its own function are more subjective, as long as the code is written clearly and correctly whichever choices are made.

Typescript looks much, much better than what he ends up with. The typescript is more or less the same thing but with comment tokens removed. How is just removing the comment tokens not an obvious improvement in readability?<p>Honestly, I think all of jsdoc, pydoc, javadoc, doxygen is stuff that most code should not use. The only code that should use these is code for libraries and for functions that are used by hundreds or thousands of other people. And then we also need to notice that these docs in comments are not sufficient for documentation either. When a function is not used by hundreds or thousands of people, just write a conventional comment or perhaps not write a comment at all if the function is quite straightforward. Documentation that explains the big picture is much more important but that is actually somewhat hard to write compared to sprinkling jsdoc, pydoc, javadoc or doxygen worthless shit all over the place.

If one of my developers used &quot;||&quot; that way I would definitely throw some side eye

The writer here misunderstands how short-circuit evaluation is supposed to be used. The idea is that you should use SCE in a few, pretty standard, cases:<p><pre><code> cheapFunction(...) || expensiveFunction(...) &#x2F;&#x2F; saves us a few cylces car = car || &quot;bmw&quot; &#x2F;&#x2F; setting default values, common pattern funcA(...) &amp;&amp; funcB_WhichMightBreakWithoutFuncA(...) &#x2F;&#x2F; func A implies func B ... &#x2F;&#x2F; probably a few other cases I don&#x27;t remember </code></pre> Using it to handle control flow (e.g. throwing exceptions, as a makeshift if-then, etc.) is a recipe for disaster.

Types are the best form of documentation because they can be used to automatically check for user error, are integral to the code itself, and can provide inline documentation. The more I program in dynamically typed (or even weakly statically typed) languages the more I come to this conclusion.

&quot;Self-documenting code&quot; is already a thing called Code-as-Docs. It&#x27;s the inverse of Docs-as-Code, where you&#x27;re &quot;writing documentation like you write code&quot;. Code-as-Docs is where you write Code that is self-documenting. (And this has absolutely nothing to do with Literate Programming.)<p>You do not have to adhere to any specific principles or methods or anything specific in order to do Code-as-Docs. Just write your code in a way that explains what it is doing, <i>so that you don&#x27;t need comments to understand it</i>.<p>This often means refactoring your code to make it clearer what it does. It may not be what your ideal engineer brain wants the code to do, but it will make much more sense to anyone maintaining it. Plus very simple things like &quot;variables-that-actually-describe-what-they-do&quot; (in a loop over node names, don&#x27;t make a variable called <i>x</i>; make a variable called <i>node_name</i>)<p><i>edit</i> It seems like I&#x27;m the only one who says &quot;Code-as-docs&quot;... by searching for &quot;Code-as-documentation&quot; instead of &quot;Code-as-docs&quot;, I found this: <a href="https:&#x2F;&#x2F;martinfowler.com&#x2F;bliki&#x2F;CodeAsDocumentation.html" rel="nofollow">https:&#x2F;&#x2F;martinfowler.com&#x2F;bliki&#x2F;CodeAsDocumentation.html</a><p>I guess &quot;self-documenting code&quot; more hits: <a href="https:&#x2F;&#x2F;www.google.com&#x2F;search?q=self-documenting+code" rel="nofollow">https:&#x2F;&#x2F;www.google.com&#x2F;search?q=self-documenting+code</a> <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Self-documenting_code" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Self-documenting_code</a> <a href="https:&#x2F;&#x2F;wiki.c2.com&#x2F;?SelfDocumentingCode" rel="nofollow">https:&#x2F;&#x2F;wiki.c2.com&#x2F;?SelfDocumentingCode</a>

After 10 years as a commercial dev I&#x27;ve noticed I don&#x27;t really care about things like this. Not sure if it ever made a difference. The &quot;local code&quot; - as in anything within a function or often a single class (1-2k LoC is not really a problem) - is trivial to read in most languages. The most difficult thing to understand always was the domain or the infrastructure&#x2F;library quirks - stuff that&#x27;s never properly documented. (Hot take: might not be worth to document anyway as it takes longer to write and update such docs than to struggle with the code for a little bit).<p>Naming or visual code structure was never a problem in my career so far.

