• Code Dependent (cs)

    if (!comment) return fist;

  • Scott (unregistered)
    global_NewAceUser_Yes=No global_NewAceUser_No=Yes
    That's called default deny. It's mandatory in all security software for Sarbanes Oxley compliance.
  • Jerry (unregistered)
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.
  • kastein (cs)

    I bet whoever wrote the "do I exist" C++ class defense noticed that that was checked after "new <whateverclass>&quot; every time, so he figured hey, I can put this code in one place and stop duplicating it! Either that, or it's from some abomination of a mixed-language application and the class is used through some strange wrapper from another language and might not be trusted to actually set the &quot;this&quot; pointer while calling. Either way, WTF?<p> </whateverclass>

  • Blob (unregistered) in reply to Jerry
    Jerry:
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.

    "of" has been deprecated

  • Code Dependent (cs)
    // Function to confirm before deletion function Custom_Confirm(message) { // Show confirmation message var confirmation = confirm(message);
    // If confirmed then return false to stop form submit
    if (!confirmation)
    {       
        return false;
    }
    else
    {
        return true;
    }
    

    }

    Boy, that's a case of taking the taxi across town to get to your next door neighbor's house.

    The logic here all hinges on what is returned for what state by confirm(message). The comment says "If confirmed then return false", but then they return false for ! confirmation. I imagine the comment was supposed to say: // If not confirmed then return false to stop form submit

    So instead of: var confirmed = Custom_Confirm(messageToConfirm);

    ...how about this? var confirmed = confirm(messageToConfirm);

  • Code Dependent (cs) in reply to Blob
    Blob:
    Jerry:
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.
    "of" has been deprecated
    Yes, "the" is now used in its place.
  • Tom C (unregistered)
    if (!this) return false;

    Gives the optimizer something to work with, making the runtime more efficient.

    (And is it just me, or has this site become a lot more boring since TopCod3r went silent?)

  • Gnubeutel (unregistered)
    Boolean answer = new Boolean( inp.equals("true") ? new Boolean(true) : new Boolean(false)).booleanValue();

    That is wrong on so many levels. It should be used as an example in programming classes. I count at least three redundant/useless operations and another three things you shouldn't do because there are more efficient ways. And i'm probably missing some more. I just hope there were a lot of blind mass refactorings involved in the creation of this statement.

  • Médinoc (unregistered) in reply to kastein
    kastein:
    I bet whoever wrote the "do I exist" C++ class defense noticed that that was checked after "new <whateverclass>" every time, so he figured hey, I can put this code in one place and stop duplicating it! Either that, or it's from some abomination of a mixed-language application and the class is used through some strange wrapper from another language and might not be trusted to actually set the "this" pointer while calling. Either way, WTF?</whateverclass>
    Unlike Java, it's possible in C++ to call a class member function from a null pointer. If the function is not virtual, the program will not crash before entering it, and it won't crash inside the function either if no member variables are accessed.

    An Example from a well-known UI class library:

    HWND CWnd::GetSafeHwnd()
    { return this ? m_hWnd : null; }
  • Jamie (unregistered) in reply to Blob
    Blob:
    Jerry:
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.

    "of" has been depreciated

    FTFY

  • Henning Makholm (unregistered)

    I'm not convinced that "if(!this)" is a WTF. For a nonvirtual function, most compilers would probably be happy to produce code that called the function through a null pointer. (This is probably undefined behavior at runtime, but by far the most common actual behavior must be to attempt to execute the function body with this being null).

    On the other hand, silently returning false as a defensive action is a lot more questionable. That just exchanges a segfault-and-core-dump here and now with wrong results further down the road that could be a lot harder to debug.

    Perhaps the product of faulty metrics, such as "the programmer in whose code the segfault occurred is to be blamed for the bug"?

