How One Missing `var` Ruined our Launch (opens in new tab)

(blog.meloncard.com)

317 pointsTrindaz14y ago209 comments

209 comments

158 comments · 65 top-level

untog14y ago· 15 in thread

Reminds me of one of the more confusing bugs I've ever encountered in my life. I was throwing together a quick UI with Adobe Flex, and for some reason every time you clicked a particular button, the entire UI would shift 20 or so pixels to the right. I spent hours scratching my head until I noticed this for loop:

    for (x=0;x<variable.length;x++) {
    // blah
    }

I wasn't declaring the x variable, so it was using the x part of the x/y positioning of the UI container. Woops.

edit: initialise/declare brain freeze

swanson14y ago

Ha, that reminds me of a program I was writing in MATLAB. I used `i` for a loop index in one part of the script and then later when doing some complex number calculations (`2 + 3i`)...it was one of those so-stupid-you-have-to-laugh moments when I finally figured it out.

joeyo14y ago

It's for this precise reason that I use 1i rather than i when doing complex arithmetic in matlab.

1 more reply

finnw14y ago

Now there's an argument for syntax highlighting.

It also doesn't happen in languages where you must say self.x to access a property/field called x.

Luyt14y ago

Exactly my first thought: "This wouldn't happen with Python".

1 more reply

cperciva14y ago

I wasn't initialising the x variable

Do you mean s/initialising/declaring/, or am I just really confused?

untog14y ago

Yes, sorry, I meant declaring. Wrote that post in a hurry as I headed out the door, I wasn't paying too much attention.

1 more reply

Permit14y ago

He means declaring.

cperciva14y ago

Now that I understand what you're saying: This is one of the reasons I hate the "feature" in C++ and C99 that you can declare variables anywhere. If you stick to declaring all your variables in one place, it's much easier to notice when you've already used a variable name.

gnaritas14y ago

And much easier to wind up with lots of bad dead code or worse, reusing variables over and over leading to tightly coupled code. IMHO, variables should be declared as closely as possible to where they're used in the smallest scope possible. C languages do it right.

JoshTriplett14y ago

Have you tried the GCC -Wshadow warning flag? It will generate a warning whenever you define a variable with the same name as one declared in an outer scope.

Between that, and using -Werror to ensure that warnings never get ignored, I find C99-style declare-anywhere quite useful. It helps me keep the scope of variables limited to the places that need them.

That said, I rarely use C99's ability to declare a variable in the middle of a block. I primarily use the C99 feature of declaring variables as part of a loop.

1 more reply

colanderman14y ago

Umm, I find the opposite to be true. By always declaring variables where I use them (notably in for loops), I avoid accidentally reusing a variable I used elsewhere.

1 more reply

Peaker14y ago

That makes variables scope over far more than they need to, opening up a pretty frequent bug avenue of using the wrong variable that you did not intend to use.

vonkow14y ago

Classic! I did that with rotation in my js gaming engine once, fun times.

Veera14y ago

exactly what happened to me. I had two for loops defined in my JS code which used the variable "i" without declaring. Hence, when the code ran, the second for loop behaving weirdly. It took sometime before catching the bug.

napierzaza14y ago

PHP experience can poison development in other languages.

rayiner14y ago· 11 in thread

Why has it become popular for dynamic languages to conflate establishing a binding with assigning it a new value? Ruby, Python, and Javascript are all guilty of this.

Scheme got it right sometime in the 1970's.

    (let ((x initial-value)) ; binding
      (set! x new-value))    ; assignment

Or in infix syntax (Dylan):

    let x = initial-value ;
    x := new-value ;

chromatic14y ago

My theory is that most of the offending language designers looked at variable declaration in languages with static typing and thought "Wait, we don't have static types, so there's no reason to declare variables!"

JoshTriplett14y ago

Personally, I like the opposite solution, used in functional languages: "Wait, we don't allow changing variables once created, so we only need to support variable initialization with a value, not reassignment of a variable or declaration without initialization!"

1 more reply

phaedrus14y ago

Io has a similar distinction. In the Io language, := is syntax sugar for newSlot and = only means updateSlot. So if you accidently = a slot that doesn't exist, it doesn't new-up a magic global, it raises an error.

nikcub14y ago

I recently took time to learn Io and I love it. It is a great language to know and learn if you do a lot of Javascript development.

cpeterso14y ago

ALGOL '58 used := and = as distinct operators for assignment and equality in 1958.

https://en.wikipedia.org/wiki/ALGOL_58#ALGOL_58.27s_influenc...

arohner14y ago

Yes. The other thing Scheme got right is explicit variable scope

    (define x 42) ;; global
    (let ((x 42)) ;; local, only defined inside the enclosing parenthesis. 
      (+ x x))

dalke14y ago

"Why has it become popular" implies that it's a recent thing. Darmouth BASIC did the same things in the early 1960s.

MostAwesomeDude14y ago

Python doesn't let you write outside of local scope without a special keyword. Exactly the inverse of JS. If you want to write to global state, and you're aware that you're writing to global state, then you use the "global" keyword. That's all.

rayiner14y ago

It still conjures up variables out of thin air.

    sum = 0
    for v in someList:
        smu += v
    print sum # prints 0, doh!

4 more replies

js214y ago

Python implicitly binds to the innermost scope on assignment, so you had the opposite problem when you wanted to reach a nested, non-global scope. Hence the nonlocal keyword added in py3k.

http://www.python.org/dev/peps/pep-3104/

dools14y ago

This is the PHP approach as well. I quite like the way PHP 5.3 has implemented bringing locally scope variables into scope for use in a closure.

mst14y ago· 9 in thread

Am I right in thinking that the javascript

  /* "use strict" */

construct would have caught this mistake (just like it would have done for me in perl code)? Seems to me that some such feature is absolutely and utterly necessary in any environment where you're doing a lot of closure creation ..

apaprocki14y ago

Yes:

  $ node
  > "use strict"; initial = "foo";
  ReferenceError: initial is not defined
      at repl:1:17
      at Interface.<anonymous> (repl.js:168:22)
      ...

geraldalewis14y ago

Yes, though never enable strict mode (in JS) unless you know exactly what it does. `use strict` causes some subtle semantic shifts that can be easily overlooked. For example, there's no dynamic binding between the `arguments` object and a function's arguments:

    ((x)-> x = 2; arguments[0] is 1)(1) # true

    ((x)-> arguments[0] = 2; x is 1)(1) # true

Any developer enabling strict mode should be testing heavily in browsers that actually support the feature. There have been a few high-profile meltdowns already (on BoA, Intel, eBay, etc.) due to devs not understanding the feature, or concatenating a `"use strict"` script (not wrapped in an IIFE) with non-strict code.

JSLint doesn't help matters, as it errors unless `"use strict"` is declared (unless run with the "sloppy" option -- something I'm sure devs love). The absolute worst scenario is for a browser to implement some kind of heuristics-based approach to respect the `"use strict"` prologue; what Brendan Eich calls a "strict quirks mode".

All that said, I'm a big fan of `strict`. It might be a good idea to use it in production, and strip the directives out when deploying.