I find the comment at the end interesting<p>&#x2F;&#x2F; Creates a user and returns the newly created user&#x27;s id on success<p>Hmm, it returns an id? But the @returns is Promise&lt;any&gt;? The code as written will change when userService.create changes... without the actual, human readable bit of prose, that potential code issue could be easily overlooked.<p>Of course, here the code could have a newtype for UserId and return Promise&lt;UserId&gt;, making the code better and then the prose is basically not needed (but please just write a docstring).<p>FWIW I would document that the `user` parameter is modified. And document the potential race condition between checking the existence of a user and creating a user, and maybe why it was chosen to be done in this order (kinda flimsy in this example). Which would probably lead me to designing around these issues.<p>Trying to only document via self-documenting code seems to always omit nuances.<p><pre><code> &#x2F;** Create a user and return the id, or throw an error with an appropriate code. * * user.password may be changed after this function is called. *&#x2F; async function createUser(user: User): Promise&lt;number&gt; { if (!validateUserInput(user)) { throw new Error(err.userValidationFailed); } if (isPasswordValid(user.password)) { &#x2F;&#x2F; Check now if the user exists, so we can throw an error before hashing the password. &#x2F;&#x2F; Note: if a user is created in the short time between this check and the actual creation, &#x2F;&#x2F; there could be an unfriendly error const userExists = !!(await userService.getUserByEmail(user.email)); if (userExists) { throw new Error(err.userExists); } } else { throw new Error(err.invalidPassword); } user.password = await hashPassword(user.password); return userService.create(user); }</code></pre>

Having a function throwError makes me squirm.<p>`isValid() || throwError()` is an abuse of abstraction

I lived in the C# world for a while and our style guides mandated that we use those JSDoc style comments for every function definition. I loathed them. They invariable became a more verbose and completely redundant version of the function definition. Developers even used a tool (GhostDoc, IIRC) to generate these comments so that CreateNewUser() became &#x2F;&#x2F; Create New User. Nobody ever read them, few ever updated them, and they reinforced my hunch that a small percentage of comments are useful (in which case, by all means, use comments!)

Is writing a few comments here and there explaining why things are done in a certain way so terrible that we have to create this thing?

Code only tells you &#x27;what,&#x27; not &#x27;why.&#x27; And &#x27;why&#x27; is usually what matters.

I&#x27;ve been developing for a very long time and I&#x27;m neither on the side of &quot;lots of comments&quot; or &quot;all code should speak for itself&quot;.<p>My philosophy is that comments should be used for two things: 1) to explain code that is not obvious at first glance, and 2) to explain the <i>rationale</i> or <i>humanitarian reasons</i> behind a bit of code that is understandable, but the reasons for its existence are unclear.<p>No philosophy is perfect, but I find that it strikes a good balance between maintainability of comment and code pairing and me being able to understand what a file does when I come back to it a year later.<p>The article is not good IMO. They have a perfect example of a function that could actually make use of further comments, or a refactoring to make this more self-documenting:<p><pre><code> function isPasswordValid(password) { const rules = [&#x2F;[a-z]{1,}&#x2F;, &#x2F;[A-Z]{1,}&#x2F;, &#x2F;[0-9]{1,}&#x2F;, &#x2F;\W{1,}&#x2F;]; return password.length &gt;= 8 &amp;&amp; rules.every((rule) =&gt; rule.test(password)); } </code></pre> Uncommented regular expressions are a code smell. While these are simple, the code could be more empathetic to the reader by adding at least a basic comment:<p><pre><code> function isPasswordValid(password) { &#x2F;&#x2F; At least one lowercase, one uppercase, one number and one symbol const rules = [&#x2F;[a-z]{1,}&#x2F;, &#x2F;[A-Z]{1,}&#x2F;, &#x2F;[0-9]{1,}&#x2F;, &#x2F;\W{1,}&#x2F;]; return password.length &gt;= 8 &amp;&amp; rules.every((rule) =&gt; rule.test(password)); } </code></pre> Which would then identify the potentially problematic use of \W (ie: &quot;[^a-zA-Z0-9]&quot;). And even though I&#x27;ve been writing regular expressions for 20+ years, I still stumble a bit on character classes. I&#x27;m likely not the only one.<p>Now you can actually make this function self-documenting and a bit more maintainable with a tiny bit more work:<p><pre><code> &#x2F;&#x2F; Returns either &quot;true&quot; or a string with the failing rule name. &#x2F;&#x2F; This return value is kind of awkward. function isPasswordValid(password) { &#x2F;&#x2F; Follow the password guidelines by WebSecuritySpec 2021 const rules = [ [MIN_LENGTH, &#x2F;.{8,}&#x2F;], [AT_LEAST_ONE_LOWERCASE, &#x2F;[a-z]{1,}&#x2F;], [AT_LEAST_ONE_UPPERCASE, &#x2F;[A-Z]{1,}&#x2F;], [AT_LEAST_ONE_NUMBER, &#x2F;[0-9]{1,}&#x2F;], &#x2F;&#x2F; This will also allow spaces or other weird characters but we decided &#x2F;&#x2F; that&#x27;s an OK tradeoff. [AT_LEAST_ONE_SYMBOL, &#x2F;\W{1,}&#x2F;], ]; for (const [ruleName, regex] of rules) { if (!regex.test(password)) { return ruleName; } } return true; } </code></pre> You&#x27;d probably want to improve the return types of this function if you were actually using in production, but this function at least now has a clear mapping of &quot;unclear code&quot; to &quot;english description&quot; and notes for any bits that are possibly not clear, or are justifications for why this code might technically have some warts.<p>I&#x27;m not saying I&#x27;d write this code like this -- there&#x27;s a lot of other ways to write it as well, with many just as good or better with different tradeoffs.<p>There are lots of ways to make code more readable, and it&#x27;s more art than science. Types are a massive improvement and JSDoc is so understandably awkward to us.<p>Your goal when writing code shouldn&#x27;t be to solve it in the cleverest way, but rather the clearest way. In some cases, a clever solution with a comment can be the clearest. In other cases, it&#x27;s better to be verbose so that you or someone else can revisit the code in a year and make changes to it. Having the correct number of comments so that they add clarity to code without having too many that they become easily outdated or are redundant is part of this as well.