  • jspenguin (cs)

    The C++ one is obviously some kind of attempt to defend against dereferencing NULL pointers. It fails miserably under the following conditions:

    1. Member access
    2. Virtual methods
    3. Multiple inheritance, when the method is in a base class that is not the first class:
    class A {
    public:
        int a;
        virtual ~A() { }
    };
    
    class B {
    public:
        int b;
        virtual ~B() { }
        bool nullprotect() {
            if (!this) return false;
            return (b != 0);
        }
    };
    
    class C : public A, public B {
    public:
        int c;
    };
    
    int main() {
        B* pb = NULL;
        C* pc = NULL;
    
        cout < "pb:="" "="">< pb-="">nullprotect() < endl;="" prints="" "pb:="" false"="" cout="">< "pc:="" "="">< pc-="">nullprotect() < endl;="" segfault!="" }="">

    The reason is that in order to get a pointer to B from a pointer to C, you have to add a constant offset (8 bytes on a 32-bit system), so when pc->nullprotect() is called, this is (B*)0x8.

    If nullprotect were virtual, the compiler would actually generate a tiny "thunk" function that adds a constant value to this and jumps to the original function.

  • AC (unregistered) in reply to jspenguin

    It's like running across those branches that begin with a comment saying "this should never happen"

  • amischiefr (cs)
    global_NewAceUser_Yes=No
    global_NewAceUser_No=Yes
    

    This was obviously written by a woman. When they say yes it means no and when they say no it means yes. At least that's what I told the judge.

  • Tom C (unregistered) in reply to amischiefr
    amischiefr:
    global_NewAceUser_Yes=No global_NewAceUser_No=Yes

    This was obviously written by a woman. When they say yes it means no and when they say no it means yes. At least that's what I told the judge.

    I hope, for your sake, the "jury of your peers" was all male.

    Then again...

    Judge: Guilty?

    Male jurors: No.

    Female jurors: Yes.

    So, you're fine.

  • Buddy (unregistered)

    if (!this) return false;

    It's perfectly legitimate because it's entirely possible to cast NULL to an object and use it to call non-virtual functions. Not smart or safe, but you'll see it throughout MS code.

    E.g.

    HDC hdc = ((CDC *)NULL)->GetSafeHdc();

    Yet another gotcha of C++...

  • Leo (unregistered)

    The Real WTF is caring whether code works in IE6 or not. Bet it doesn't work in Lynx, SlipKnot, or Netscape 3 either.

  • Vollhorst (unregistered) in reply to Buddy
    Buddy:
    if (!this) return false;

    It's perfectly legitimate ...

    Yet another gotcha of C++...

    Aye, it is a simple solution of null pointer problems. It is no good design but sometimes it really makes sense.

    Some people simply forget that member functions of classes are nothing else then normal class-less functions with a hidden parameter (this).

  • methinks (unregistered) in reply to Gnubeutel
    Boolean answer = new Boolean( inp.equals("true") ? new Boolean(true) : new Boolean(false)).booleanValue(); "We had a strange problem wherein a procedure wasn't always returning the expected value," writes Jake T, "upon digging through the procedure's code, it was pretty apparent why." ALTER FUNCTION [CMM].[FetchItemCode] ( ) RETURNS bigint AS BEGIN RETURN 29654 END

    Well, unless of course you expect 29654 as the answer, which the OP doesn't say isn't the case...

  • Stilgar (cs) in reply to Gnubeutel

    The real WTF is Java's boxing model!

  • Rootbeer (cs) in reply to Leo
    Leo:
    The Real WTF is caring whether code works in IE6 or not. Bet it doesn't work in Lynx, SlipKnot, or Netscape 3 either.

    IE6 still accounts for 15% of the traffic to the site I operate at my day job. Do you think management would be happy if sales were to drop by 15%?

  • Georgem (unregistered)

    Mine's bigger

    Boolean[] values = new Boolean[new Boolean(Boolean.TRUE), new Boolean(Boolean.FALSE)]

  • Tom C (unregistered) in reply to Leo
    Leo:
    The Real WTF is caring whether code works in IE6 or not. Bet it doesn't work in Lynx, SlipKnot, or Netscape 3 either.
    I attended a two hour information security class last night. When I saw all their computers were running IE6.0, I concluded I wasn't going to be learning anything useful from them. And this indeed turned out to be the case.

    More peculiar was that when I pointed it out to the others in the class -- all alleged security pros -- the most common response was "what version should it be?"

  • pete (unregistered) in reply to Rootbeer
    Rootbeer:
    IE6 still accounts for 15% of the traffic to the site I operate at my day job. Do you think management would be happy if sales were to drop by 15%?
    They seem to be happy -- obsessed even -- with eliminating the sales from Firefox users, Mac users, etc...
  • Tim Smith (unregistered)

    I wouldn't depend on the (!this) stuff since the standard specifically states that the behavior is undefined. You can invoke a static function from a null pointer, but that is it.