ErikD14y ago

Since the code in question was run server side using nodejs you can just enable it. Using it for client side javascript is another case indeed.

bmj14y ago

Running some variation of JSLint in his editor/IDE would likely have caught this, too.

sjs14y ago

Or using js2-mode in Emacs. That's just one small reason why Emacs in my JavaScript workhorse. I use TextMate for most things but if I'm writing JS all day nothing beats Emacs.

Raticide14y ago

Yeah, that's all he needed. Making it a comment isn't necessary either.

Maybe Node should be strict by default? I can understand it not being the case for browsers that need to support legacy code, but for Node it doesn't really need to care about that.

morsch14y ago

Huh. On the scale from pragmatic idiosyncrasy to simply bizarre, making a string literal expression change the runtime behaviour in that manner is fairly wide towards the bizarre end of the scale.

I think, if anything, requiring it to be in a comment would have been less odd; at least comments imply a sense of "meta"-ness.

4 more replies

alunny14y ago

Node itself (the core js library) isn't strict mode compliant: it uses octal literals for filesystem interactions.

mst14y ago

Quite possibly a good idea.

  use v5.12;

in perl code enables strict, at least.

jessedhillon14y ago· 7 in thread

Do I understand this right -- global variables are shared across all requests in node.js?

If so, that is an insane design.

fennecfoxen14y ago

Global variables are basically instance variables on the process itself. They're going to be shared across all requests in all environments that handle more than a single request per process. If they had different semantics, they wouldn't really be what normal people call "global variables", would they?

So you just don't use them and everything's good. Which brings you to the real problem: JavaScript makes it distressingly easy to use a global variable where you meant to use a local one.

bzbarsky14y ago

    > Global variables are basically instance variables on the
    > process itself.

Not in JS. See my response to ww520 below.

1 more reply

ww52014y ago

Well, that's what global variable means, shared among all functions in the process. Since there's only one process to handle all requests, they can access the global variables.

All languages used in web server that don't spawn a new process for each request have the same feature.

bzbarsky14y ago

In JS, "global variable" means "property of the global object". No reference to "process".

It's trivial to have a single-process JS application with multiple JS global objects in it. Case in point: any web browser (and renderer processes don't change this: every iframe on a page has a separate global object).

It's just that Node _chose_ to reuse the same global object for multiple requests instead of using a clean execution environment.

I have to agree with jessedhillon: that sounds insane.

2 more replies

tikhonj14y ago

It's not really a fault of node so much as a fault of JavaScript. While JavaScript is a beautiful and expressive language, it does have some annoying pitfalls; this is just one of them.

Happily, this is all changing--in the long run, future versions of JavaScript should polish away these issues while maintaining the fundamentally sound core of the language. In the short run "use strict" lets you realize some of the upcoming improvements in otherwise legacy code.

dbattaglia14y ago

Node is single-threaded, so yes they are shared. Requests are basically just multiplexed inside the same message loop.

In my opinion it wouldn't be quite as scary if js didn't make it so damn simple to accidentally define a global variable (like in this instance, where it was never actually declared in globally-scoped code).

bzbarsky14y ago

Why does threading matter? You can have multiple JS global objects all running on the same thread. See any web browser.

3 more replies

DanielRibeiro14y ago· 5 in thread

This is why I like both Scala and Coffeescript approaches. On Coffeescript vars are created for you, and on Scala, you can't not use it (you either use var or val, making it easy to change from re-assignable variables to final ones).

Note that nowadays going to Coffeescript from Javascript is quite easy: http://js2coffee.org/

colanderman14y ago

(you either use var or val, making it easy to change from re-assignable variables to final ones)

I imagine that must be a headache for non-native speakers for whom "l" and "r" are indistinguishable. Imagine coding in a language developed in China with keywords "mā" and "mǎ"… most English-speaking developers would never remember which one to use because they can't distinguish between the two verbally.

finnw14y ago

I don't know Coffeescript - does it implicitly create a local var when there is already a global with the same name?

YmMot14y ago

CoffeeScript doesn't allow you to shadow variables in enclosing scopes. The compiler will declare the variable in the "outer-most" scope in which is is used and then any uses in enclosed scopes refer to that one.

In this case as long as OP was not using the variable in an enclosing scope, it would have been made local to the function.

2 more replies

extension14y ago

It always creates a local var. You can only assign to globals indirectly, through properties of the global object e.g. window.foo = 123.

Cushman14y ago

CoffeeScript is a compiler, so obviously it doesn't know anything about your runtime. It declares variables in the scope they're first assigned in; so 'global.x = y' works, while 'global = {}' compiles to 'var global; global = {};'.

almost14y ago· 4 in thread

> I would posit here that nothing I could do in best practice (manual front-end testing, unit testing, error handling, etc.) would have caught the offending line.

jshint would have caught it. You need to run jshint on your code or you will get silly errors like this. Simple.

apike14y ago

Even better is setting your editor to run JSHint when you save a .js file, and let you know if there are problems. Not only does it avoid stupid bugs, it saves time round-tripping to the browser for trivial issues like syntax errors.

almost14y ago

Sounds like a good idea. I know emacs flymake mode can be set up to underline problems detected by jshint. Personally I like to have the tests and jshint run by a hotkey so I can happily move the code through invalid states (towards a valid goal) without being constantly complained at :)

1 more reply

vinnycoyne14y ago

Never heard of JSHint. Thanks for the tip!

simanyay14y ago

Indeed, JSHint is designed to catch those kind of mistakes. Here is the offending code and its JSHint report: http://www.jshint.com/reports/57010

tikhonj14y ago· 4 in thread

Since everyone is chiming in with ways to prevent this sort of thing, here is another: js2 mode for Emacs[1]. This is a mode originally written by Steve Yegge and then modified by some other people (be sure to get that version) that actually parses the code and, among other things, highlights global variables in a different color than local ones. I find this, along with the other things js2 does, helps prevent a whole host of annoying JavaScript issues, as I type.

[1]: https://github.com/mooz/js2-mode

nkassis14y ago

I was going to say the same thing, it also makes me avoid missing semicolons by making those errors feel like sores in my code. I can't let them mess things up they need to be gone before I can write another line.

almost14y ago

Have you had any luck getting it to handle modern JavaScript style? Whenever I've tried js2-mode it really hasn't liked jQuery style nested anonymous functions.

tikhonj14y ago

Try using the version I linked rather than the original. It has a bunch of improvements including how it handles indenting functions.

I've done some moderately complicated jQuery development with it, as well as some node.js stuff for fun, and have had no issues in either case.

gcv14y ago

Do you have a specific example in mind? It works pretty well for me.

mzarate0614y ago· 4 in thread

I'm not an expert in JavaScript...

Given that you said that, and that the problem you hit is a common pitfall for Javascript developers (especially if you're not very seasoned with the language), I'd strongly recommend picking up a copy of Douglas Crockford's Javascript: The Good Parts. Not only does he inform readers of this particular gotcha, but he also elaborates on Javascript best practices and tools that others are bringing up in their comments.

baudehlo14y ago

Honestly though, I've tried jslint and jshint and a bunch of other lint-like tools on the Haraka source code (google it), and it barfs all over the place for no particular reason.