Names do have some importance. If you pick random words and assign them to things you deal with you will find yourself unable to reason about them. Try it, it is interesting. Yet names are not the pinnacle of design. Far from it.<p>Look at a mechanical watch. (For example, here: <a href="https:&#x2F;&#x2F;ciechanow.ski&#x2F;mechanical-watch&#x2F;" rel="nofollow">https:&#x2F;&#x2F;ciechanow.ski&#x2F;mechanical-watch&#x2F;</a>). Those little details, can you come up with self-documenting names for them? I do not think so. In programming good design is very much like that watch: it has lots of strangely-looking things that are of that shape because it fits their purpose [1]. There is no way to give them some presumably short labels that explain that purpose out of the context. Yet we need to point to them as we talk about them [2]. The role of names in programming is thus much more modest. In the order of importance:<p>- They must be distinct within the context (of course). - Yet their form must indicate the similarities between them: alen and blen are of the same kind and are distinct from abuf and bbuf, which are also of the same kind. - They must be pronounceable and reasonably short. Ideally they should be of the same length. - They need to have some semblance to the thing they represent. - It would be nice to make them consistent across different contexts. Yet this is is incredibly tedious task of exponential complexity.<p>There is also the overall notation. Ideally it should resemble written reasoning that follows some formal structure. None of existing notations is like that. The expressive tools in these notations are not meant to specify reasoning: they are meant to specify the work of a real or virtual machine of some kind. The fallacy of self-documenting code is an unrecognized desire to somehow reason with the knobs of that machine. It will not work this way. Yet a two-step process would work just fine: first you reason, then you implement this on the machine. But it will not look self-documenting, of course. P. S. This is a major problem in programming: we keep the code, but do not keep the reasoning that led to it.<p>[1] fitness for the purpose, Christopher Alexander, “The timeless way of building”. [2] notion vs definition, Evald Ilyenkov.

missed the opportunity to create named constants for each of the password validation rules.

Looking at this thread, it is a wonder that any PRs make it through review. I started calling these kinds of debates Holographic Problems.<p>- Spaces vs Tabs<p>- Self documenting code vs documented code<p>- Error Codes vs Exceptions<p>- Monolithic vs Microservices Architectures<p>- etc.<p>Context matters and your context should probably drive your decisions, not your personal ideology. In other words, be the real kind of agile; stay flexible and change what needs to be changed as newly found information dictates.

&gt; Short-circuit evaluation allows us to simplify conditional statements by using logical operators.<p>Simple is not the same thing as understandable.<p>They lost me entirely here.

I&#x27;d like to propose weird alternative to this:<p><pre><code> function throwError(error) { throw new Error(error); } async function createUser(user) { validateUserInput(user) || throwError(err.userValidationFailed); isPasswordValid(user.password) || throwError(err.invalidPassword); !(await userService.getUserByEmail(user.email)) || throwError(err.userExists); </code></pre> What if...<p><pre><code> [ [() =&gt; validateUserInput(user), err.userValidationFailed], [() =&gt; isPasswordValid(user.password), err.invalidPassword], [() =&gt; !(await userService.getUserByEmail(user.email)), err.userExists], ].forEach(function([is_good, error]) { if (!is_good()) { throw new Error(error); } }); </code></pre> Also on the regex:<p><pre><code> const rules = [&#x2F;[a-z]{1,}&#x2F;, &#x2F;[A-Z]{1,}&#x2F;, &#x2F;[0-9]{1,}&#x2F;, &#x2F;\W{1,}&#x2F;]; </code></pre> No one caught that in all four of these, &quot;{1,}&quot; could be replaced with the much more common &quot;+&quot;. A bit odd considering the desire for brevity. I do personally prefer &quot;[0-9]&quot; over &quot;\d&quot;, especially considering the other rules, but can go either way on &quot;\W&quot;.<p>I might have also added a fifth regex for length though, instead of doing it differently, if my head was in that mode: &#x2F;.{8,}&#x2F;

