1 min read

Why are there no programming checklists?

I wonder why there are no programming checklists Lots of fields use checklists. I've never read or heard of anyone using checklists for programming.

Linters resemble checklists, but they aren't a proper substitute. Linters can only cover things that can be automatically detected. That's a good start, but I suspect there are things that are hard to automatically detect that are worth checking for. There are things I would not want a linter to warn me about, because they're not errors or even bad practices, but which I still need to remember.

For example: Memory allocation. If I'm allocating memory with malloc() or new, I need to make sure that something reasonable happens to the resulting pointer in every execution path. It should (1) be returned to the caller, (2) be assigned to an out-parameter, or (3) get freed. Maybe there is some fourth option, too, but certainly all of these seem reasonable.

It's not that we can't check memory allocation at all automatically. Tools like valgrind and AddressSanitizer check for these things automatically at runtime or maybe in some cases at compile time. But I would rather catch these problems at the code-writing stage when the code is still fresh in my mind.

A linter could point out that I'm allocating memory like my own noticing might point out. It could print a message for each linewhere I'm using malloc() and prompt me with the checklist. However, it would be really annoying if I had to manually disable this check on every malloc() line to make precommit pass or else disable the notice entirely. This is where a manual checklist might be nice — maybe with tool-assisted "noticing."