"use strict" is catching a lot more errors, though frustratingly enough, not until runtime.

smokestack14y ago

Javascript Patterns by Stoyan Stefanov is another great primer on JS best practices. Above all, if you're not delinting and using strict, you're dead in the water.

mturmon14y ago

Excellent advice. You simply have to understand JS scope rules, and the Crockford post lays it out compactly. It's an idiosyncratic language.

sirclueless14y ago

I think the author of the blog post understands JS scope rules. His point isn't that you shouldn't need to have a "var" in front of your declarations or that javascript is stupid and he doesn't understand it, it's that there should be a better way to find bugs like the one that bit him.

Of course, there is a way to find his particular bug (JSLint, "use strict") that he didn't know about. Still, the point about debugging being a nightmare is absolutely true.

1 more reply

brendoncrawford14y ago· 4 in thread

This was a problem of laziness more than anything else. To the beginner developers out there: Learn to write good code and to pay attention to the details. Don't become just another co-founder trying to do the bare minimum just to make a buck. Take pride in your work and use best practices. Be careful to avoid the careless mistakes made by the author...

  1. Did a major last minute code change
  2. Did not run jslint
  3. Did not use strict mode
  4. Did not run load tests
  5. Did not use an editor that catches scoping problems

dgabriel14y ago

Really smart, careful people also make mistakes. This is one of the things that can easily happen to a bright but inexperienced developer. While the numbered list is helpful, I don't think calling the programmer in question lazy, careless, or "just out to make a buck," is ok or fair.

xentronium14y ago

Sure, blame the victim, not the idea that default variable scope is global.

viraptor14y ago

There are libraries in other languages providing node-like capabilities. He could use those and not have the global scope problem. Not saying that the idea makes any sense either...

ams611014y ago

Every language and platform has idiosyncrasies that you ignore at your peril. You choose to use JavaScript, you live with its warts.

dikbrouwer14y ago· 3 in thread

One thing you can do to help avoid this: use JSLint (or something equivalent) to check for missing var keywords. And, the obvious (as you already mentioned) coffeescript. Would love to hear of other suggestions on how to effectively debug this, especially in node.

Waquo14y ago

Indeed, JSLint or JSHint would have cought this. The claim that "nothing I could do in best practice ... would have caught the offending line" is false.

NegativeK14y ago

JSLint was my first response, but I have to agree with someone higher up -- use strict is probably a better solution, since it'll happen whether you like it (or forget it) or not.

dikbrouwer14y ago

using strict sounds like a great idea - I wonder what other implications that has, need to look into it.

JonnieCache14y ago· 3 in thread

Ouch.

I always thought JS's global-variables-by-default schtick was it's worst crime, but I've never seen such terrible consequences for it up close before.

Note to self: before products get to forbes, do some load testing. Even if I am using node, with its magic event loop of invulnerability.

vonkow14y ago

As a rule, in js I declare every var at the top of the function (or globe) in one giant var statement just because of this. Still, it's easy to get lost in the moment and mess up just once. I used to think this was just the way things were but pair-programming/code-review and/or a language with better scoping rules would've prevented this from happening.

masklinn14y ago

> Still, it's easy to get lost in the moment and mess up just once.

Get a better editor, and JSHint, and "use strict";

Implicitly declared globals can be statically checked, there is no reason not to.

chrisrhoden14y ago

No such thing as "global-variables-by-default".

    > (function () { internalvariablewithnovardelcaration = "string"; })();
    > internalvariablewithnovardeclaration
    ReferenceError: internalvariablewithnovardeclaration is not defined

mnutt14y ago· 3 in thread

This is why I really dislike it when I see

    var a = "foo",
        b = "bar",
        c = "baz";

All it takes is one missed comma and all of a sudden you've turned a lot of your variables global.

fuzzythinker14y ago

that's why many people favor this variant:

  var
    a = "foo"
  , b = "bar"
  , c = "baz"
  ;

webXL14y ago

I see this hideous convention used a lot when assigning nodejs modules, so you can easily comment out modules for debugging purposes (I think). Other than that, why is "[NL], b = 1" safer or better than "b = 1,[NL]"?

mnutt14y ago

That makes the commas easier to see (and is ugly IMO) but it's still one comma away from making the rest of your variables global. What's so bad about just

    var a = "foo";
    var b = "bar";
    var c = "baz";

rajeshamara14y ago· 3 in thread

Actually it is very easy to debug any javascript error. In IE there is a setting where you can uncheck the Disable Script debugging (Internet Explorer) and in the status bar you will see any javascript error. If you check the checkbox IE will not report any errors. In general during your development you should always uncheck the box.If you double click the javascript status this will exactly report the line number where the javscript error is. I exactly don't know if you see these kind of errors in Chrome and firefox. I know people blame IE but there are quite few nice handy features which are very helpful during development

bobralian14y ago

There's a lot to say here, but I'll limit my comment to LOL at the idea that IE reports the exact line number of a javascript error.

thomblake14y ago

The funny thing about this comment is that you think he can use Internet Explorer to check his server-side code.

expertmind14y ago

Yes, These features are there in Firefox can Chrome. You clearly haven't used these browsers. I will suggest you to google for firebug, and developer tools in Chrome.

nikcub14y ago· 2 in thread

You will probably get hundreds of comments with unsolocited advice, but let me just say to checkout and setup JSLint:

https://github.com/douglascrockford/JSLint

Setup and how you use it is more important than just using it. I run it in three places:

1) In my IDE (bound in vim on save, same in TextMate)

2) As a Git checking hook

3) In deployment / build scripts

Turn all the warnings way up and it always catches redeclaration bugs.

Set it up once and don't allow any code to get checked in or deployed with even a single warning present.

I also pass all Javascript through the Google Closure Compiler, but with the lowest compilation setting, because it is very good at picking up small errors as well.

(if anybody is interested in how to set this all up I can publish my configs and scripts)

philbo14y ago

I'd love to see them. I'm starting a new job soon and it is going to be pretty much greenfield javascript development all the way. I'm really keen to make sure that I'm ticking every box on the best practices front, right from day one.

siculars14y ago

Please do share.

FuzzyDunlop14y ago· 2 in thread

JS is so easy to cock up in, I commonly find myself logging to the console just to make myself sure of the scope and other things.

This technique totally went to shit when I came across one of our scripts that gratuitously used `apply()` all over the place.

The other common error is array iteration, and I've not quite understood why iterating through one array in the same scope as where it was created works fine, but passing it to another function and performing the exact same routine also goes through the prototype methods after the elements.

Of course, particularly with the var mistake, you'd never really understand the magnitude of it until you attempted to use JS on the server side. This post has, quite thankfully, likely exposed a bug in my own code I couldn't quite understand a while ago. :)

bzbarsky14y ago

    > also goes through the prototype methods after the
    > elements.

That shouldn't be happening. If you see it happening, your JS implementation is just buggy.

In fact, this testcase:

    <script>
      window.onload = function() {
        var arr = window[0].arr;
        for (var i in arr) { alert(i); }
      }
    </script>
    <iframe src="data:text/html,<script>arr=[1];</script>">
    </iframe>

alerts only "0" in WebKit+JSC, Gecko, Presto. Chrome has some sort of bizarre security policy here that keeps the script from working, so no idea what WebKit+V8 does.

ruethewhirled14y ago

if you want to filter out prototypes you can use object.hasOwnProperty( property )

speleding14y ago· 2 in thread

I know there seem to be a few HN readers religiously against using an IDE, but in this case an IDE would have probably helped. Since it colors global and local variables differently the error would be much more apparent at the time when it was made (you typically have very few global variables so they stand out color wise).

thomblake14y ago

No IDE needed - any decent editor will do syntax highlighting.

speleding14y ago

Global versus local variables is not determined by syntax in javascript, it's determined by semantics (you need to parse javascript to find out). A few editors can do that, but you could really call those an IDE already.