&gt; The first change I would make is to use named constants instead of cryptic error codes.<p>But he keeps the cryptic error codes that will go into the logs, or in the frontend where the developer will have to look up the error code. Don&#x27;t map an error name to u105, just return the actual string: &quot;userValidationFailed&quot;.

function isPasswordValid(password) { return &#x2F;^(?=.<i>[a-z])(?=.</i>[A-Z])(?=.<i>[0-9])(?=.</i>\W).{8,}$&#x2F;.test(password); }<p>function isPasswordValid(password) { const issues = []; if (password.length &lt; 8) issues.push(&quot;Minimum length is 8 characters&quot;); if (!&#x2F;[a-z]&#x2F;.test(password)) issues.push(&quot;Must contain at least one lowercase letter&quot;); if (!&#x2F;[A-Z]&#x2F;.test(password)) issues.push(&quot;Must contain at least one uppercase letter&quot;); if (!&#x2F;[0-9]&#x2F;.test(password)) issues.push(&quot;Must contain at least one digit&quot;); if (!&#x2F;\W&#x2F;.test(password)) issues.push(&quot;Must contain at least one special character&quot;); return issues.length &gt; 0 ? issues : [&quot;Password is valid&quot;]; }

I don&#x27;t like this article, author just added some abstraction and moved the stuff that matters out of the perspective and we just have to imagine that whatever is outside the perspective is perfect.

All source code is self documenting, source code is for developers to read. Computer languages are a human readable version of what the compiler executes and is for the developers, not the compilers benefit. As a developer, I read way more software than I write and if the source is hard to understand then I feel you failed as a developer. Writing is a skill, no less important in software than anywhere else. Properly named functions&#x2F;variables and easy to follow flow control is a skill that takes years to learn. All developers should keep a thesaurus and a dictionary nearby. If you find yourself writing a lot of comments trying to explain what you are doing in your code, then you probably should refactor.

I agree with most of the article but want to nitpick this last part:<p>&gt; I’m not a fan of TypeScript, but I appreciate its ability to perform static type checks. Fortunately, there’s a way to add static type checking to JavaScript using only JSDoc comments.<p>If you&#x27;re writing JSDoc comments, then you&#x27;re not writing what the author considers to be &quot;self-documenting code.&quot;<p>I wish the author had explained <i>why</i> they are not a fan of TypeScript. Compile time type-safety aside, as the author acknowledges by implication adding type specificity negates the usefulness of JSDoc comments for this particular situation.<p>I&#x27;m personally a big proponent of &quot;self documenting code&quot; but I usually word it as &quot;code that serves as its own documentation because it reads clearly.&quot;<p>Beyond &quot;I would personally use TypeScript to solve that problem&quot;, my case for why ALL comments are a code smell (including JSDoc comments, and in my personal opinion) is:<p>- They are part of your code, and so they need to be maintained just like the rest of your code<p>- But ... they are &quot;psychologically invisible&quot; to the majority of developers. Our IDEs tend to gray them out by default etc. No one reads them.<p>- Therefore, comments can become out of sync with the code quite easily.<p>- Comments are often used to explain what confusing code does. Which means that instead of fixing the code to add clarity, they do nothing but shine a spotlight on the fact that the code is confusing.<p>- In doing the above, they make messy code even messier.<p>I am slightly amenable to the idea that a good comment is one that explains WHY weird code is weird. Even then, if you have the luxury of writing greenfield code, and you still need to do something un-intuitive or weird for really good reasons ... you can still write code that explains the &quot;why&quot; through good naming and separation of concerns.<p>The only time that I would concede that a code comment was the best way to go about things in context is when you&#x27;re working with a very large, legacy commercial code-base that is plagued by existing tech debt and you have no good options other than to do your weird thing inline and explain why for logistical and business reasons. Maybe the refactor would be way too risky and the system is not under test, the business has its objectives and there&#x27;s just no way that you can reasonably refactor in time etc. This happens... but professional developers should ideally treat incremental refactoring as a routine part of the development lifecycle so that this situation is as unlikely as possible to arise in the future.

The picture at the top of article is of a German public library. It has a beautiful, clean architecture. Somehow I don&#x27;t see how it relates to self-documenting code.

If future &quot;AI&quot; can write code then it should be able to read code and describe what it does at various levels of detail.

I anticipate the day when Gen AI gives us self-coding documentation.

What if the documentation were code? ...