Cost-benefit analysis: a logging library vs custom implementation
Doing the right cost-benefit analysis is very hard. Often times new technologies come along stating all the beautiful benefits that they provide. And people start using them only to discover hidden cons sometimes years later.
So I think formulating explicitly cost and benefits of different things in software development makes a lot of sense and is one of the most high leverage things I can do as a CTO for my company.
First I wanted to make a general cost-benefit analysis of dependencies in general. But then I realised that it all depedens on what specific dependency we are talking about. So I decided to do cost-benefit analysis of specific dependecy instead, so that concrete example transfer more precisely to real world of software development.
I will start with logging library. Should you use it, or should you implement your own logger?
Logging dependency
Pros:
You reuse functionality already implemented by someone else
It has rolling files
It works in a worker thread - doesn’t clog the main thread
Cons:
If something doesn’t work as you want it to, you need to understand everything in the dependency, in order to fix it
Vulnerable. If dependency has vulnerabilities, including its own dependencies, your app has these vulnerabilities as well
Not tailored to your needs. Logging library is written as a general library, so it’s a layer that doesn’t know anything about your app and can’t make trade offs specific to your needs, so you pay the cost of that by having lower performance
Performance. You don’t know what is inside and how the library works. Is it buffering the logging statements or not? How often does it flush to disk?
Custom logger implementation
Cons:
You need to write your own code for logger, test it, make sure it works, maintain it bug-free
Pros:
Less code, less complexity. Your implementation will most likely be less complicated and less lines of code compared to general library, because you can implement only what you need. For example my implementation of logger for AMS Pilot is 167 LOC at the time of writing this. And it supports all I need: message formatting, writing to multiple destinations, logging levels, per-user log files
Clarity. You understand it well.
Better performance. You write it the way you need it to work in the environment that is custom tailored to your needs and assuming the right trade offs that you have
Less dependencies, smaller deployment, faster build.
Secure. There are 0 vulnerabilities in 0 dependencies (except for OS-level and protocol-level vulnerabilities). Though you must make sure your implementation itself is secure, but that’s a lot easier since you understand the whole implementation and its very simple.
If the implementation becomes too big, you can always open-source it and let other people help find bugs in it. That’s precisely what the big companies do
This is not a full list of course. I will keep maintaining pros/cons list over time, and I’m always open to change my current stance given enough arguments.