1 more reply

johnbender14y ago· 2 in thread

Steve Yeggae's js2-mode highlights globals during editing, and it's saved me a good many times.

http://code.google.com/p/js2-mode/

Mind you it won't catch globals declared in chained assignments

    var x = y = 0; // y is defined globally

thomblake14y ago

The fork of js2-mode at https://github.com/mooz/js2-mode will catch that, as will js3-mode.

webXL14y ago

If you're looking for a new IDE, JetBrains WebStorm does this. In the chained assignment, as well.

igorgue14y ago· 2 in thread

I don't always write JavaScript (CoffeeScript FTW) but when I do I use JSLint (vim-jslint)...

baudehlo14y ago

It's not very good on node.js code. Hell, it's not very good, period.

igorgue14y ago

The plugin uses node as a linter...

let $JS_CMD='node'

jroseattle14y ago· 2 in thread

> I would posit here that nothing I could do in best practice (manual front-end testing, unit testing, error handling, etc.) would have caught the offending line.

Sorry, that's incorrect. If you cannot fully simulate your environment for purposes of validation, you're not covering your bases.

wanorris14y ago

Are you saying that the definition of an adequate test setup is one that will necessarily catch any possible race conditions?

That sounds like a necessary idea if you're building real-time embedded systems for aircraft operation or something, but for a lot of applications, developing a test harness to that standard would take considerably more time and effort than building out the actual product.

jroseattle14y ago

The problem wasn't a race condition, it was an improperly scoped variable. If a different variable name had been used, the failure would have been easy to identify. Testing for the result of something improper wouldn't be appropriate here, either.

But, if the environment is such that it is easy to manifest this condition, I would argue that such a test setup should definitely be considered, given the potential for failure.

Hominem14y ago· 1 in thread

I feel for you man, but did you not test with more than one user at the same time? I live in constant fear of this kind of thing, I always round up as many people as possible to test at once.

vonkow14y ago

Screw rounding up >1 users for testing (though it does give needed human insight), if you aren't spooling up a few multicore VMs with JMeter or better, you aren't really performance testing.

crichardson91714y ago· 1 in thread

Very interesting. I've been thinking about delving into Node.js for a while, and I will definitely keep things like this in mind.

samgro14y ago

Do yourself a favor and use CoffeeScript! You will never have to worry about this or any number of other trivial JS mistakes, plus your code will be more readable and more fun to write. Win/win.

SimHacker14y ago· 1 in thread

Do JSLint or JSHint catch the common error of using "this" inside a closure when you want it to be lexically bound instead of dynamically?

It's easy to forget to go "var me = this;" and use me instead of this inside of closures. But how would JSLint or JSHint know you made a mistake and didn't actually mean for "this" to be bound dynamically?

mark_story14y ago

No, because this is still valid inside the anonymous function. It can't tell which this you intended to get.

It would be able to find out if you used an uninitialized me, _this, that though and complain. Using self as the this alias is really dangerous as it leaks to window.self so avoid it like the plague.

atomical14y ago· 1 in thread

I just hit your page and it gave me an error that said the server was over capacity. Not the only reason?

ricardobeat14y ago

That's Tumblr apparently.

startupcto14y ago· 1 in thread

"It’s a damn tragedy. I’m not an expert in JavaScript"

Hell yea, the valley's full of smart kids who don't know what the hell they're doing with JavaScript and thinks they're one hell of a hacker when they discovered that they can do shit with a few lines of JS and trumpeting on the how great NodeJS or whatever the greatest and newest shiny framework out there.

If you don't really understand scoping in JS, please don't use node and hit yourself on your foot and then blog the cool shit out of it.

I'm just saying, no hard feelings. :)

sirclueless14y ago

I think "a damn tragedy" is a pretty apt description. Well-designed languages shouldn't require reams of experience. Just a little intelligence and a reference for any questions that arise should get you pretty far.

I'm sure this guy "really understand[s] scoping in JS", but he still got bitten. The blog post isn't frivolous, its point is that javascript is a minefield. Which is an important lesson. Use JSLint or "use strict" or pay the price.

mansoor-s14y ago· 1 in thread

"Now is the point I’d like you to say: you should have used CoffeeScript, and hey TameJS while you’re at it. You’d be right."

Perfect example of a developer hating JS just because he/she didn't bother to learn it first and got burned.

mhansen14y ago

It's still very easy to miss a 'var', even if you know the language. Especially if you've just context-switched from ruby or python.

kwamenum8614y ago

"I would posit here that nothing I could do in best practice (manual front-end testing, unit testing, error handling, etc.) would have caught the offending line."

Running your code through JSLint (or something similar) would have been helpful here. Performing this check before committing code is considered a best practice and it's really easy to setup a pre-commit hook in most version control systems. JSLint has a Node.js mode. It would have said something like "variable used before being defined". http://www.jslint.com/

kaffeinecoma14y ago

You can do some poor man's load testing very simply with siege (http://www.joedog.org/index/siege-home). Put a bunch of URLs in a text file, and run it with "siege -f urls.txt".

Of course it doesn't prove that your code is bug-free, but if you have concurrency issues, this will help shake them out. I've used this many times to reveal problems with DB connection pooling, concurrency issues, and excessive session size.

JayInt14y ago

Melon Card.... I just signed up with a random email and it would allow me to remove the details for that email 'joe.doe@yourwebsite.com'... using your software as long as I did the captcha I could remove records for anyone's email as long as you can find them (the recommendation makes that easy)... you NEED to include verifying the email address before you can perform actions!!

ConstantineXVI14y ago

Similar, but not quite as world-ending issue we had launching our Android app. Shortly (~36hrs) after launching, we had noticed that we were compiling with Cupcake (and we only intended to support Eclair+). We were pushing to have it out for SXSW; in a rush we just re-compiled, made sure it still launched, and pushed to the Market.

After everyone got some sleep, we realized that Cupcake didn't have multi-res support; and later phones quietly re-scaled everything to compensate. Compile to Eclair and well, things were a bit out of proportion.

jwatte14y ago

I think the main thing missing with Node is best practices. We use jslint with node. And we run tests in parallel, to flush out any dependencies. We had to wrap callbacks in a sequencing library to get good stack traces, though. Node.js also integrates with the Chrome V8 source level debugger, for real debugging!