  • Anonymous (unregistered) in reply to Leo
    Leo:
    The Real WTF is caring whether code works in IE6 or not. Bet it doesn't work in Lynx, SlipKnot, or Netscape 3 either.
    Simply compare the market share of IE6, Lynx, SlipKnot and Netscape 3 - then you will see exactly why people still care about IE6.

    I would say "bad troll" but we all bit, so maybe it wasn't such a bad troll after all.

  • Charles400 (cs)
    "I was going over some code from a SDK released by you know who," Tammie Kong wrote. "There were a few questionable things in it, but then I found a single line that made me pause. I realize string.format() has its advantages and all, but this just seemed ridiculous."
    No, I don't know who. Who?
  • Pedant (unregistered)

    The real WTF is that someone thinks that "!this" is a WTF in C++. Please do us a favor and stay far away from C++ until you learn what you are doing.

    Bjarne Stroustrup uses "if (this==0)" twice on page 605 of "Programming: Principles and Practice using C++". It isn't needed in every method, but it isn't automatically a WTF.

  • Steve (unregistered) in reply to Jamie

    [quote user="Jamie"] [quote user="Blob"] [quote user="Jerry"] Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.[/quote] ... while Josh, in turn, missed out on the fundamentals the English grammar.[/quote] "of" has been depreciated [/quote] FTFY [/quote] No, you didn't.

  • Steve (unregistered) in reply to Jamie
    Jamie:
    Blob:
    Jerry:
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.
    "of" has been depreciated
    FTFY
    No, you didn't.
  • awfwefewa (unregistered)
    ALTER FUNCTION [CMM].[FetchItemCode] ( ) RETURNS bigint AS BEGIN RETURN 29654 END
    TDD mocking?
  • CAT (unregistered) in reply to Leo
    Leo:
    The Real WTF is caring whether code works in IE6 or not. Bet it doesn't work in Lynx, SlipKnot, or Netscape 3 either.

    The Real WTF are sites which rely on JS (or Flash, Java, ...) for basic functionality.

  • anon (unregistered) in reply to AC
    AC:
    It's like running across those branches that begin with a comment saying "this should never happen"
    As long as this case is properly handled, there's nothing wrong with it. Think of external input that will be between -10 and 10. If it leaves those bounds (power surge, earthquake, sensor failure etc.) than there is no correct response from the program, which may therefore (gracefully) shut down.

    Now, if you didn't have that branch, the program would still happily continue with wrong values.

  • Jamie (unregistered) in reply to Steve
    Steve:
    Jamie:
    Blob:
    Jerry:
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.
    "of" has been depreciated
    FTFY
    No, you didn't.

    Sorry... I guess you had to be here yesterday.... I was just running the script provided by "Language Nazi"

  • SCJP (unregistered)
    Boolean answer = new Boolean( inp.equals("true") ? new Boolean(true) : new Boolean(false)).booleanValue();
    For those not familiar with Java:
    Boolean answer = new Boolean(inp);
    ...simply does the trick.
  • DaveK (cs)
    the actual code and it was a even more surprising than I had remembered."
    #define NEGATIVE_ONE 0
    
    What's surprising about that? When it comes to boolean values, zero is the negative one. And '1' is the positive one. See?
  • Code Dependent (cs) in reply to SCJP
    SCJP:
    Boolean answer = new Boolean( inp.equals("true") ? new Boolean(true) : new Boolean(false)).booleanValue();
    For those not familiar with Java:
    Boolean answer = new Boolean(inp);
    ...simply does the trick.
    return new Boolean( "Boolean answer = new Boolean(inp);" ...simply does the trick ? new Boolean(true) : new Boolean(false)).booleanValue();
  • lolwtf (cs) in reply to Code Dependent
    Code Dependent:
    Blob:
    Jerry:
    Josh's predecessor seemed to miss out on the fundamentals the request/response paradigm.
    ... while Josh, in turn, missed out on the fundamentals the English grammar.
    "of" has been deprecated
    Yes, "the" is now used in its place.
    What a load the nonsense. I'd rant about it, but I have to log thef.
  • shadowman (cs)

    I don't get the String.format() one.