Also, C++ can also take down your site with a single character typo that the compiler may not catch, so even static typing can't save against everything! (I actually like C++, too, so no hate there)

peregrine14y ago

Is it just me or is this site completely unusable right now. I keep trying to say 'This isn't me!' or 'This is me!' with no results... maybe he has another missing 'var' somewhere?

vonkow14y ago

Damn, I feel for ya; scope is hell sometimes, and js is all about giving you the power to shoot yourself in the foot. Interesting how bugs like this, while terrible and terribly easy to miss, tend to do a lot less damage on the front-end of things (or doesn't show up in a single thread/user environment). It was the potential of things like this happening that drove me towards languages like erlang and java on the server (even if js is still my favorite language).

chrisrhoden14y ago

    > (function () { internalvariablewithnovardelcaration = "string"; })();
    > internalvariablewithnovardeclaration
    ReferenceError: internalvariablewithnovardeclaration is not defined
        at [object Context]:1:1
        at Interface.<anonymous> (repl.js:179:22)
        at Interface.emit (events.js:64:17)
        at Interface._onLine (readline.js:153:10)
        at Interface._line (readline.js:408:8)
        at Interface._ttyWrite (readline.js:585:14)
        at ReadStream.<anonymous> (readline.js:73:12)
        at ReadStream.emit (events.js:81:20)
        at ReadStream._emitKey (tty_posix.js:307:10)
        at ReadStream.onData (tty_posix.js:70:12)
    > externalwithnovar = 1;
    1
    > (function () { externalwithnovar = "string"; })();
    > externalwithnovar
    'string'

You're all wrong. There is no 'global by default for javascript. This guy clobbered a variable called initial outside of the scope of the callback.

Tichy14y ago

Well whole rocket launches failed for silly reasons like temperature conversions, so you shouldn't feel too bad about it.

alexchamberlain14y ago

This is a major downside of interpreted languages, coupled with JS's diabolical scoping rules. Interpreted languages by their very nature, only reveal syntactic errors to you once you run them. I would like to see server side code written in compiled, statically typed languages, such as C/C++ to prevent such errors.

itay14y ago

I hit a similar thing in some code I was writing, and ended up debugging it for about 5 hours. Couldn't figure out why when some tests ran, one of them would just die.

Turns out I forgot to use 'var' in a library function, and the tests were running concurrently, and so one clobbered the other. It was not fun.

Been using JSHint ever since.

gopi14y ago

A un-initialised varible made our script to mail 20 copies of the same email to almost 10k users. One of our mass email script basically breaks the email list in chunks of 500 and emails them. The array variable that hold this 500 email chunk was not initialised. In our test everything was fine as the test list was never more than 500. When the time came to send emails to the production list, the script basically kept sending multiple copies of the same emails (since the array retained the old values across the loop iterations).

I realised this after about 10 minutes but already multiple copies of the same emails (20/user) was send to more than 10k users!...The end result was annoyed users unsubscribing in droves and possibly a hit in our email reputation. This is all because a stupid array variable was not initialised :)

dendory14y ago

Screams lack of testing. Speaking of which, did you know your site design breaks when viewed on an iPad?

mstepniowski14y ago

Use jslint, Luke.

jconley14y ago

Common problem. Live and learn.

But the problem is a bit more meta than Javascript scoping. Something would have happened no matter your environment. It's always extremely risky to make huge changes just before a launch day. Stuff always breaks. Sounds like you did a good job of communicating with your customers. Ironically, they will probably be better customers than they would have been if you didn't have any problems. Overcoming adversity brings people together.

Add some concurrency to your test suite. If you have any system level or black box tests, you can often just run the same test multiple times in parallel with different threads. No new tests required. Note that this may (probably will) also uncover other previously inconceivable concurrency issues.

dap14y ago

As many have pointed out, there are absolutely tools that would catch this kind of problem in development. But the experience also speaks to the lack of sophisticated observability tools for Node (and just about every other popular dynamic language too).

jufo14y ago

This is a lesson we all have to learn. At least in Node it is easy to pick up with a tool like JSLint. In Java, you typically have some classes which have to be thread-safe (having no per-request state) and others which are instantiated per request. Developers have to be aware of the distinction, and to code accordingly. I fell into this trap when submitting a change to JBoss back in 2000; Rickard Oberg picked it up within hours (the diffs of all committed changes went out to everyone on the developer mailing list). I'm grateful to him for that, and I've done the same kind of review for many others since then.

sampsonjs14y ago

And that is what happens when you throw static type checking and the other safety features of compiled languages out the window, 'cause all the cool kids are doing it.

jcromartie14y ago

Maybe a language where variables are global by default and there are no concurrency semantics at all isn't so great for serving up web apps to concurrent users?

poundy14y ago

This reminds me of something I could not do. How do you load test a nodejs - socket.io installation? Is there a tool like apache bench to load test websockets?

gambler14y ago

I don't see this as a JavaScript specific problem. A similar issue can occur in IIS, for example. The details would be more elaborate, but the core issue would remain the same. A variable shared across requests screws something up under load. Seen it happen.

This is one of the reasons I like shared-nothing architecture where the only way to share or persist something is via explicit caching or database.

ozataman14y ago

Thanks for reminding me why I like Haskell so much.

codejoust14y ago

My var story was a little harder scoping issue where a variable held the information for a pending call. It would asynchronously process the call, then mark the call as completed. Well, if there were more than one call going through, the callback was only getting one record, causing it to repeat the call about five times before I caught it and fixed the scoping.

howardr14y ago

Congrats on launching. Saying this ruined your launch is a bit dramatic. The ability to put out fires when they happened is crucial to startups. Seems like the problem only existed for a few hours. It could have been worse. Write a test and move on

chetan5114y ago

Oh wow. I've faced this exact same problem with missing `var`s more than once before. It's pretty ridiculous that JavaScript makes variables global by default.

Sorry to hear about your tragedy, hope it doesn't cause too many issues in the long run.

boscomutunga14y ago

Reminds me of a time i had a similar bug.The more i tried the more i found it hard to discover the bug.One approach i usually use is to take a timeout and relax.But in your position there was no time for relaxing.

firefoxman114y ago

Node definitely needs better error handling, but what's nice about node is that each module is scoped in its own namespace, so if he had put each of his routes in its own module, that wouldn't have happened.

bryantchou14y ago

Ack, stuff likes this makes me very nervous about our production nodejs backend ... the error tracking is really quite difficult. But it's more a byproduct of javascript as opposed to node/express.

ruidlopes14y ago

(Shameless plug, but interesting enough, imho). This is why I created scopeleaks: https://github.com/ruidlopes/scopeleaks

kevinkemp14y ago

The real failure that opened you up to this race condition is naming. Initial is not specific enough and thus colided with another variable, that was also not named specifically enough.

ighost14y ago

> I would posit here that nothing I could do in best practice would have caught the offending line.

bullshit.

jslint or clojure compiler would have found this error at "compile time."

coffeescript would have made it a non-issue.

phektus14y ago

"It’s beautiful simple..."

I might just be painfully slow, but the implementation he described didn't sound anything remotely simple to me (though I believe it really is beautiful).

yaix14y ago

Wow, thanks for sharing!

It's these small things to remember that can save a lot of debugging time down the road. Will remember to "use strict" when I use nodeJS again.

nt_mark14y ago

Exactly why we moved to CoffeeScript, without it you need to rigorously enforce coding conventions. This entails watching for missing vars, using jslint, having a script that searches for accidentally declared globals, only declaring vars at the top of a function, among other best practices. With CS you get all of that just by using it. If you can write high-standard code using a simpler, terser syntax, why avoid it?

markokocic14y ago

jslint to the rescue. If all your source is JS, there's no excuse to at least use lint.

scotty7914y ago

Php shares nothing except session between requests and local scope is default.

jhuni14y ago

Always use JSLINT.

_urga14y ago

for (var key in this) console.log(key);

illumen14y ago

jslint

jwallaceparker14y ago

Crazy. Same thing happened to me. Good luck with the next project.

j / k navigate · click thread line to collapse

209 comments

158 comments · 65 top-level

untog14y ago· 15 in thread

    for (x=0;x<variable.length;x++) {
    // blah
    }

I wasn't declaring the x variable, so it was using the x part of the x/y positioning of the UI container. Woops.

edit: initialise/declare brain freeze

swanson14y ago

joeyo14y ago

It's for this precise reason that I use 1i rather than i when doing complex arithmetic in matlab.

1 more reply

finnw14y ago

Now there's an argument for syntax highlighting.

It also doesn't happen in languages where you must say self.x to access a property/field called x.

Luyt14y ago

Exactly my first thought: "This wouldn't happen with Python".

1 more reply

cperciva14y ago

I wasn't initialising the x variable

Do you mean s/initialising/declaring/, or am I just really confused?

untog14y ago

Yes, sorry, I meant declaring. Wrote that post in a hurry as I headed out the door, I wasn't paying too much attention.

1 more reply

Permit14y ago

He means declaring.

cperciva14y ago

gnaritas14y ago

JoshTriplett14y ago

Have you tried the GCC -Wshadow warning flag? It will generate a warning whenever you define a variable with the same name as one declared in an outer scope.

That said, I rarely use C99's ability to declare a variable in the middle of a block. I primarily use the C99 feature of declaring variables as part of a loop.

1 more reply

colanderman14y ago

Umm, I find the opposite to be true. By always declaring variables where I use them (notably in for loops), I avoid accidentally reusing a variable I used elsewhere.

1 more reply

Peaker14y ago

That makes variables scope over far more than they need to, opening up a pretty frequent bug avenue of using the wrong variable that you did not intend to use.

vonkow14y ago

Classic! I did that with rotation in my js gaming engine once, fun times.

Veera14y ago

napierzaza14y ago

PHP experience can poison development in other languages.

rayiner14y ago· 11 in thread

Why has it become popular for dynamic languages to conflate establishing a binding with assigning it a new value? Ruby, Python, and Javascript are all guilty of this.

Scheme got it right sometime in the 1970's.

    (let ((x initial-value)) ; binding
      (set! x new-value))    ; assignment

Or in infix syntax (Dylan):

    let x = initial-value ;
    x := new-value ;

chromatic14y ago

JoshTriplett14y ago

1 more reply

phaedrus14y ago

nikcub14y ago

I recently took time to learn Io and I love it. It is a great language to know and learn if you do a lot of Javascript development.

cpeterso14y ago

ALGOL '58 used := and = as distinct operators for assignment and equality in 1958.

https://en.wikipedia.org/wiki/ALGOL_58#ALGOL_58.27s_influenc...

arohner14y ago

Yes. The other thing Scheme got right is explicit variable scope

    (define x 42) ;; global
    (let ((x 42)) ;; local, only defined inside the enclosing parenthesis. 
      (+ x x))

dalke14y ago

"Why has it become popular" implies that it's a recent thing. Darmouth BASIC did the same things in the early 1960s.

MostAwesomeDude14y ago

rayiner14y ago

It still conjures up variables out of thin air.

    sum = 0
    for v in someList:
        smu += v
    print sum # prints 0, doh!

4 more replies

js214y ago

Python implicitly binds to the innermost scope on assignment, so you had the opposite problem when you wanted to reach a nested, non-global scope. Hence the nonlocal keyword added in py3k.

http://www.python.org/dev/peps/pep-3104/

dools14y ago

This is the PHP approach as well. I quite like the way PHP 5.3 has implemented bringing locally scope variables into scope for use in a closure.

mst14y ago· 9 in thread

Am I right in thinking that the javascript

  /* "use strict" */

apaprocki14y ago

Yes:

  $ node
  > "use strict"; initial = "foo";
  ReferenceError: initial is not defined
      at repl:1:17
      at Interface.<anonymous> (repl.js:168:22)
      ...

geraldalewis14y ago

    ((x)-> x = 2; arguments[0] is 1)(1) # true

    ((x)-> arguments[0] = 2; x is 1)(1) # true

All that said, I'm a big fan of `strict`. It might be a good idea to use it in production, and strip the directives out when deploying.

ErikD14y ago

Since the code in question was run server side using nodejs you can just enable it. Using it for client side javascript is another case indeed.

bmj14y ago

Running some variation of JSLint in his editor/IDE would likely have caught this, too.

sjs14y ago

Or using js2-mode in Emacs. That's just one small reason why Emacs in my JavaScript workhorse. I use TextMate for most things but if I'm writing JS all day nothing beats Emacs.

Raticide14y ago

Yeah, that's all he needed. Making it a comment isn't necessary either.

Maybe Node should be strict by default? I can understand it not being the case for browsers that need to support legacy code, but for Node it doesn't really need to care about that.

morsch14y ago

Huh. On the scale from pragmatic idiosyncrasy to simply bizarre, making a string literal expression change the runtime behaviour in that manner is fairly wide towards the bizarre end of the scale.

I think, if anything, requiring it to be in a comment would have been less odd; at least comments imply a sense of "meta"-ness.

4 more replies

alunny14y ago

Node itself (the core js library) isn't strict mode compliant: it uses octal literals for filesystem interactions.

mst14y ago

Quite possibly a good idea.

  use v5.12;

in perl code enables strict, at least.

jessedhillon14y ago· 7 in thread

Do I understand this right -- global variables are shared across all requests in node.js?

If so, that is an insane design.

fennecfoxen14y ago

So you just don't use them and everything's good. Which brings you to the real problem: JavaScript makes it distressingly easy to use a global variable where you meant to use a local one.

bzbarsky14y ago

    > Global variables are basically instance variables on the
    > process itself.

Not in JS. See my response to ww520 below.

1 more reply

ww52014y ago

Well, that's what global variable means, shared among all functions in the process. Since there's only one process to handle all requests, they can access the global variables.

All languages used in web server that don't spawn a new process for each request have the same feature.

bzbarsky14y ago

In JS, "global variable" means "property of the global object". No reference to "process".

It's just that Node _chose_ to reuse the same global object for multiple requests instead of using a clean execution environment.

I have to agree with jessedhillon: that sounds insane.

2 more replies

tikhonj14y ago

It's not really a fault of node so much as a fault of JavaScript. While JavaScript is a beautiful and expressive language, it does have some annoying pitfalls; this is just one of them.

dbattaglia14y ago

Node is single-threaded, so yes they are shared. Requests are basically just multiplexed inside the same message loop.

bzbarsky14y ago

Why does threading matter? You can have multiple JS global objects all running on the same thread. See any web browser.

3 more replies

DanielRibeiro14y ago· 5 in thread

Note that nowadays going to Coffeescript from Javascript is quite easy: http://js2coffee.org/

colanderman14y ago

(you either use var or val, making it easy to change from re-assignable variables to final ones)

finnw14y ago

I don't know Coffeescript - does it implicitly create a local var when there is already a global with the same name?

YmMot14y ago

In this case as long as OP was not using the variable in an enclosing scope, it would have been made local to the function.

2 more replies

extension14y ago

It always creates a local var. You can only assign to globals indirectly, through properties of the global object e.g. window.foo = 123.