  • Tom (unregistered)

    Someone explain to me the javascript one. Is the WTF that the comment and the if (!confirmed) don't match? I'm going crazy trying to see what is wrong with this (maybe just because it is Friday...)

  • Tom (unregistered) in reply to Tom
    Tom:
    Someone explain to me the javascript one. Is the WTF that the comment and the if (!confirmed) don't match? I'm going crazy trying to see what is wrong with this (maybe just because it is Friday...)

    I mean, other than the fact that there is a lot of unnecessary code (assuming that the comment is incorrect, but the code is right...)

    Sorry for the double-post, can't edit since I am not registered...

  • SCJP (unregistered) in reply to shadowman
    shadowman:
    I don't get the String.format() one.
    Splitting the SQL string into four parts first and let String.Format() put it together afterwards is somehow senseless.
  • wrtlprnft (unregistered)

    if(!this) { throw new NullPointerException(); }

  • Code Dependent (cs) in reply to Tom
    Tom:
    Tom:
    Someone explain to me the javascript one. Is the WTF that the comment and the if (!confirmed) don't match? I'm going crazy trying to see what is wrong with this (maybe just because it is Friday...)

    I mean, other than the fact that there is a lot of unnecessary code (assuming that the comment is incorrect, but the code is right...)

    Sorry for the double-post, can't edit since I am not registered...

    The entire method is superfluous. See my comment on that above.

  • shadowman (cs) in reply to Tom
    Tom:
    Someone explain to me the javascript one. Is the WTF that the comment and the if (!confirmed) don't match? I'm going crazy trying to see what is wrong with this (maybe just because it is Friday...)

    The whole function is an unnecessary wrapper around

    var confirmation = confirm(message);

    It doesn't add anything beyond that one line.

  • Code Dependent (cs) in reply to SCJP
    SCJP:
    shadowman:
    I don't get the String.format() one.
    Splitting the SQL string into four parts first and let String.Format() put it together afterwards is somehow senseless.
    No kidding. Somebody ought to put it up on a website somewhere that features stuff like that.
  • Rich (unregistered) in reply to jspenguin

    We did something similar to this back in our Windows 3.1 programming days. But it was

    assert(this);

    at the top of every method. We were using the Borland compiler.

    The problem was that you could call non virtual methods without a valid "this" pointer (because those methods weren't put into the virtual table) and we would end up with segfaults or other assertions farther down in the code.

    Not all class methods touched the "this" pointer, but we wanted to assert() the failure sooner rather than later.

    Moving the assert(this) higher up in the stack showed the developer immediately that he was dealing with a null pointer. Not that he shouldn't have been asserting his pointer earlier.. but in win16 programming we believed in belts AND suspenders!

    And yes, it doesn't work for virtual functions in subclasses. But virtual functions weren't what we were trying to protect! Ideally you should segfault when the compiler indexes into the bad virtual table pointer. (And then often bring down your Windows 3.1 with it!)

  • Jay (unregistered) in reply to anon
    anon:
    AC:
    It's like running across those branches that begin with a comment saying "this should never happen"
    As long as this case is properly handled, there's nothing wrong with it. Think of external input that will be between -10 and 10. If it leaves those bounds (power surge, earthquake, sensor failure etc.) than there is no correct response from the program, which may therefore (gracefully) shut down.

    Now, if you didn't have that branch, the program would still happily continue with wrong values.

    It's like, Why do we waste money hiring police? After all, people SHOULD never break the law.

  • Steven Noonan (unregistered)

    The whole

    if (!this) dieHorribly();
    thing actually does make sense. Something like
    assert(this);
    would make more sense, but the rationale for it is fairly simple. Let's say you have some badly written code like this:

    SomeClass *instance = NULL;
    instance = getSomeInstance(someParameter);
    instance->badFunctionCall();
    The return value of 'getSomeInstance' isn't checked, so it could return NULL. Instead of segfaulting on the badFunctionCall() it will just hit an assertion failure in the case that you have an assertion on the 'this' pointer, because 'this' would be NULL. It's even' better if you have a custom assertion function that prints debugging info, because you can easily figure out where you made a mistake in your program.

Leave a comment on “Defensive Programming and a Whole Lot More”

Log In or post as a guest

Replying to comment #:

« Return to Article