Cushman14y ago

almost14y ago· 4 in thread

> I would posit here that nothing I could do in best practice (manual front-end testing, unit testing, error handling, etc.) would have caught the offending line.

jshint would have caught it. You need to run jshint on your code or you will get silly errors like this. Simple.

apike14y ago

almost14y ago

1 more reply

vinnycoyne14y ago

Never heard of JSHint. Thanks for the tip!

simanyay14y ago

Indeed, JSHint is designed to catch those kind of mistakes. Here is the offending code and its JSHint report: http://www.jshint.com/reports/57010

tikhonj14y ago· 4 in thread

[1]: https://github.com/mooz/js2-mode

nkassis14y ago

almost14y ago

Have you had any luck getting it to handle modern JavaScript style? Whenever I've tried js2-mode it really hasn't liked jQuery style nested anonymous functions.

tikhonj14y ago

Try using the version I linked rather than the original. It has a bunch of improvements including how it handles indenting functions.

I've done some moderately complicated jQuery development with it, as well as some node.js stuff for fun, and have had no issues in either case.

gcv14y ago

Do you have a specific example in mind? It works pretty well for me.

mzarate0614y ago· 4 in thread

I'm not an expert in JavaScript...

baudehlo14y ago

Honestly though, I've tried jslint and jshint and a bunch of other lint-like tools on the Haraka source code (google it), and it barfs all over the place for no particular reason.

"use strict" is catching a lot more errors, though frustratingly enough, not until runtime.

smokestack14y ago

Javascript Patterns by Stoyan Stefanov is another great primer on JS best practices. Above all, if you're not delinting and using strict, you're dead in the water.

mturmon14y ago

Excellent advice. You simply have to understand JS scope rules, and the Crockford post lays it out compactly. It's an idiosyncratic language.

sirclueless14y ago

Of course, there is a way to find his particular bug (JSLint, "use strict") that he didn't know about. Still, the point about debugging being a nightmare is absolutely true.

1 more reply

brendoncrawford14y ago· 4 in thread

  1. Did a major last minute code change
  2. Did not run jslint
  3. Did not use strict mode
  4. Did not run load tests
  5. Did not use an editor that catches scoping problems

dgabriel14y ago

xentronium14y ago

Sure, blame the victim, not the idea that default variable scope is global.

viraptor14y ago

There are libraries in other languages providing node-like capabilities. He could use those and not have the global scope problem. Not saying that the idea makes any sense either...

ams611014y ago

Every language and platform has idiosyncrasies that you ignore at your peril. You choose to use JavaScript, you live with its warts.

dikbrouwer14y ago· 3 in thread

Waquo14y ago

Indeed, JSLint or JSHint would have cought this. The claim that "nothing I could do in best practice ... would have caught the offending line" is false.

NegativeK14y ago

JSLint was my first response, but I have to agree with someone higher up -- use strict is probably a better solution, since it'll happen whether you like it (or forget it) or not.

dikbrouwer14y ago

using strict sounds like a great idea - I wonder what other implications that has, need to look into it.

JonnieCache14y ago· 3 in thread

Ouch.

I always thought JS's global-variables-by-default schtick was it's worst crime, but I've never seen such terrible consequences for it up close before.

Note to self: before products get to forbes, do some load testing. Even if I am using node, with its magic event loop of invulnerability.

vonkow14y ago

masklinn14y ago

> Still, it's easy to get lost in the moment and mess up just once.

Get a better editor, and JSHint, and "use strict";

Implicitly declared globals can be statically checked, there is no reason not to.

chrisrhoden14y ago

No such thing as "global-variables-by-default".

    > (function () { internalvariablewithnovardelcaration = "string"; })();
    > internalvariablewithnovardeclaration
    ReferenceError: internalvariablewithnovardeclaration is not defined

mnutt14y ago· 3 in thread

This is why I really dislike it when I see

    var a = "foo",
        b = "bar",
        c = "baz";

All it takes is one missed comma and all of a sudden you've turned a lot of your variables global.

fuzzythinker14y ago

that's why many people favor this variant:

  var
    a = "foo"
  , b = "bar"
  , c = "baz"
  ;

webXL14y ago

mnutt14y ago

That makes the commas easier to see (and is ugly IMO) but it's still one comma away from making the rest of your variables global. What's so bad about just

    var a = "foo";
    var b = "bar";
    var c = "baz";

rajeshamara14y ago· 3 in thread

bobralian14y ago

There's a lot to say here, but I'll limit my comment to LOL at the idea that IE reports the exact line number of a javascript error.

thomblake14y ago

The funny thing about this comment is that you think he can use Internet Explorer to check his server-side code.

expertmind14y ago

Yes, These features are there in Firefox can Chrome. You clearly haven't used these browsers. I will suggest you to google for firebug, and developer tools in Chrome.

nikcub14y ago· 2 in thread

You will probably get hundreds of comments with unsolocited advice, but let me just say to checkout and setup JSLint:

https://github.com/douglascrockford/JSLint

Setup and how you use it is more important than just using it. I run it in three places:

1) In my IDE (bound in vim on save, same in TextMate)

2) As a Git checking hook

3) In deployment / build scripts

Turn all the warnings way up and it always catches redeclaration bugs.

Set it up once and don't allow any code to get checked in or deployed with even a single warning present.

I also pass all Javascript through the Google Closure Compiler, but with the lowest compilation setting, because it is very good at picking up small errors as well.

(if anybody is interested in how to set this all up I can publish my configs and scripts)

philbo14y ago

siculars14y ago

Please do share.

FuzzyDunlop14y ago· 2 in thread

JS is so easy to cock up in, I commonly find myself logging to the console just to make myself sure of the scope and other things.

This technique totally went to shit when I came across one of our scripts that gratuitously used `apply()` all over the place.

bzbarsky14y ago

    > also goes through the prototype methods after the
    > elements.

That shouldn't be happening. If you see it happening, your JS implementation is just buggy.

In fact, this testcase:

    <script>
      window.onload = function() {
        var arr = window[0].arr;
        for (var i in arr) { alert(i); }
      }
    </script>
    <iframe src="data:text/html,<script>arr=[1];</script>">
    </iframe>

alerts only "0" in WebKit+JSC, Gecko, Presto. Chrome has some sort of bizarre security policy here that keeps the script from working, so no idea what WebKit+V8 does.

ruethewhirled14y ago

if you want to filter out prototypes you can use object.hasOwnProperty( property )

speleding14y ago· 2 in thread

thomblake14y ago

No IDE needed - any decent editor will do syntax highlighting.

speleding14y ago

1 more reply

johnbender14y ago· 2 in thread

Steve Yeggae's js2-mode highlights globals during editing, and it's saved me a good many times.

http://code.google.com/p/js2-mode/

Mind you it won't catch globals declared in chained assignments

    var x = y = 0; // y is defined globally

thomblake14y ago

The fork of js2-mode at https://github.com/mooz/js2-mode will catch that, as will js3-mode.

webXL14y ago

If you're looking for a new IDE, JetBrains WebStorm does this. In the chained assignment, as well.

igorgue14y ago· 2 in thread

I don't always write JavaScript (CoffeeScript FTW) but when I do I use JSLint (vim-jslint)...

baudehlo14y ago

It's not very good on node.js code. Hell, it's not very good, period.

igorgue14y ago

The plugin uses node as a linter...

let $JS_CMD='node'

jroseattle14y ago· 2 in thread

> I would posit here that nothing I could do in best practice (manual front-end testing, unit testing, error handling, etc.) would have caught the offending line.

Sorry, that's incorrect. If you cannot fully simulate your environment for purposes of validation, you're not covering your bases.

wanorris14y ago

Are you saying that the definition of an adequate test setup is one that will necessarily catch any possible race conditions?

jroseattle14y ago

But, if the environment is such that it is easy to manifest this condition, I would argue that such a test setup should definitely be considered, given the potential for failure.

Hominem14y ago· 1 in thread

I feel for you man, but did you not test with more than one user at the same time? I live in constant fear of this kind of thing, I always round up as many people as possible to test at once.

vonkow14y ago

Screw rounding up >1 users for testing (though it does give needed human insight), if you aren't spooling up a few multicore VMs with JMeter or better, you aren't really performance testing.

crichardson91714y ago· 1 in thread

Very interesting. I've been thinking about delving into Node.js for a while, and I will definitely keep things like this in mind.

samgro14y ago

Do yourself a favor and use CoffeeScript! You will never have to worry about this or any number of other trivial JS mistakes, plus your code will be more readable and more fun to write. Win/win.

SimHacker14y ago· 1 in thread

Do JSLint or JSHint catch the common error of using "this" inside a closure when you want it to be lexically bound instead of dynamically?

mark_story14y ago

No, because this is still valid inside the anonymous function. It can't tell which this you intended to get.

It would be able to find out if you used an uninitialized me, _this, that though and complain. Using self as the this alias is really dangerous as it leaks to window.self so avoid it like the plague.

atomical14y ago· 1 in thread

I just hit your page and it gave me an error that said the server was over capacity. Not the only reason?

ricardobeat14y ago

That's Tumblr apparently.

startupcto14y ago· 1 in thread

"It’s a damn tragedy. I’m not an expert in JavaScript"

If you don't really understand scoping in JS, please don't use node and hit yourself on your foot and then blog the cool shit out of it.

I'm just saying, no hard feelings. :)

sirclueless14y ago

mansoor-s14y ago· 1 in thread

"Now is the point I’d like you to say: you should have used CoffeeScript, and hey TameJS while you’re at it. You’d be right."

Perfect example of a developer hating JS just because he/she didn't bother to learn it first and got burned.

mhansen14y ago

It's still very easy to miss a 'var', even if you know the language. Especially if you've just context-switched from ruby or python.

kwamenum8614y ago

"I would posit here that nothing I could do in best practice (manual front-end testing, unit testing, error handling, etc.) would have caught the offending line."

kaffeinecoma14y ago

You can do some poor man's load testing very simply with siege (http://www.joedog.org/index/siege-home). Put a bunch of URLs in a text file, and run it with "siege -f urls.txt".

JayInt14y ago

ConstantineXVI14y ago

jwatte14y ago

Also, C++ can also take down your site with a single character typo that the compiler may not catch, so even static typing can't save against everything! (I actually like C++, too, so no hate there)

peregrine14y ago

Is it just me or is this site completely unusable right now. I keep trying to say 'This isn't me!' or 'This is me!' with no results... maybe he has another missing 'var' somewhere?

vonkow14y ago

chrisrhoden14y ago

    > (function () { internalvariablewithnovardelcaration = "string"; })();
    > internalvariablewithnovardeclaration
    ReferenceError: internalvariablewithnovardeclaration is not defined
        at [object Context]:1:1
        at Interface.<anonymous> (repl.js:179:22)
        at Interface.emit (events.js:64:17)
        at Interface._onLine (readline.js:153:10)
        at Interface._line (readline.js:408:8)
        at Interface._ttyWrite (readline.js:585:14)
        at ReadStream.<anonymous> (readline.js:73:12)
        at ReadStream.emit (events.js:81:20)
        at ReadStream._emitKey (tty_posix.js:307:10)
        at ReadStream.onData (tty_posix.js:70:12)
    > externalwithnovar = 1;
    1
    > (function () { externalwithnovar = "string"; })();
    > externalwithnovar
    'string'

You're all wrong. There is no 'global by default for javascript. This guy clobbered a variable called initial outside of the scope of the callback.

Tichy14y ago

Well whole rocket launches failed for silly reasons like temperature conversions, so you shouldn't feel too bad about it.

alexchamberlain14y ago

itay14y ago

I hit a similar thing in some code I was writing, and ended up debugging it for about 5 hours. Couldn't figure out why when some tests ran, one of them would just die.

Turns out I forgot to use 'var' in a library function, and the tests were running concurrently, and so one clobbered the other. It was not fun.

Been using JSHint ever since.

gopi14y ago

dendory14y ago

Screams lack of testing. Speaking of which, did you know your site design breaks when viewed on an iPad?

mstepniowski14y ago

Use jslint, Luke.

jconley14y ago

Common problem. Live and learn.

dap14y ago

jufo14y ago

sampsonjs14y ago

And that is what happens when you throw static type checking and the other safety features of compiled languages out the window, 'cause all the cool kids are doing it.

jcromartie14y ago

Maybe a language where variables are global by default and there are no concurrency semantics at all isn't so great for serving up web apps to concurrent users?

poundy14y ago

This reminds me of something I could not do. How do you load test a nodejs - socket.io installation? Is there a tool like apache bench to load test websockets?

gambler14y ago

This is one of the reasons I like shared-nothing architecture where the only way to share or persist something is via explicit caching or database.

ozataman14y ago

Thanks for reminding me why I like Haskell so much.

codejoust14y ago

howardr14y ago

chetan5114y ago

Oh wow. I've faced this exact same problem with missing `var`s more than once before. It's pretty ridiculous that JavaScript makes variables global by default.

Sorry to hear about your tragedy, hope it doesn't cause too many issues in the long run.

boscomutunga14y ago

firefoxman114y ago

bryantchou14y ago

Ack, stuff likes this makes me very nervous about our production nodejs backend ... the error tracking is really quite difficult. But it's more a byproduct of javascript as opposed to node/express.

ruidlopes14y ago

(Shameless plug, but interesting enough, imho). This is why I created scopeleaks: https://github.com/ruidlopes/scopeleaks

kevinkemp14y ago

The real failure that opened you up to this race condition is naming. Initial is not specific enough and thus colided with another variable, that was also not named specifically enough.

ighost14y ago

> I would posit here that nothing I could do in best practice would have caught the offending line.

bullshit.

jslint or clojure compiler would have found this error at "compile time."

coffeescript would have made it a non-issue.

phektus14y ago

"It’s beautiful simple..."

I might just be painfully slow, but the implementation he described didn't sound anything remotely simple to me (though I believe it really is beautiful).

yaix14y ago

Wow, thanks for sharing!

It's these small things to remember that can save a lot of debugging time down the road. Will remember to "use strict" when I use nodeJS again.

nt_mark14y ago

markokocic14y ago

jslint to the rescue. If all your source is JS, there's no excuse to at least use lint.

scotty7914y ago

Php shares nothing except session between requests and local scope is default.

jhuni14y ago

Always use JSLINT.

_urga14y ago

for (var key in this) console.log(key);

illumen14y ago

jslint

jwallaceparker14y ago

Crazy. Same thing happened to me. Good luck with the next project.

j / k navigate · click thread line to collapse