- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
:blink.apng:
Time for count the :wtf:s:
!=operatorIf this uses lazy evaluation, won't the download button be enabled for anyone except administrators (at least if the file exists)?Writing the condition in such a way that 50% of the readers get tricked by precedence rules. Use parentheses dammit!Admin
Non-admins can download the file if it exists. Admins can download it whether it exists or not.
Admin
!= trueis truly awful.Admin
OK, there are minor WTF's with the semantics, and the logic is totally borked, but where is there a "tri-state-boolean"?
Admin
The title really is TRWTF.
Admin
Are you sure? Here's the condition again:
I believe you can equivalently rewrite it like this:! userCanDownload && (file != null || userCanDownload)If that's correct, if admins have theuserCanDownloadboolean set to true and lazy evaluation rules are used, the whole statement should immediately evaluate to false for admins. If you aren't an admin, the button will show up if the file variable is non-null.EDIT: Never mind, I'm done in by precedence rules. Belgium this code.
Admin
She needed 3 hours to find this bug? In a codebase she's familiar with, I assume? Wow
Admin
Admin
&& precedes || in all languages I know
Admin
I have no idea what the precedence is, because I always use brackets to make damn sure && and || are evaluating in the order I mean
Admin
It's a classic bait-and-switch. I can't believe you weren't expecting something like that. You better never go in against a Sicilian.
Admin
In many languages precedence is the same for && and ||, so the expressions will be evaluated in the order they are encounted. Which may or may not be from left to right (depending on the language, and is indetermined for some languages).
I always use parentheses in these situations to prevent FILE_NOT_FOUND, having encountered similar WTFs far too often.
Admin
FTFY. That's why you always get it wrong when reading someone else's code.
You'd easily remember the preferences if you knew anything about boolean algebras:
&&is multiplication and||is addition.Admin
No I don't, I look it up when I need it and then promptly forget it
implementation detail. No guarantee any particular language will adhere to thatAdmin
Admin
TIL
1 || 1 = 2. Who would have known? I always thought it was 1Admin
Not in VHDL.
Admin
That's wrong, though.
1 || -1is not 0Admin
Well, what is it? i?
Admin
In most languages I know of? 1.
Admin
That doesn't seem intitive at all. But then, -1 isn't a boolean value, hence
||isn't a boolean addition but a comparison.Admin
In languages like JavaScript and Ruby,
||works as follows:Admin
Obviously there ain't no 2, so it can't be 2. But addition in ℤ₂ is 1 ⊕ 1 = 0, so 1 || 1 = 1 still does not actually qualify.
Admin
There is a 2. It means "super true"
Admin
And what is -1 then?
Admin
"Not likely"
Admin
Argh, you guys take everything so literally. Here is the correct statement (from wikipedia)
Admin
FILE_NOT_FOUND, obviously
Admin
And -2 is, of course, "Not bloody likely".
Filed under: -3, no fucking way
Admin
It does, but not that way. ({0, 1}, 0, 1, ⊻, ∧) is a field just like ℤ or ℝ. But since ({0, 1}, 0, ∨) is not a group, only a monoid, and since all the two-operation algebras (ring, field) require group in the first operation, ({0, 1}, 0, 1, ∨, ∧) is not any of them.
Admin
There's your mistake. I used to work with a modified version of SugarCRM. Whenever there was an issue, finding it and fixing it could easily take hours, as the codebase was criminally obscure. Whether or not I was familiar with it was relative. I was more familiar than anyone else, but ultimately the only rule I learned for certain was that SugarCRM was unlikely to do something in a commonly intuitive way. Nevermind the modifications made by the developers of the product for our company.
If this is javascript, the client can just go and look for the file without having permissions to see it, right? Let's hope they don't. Based on that assumption, one would assume she had been looking on the backend or in the ACL interface or equivalent, finding nothing. I guess we're also assuming that the software doesn't have about 50 non-SPA pages between itself and the developer over a slow connection.
It could have been worse. After 3 hours, she could have come across this:
"What's wrong?" you might ask. You'd rather see an explicit 'userCanDownload === true' rather than a vague, truthy condition? Maybe the fact that I've created an unnecessary new variable. Those might be your nightmares, but in my nightmares, I've found this code, and I have to keep looking.
Admin
Actually since we don't have a 2 to work with, the correct answer is 1 + 1 == -1. -1, expressed in twos complement notation with a single bit, is 1.
Therefore 1 + 1 == 1. Duh.
Admin
Whats cool about this website is that often, the WTF moments are in the comments, which add to the pile.. :smile:
Admin
Admin
I can confirm that there exists at least one programming language that reverses this implementation detail. It was a 4GL written by accountants. I was part of the team trying, and failing, to modernise it. This was one sticking point. because we couldn't fix it without breaking legacy code in hard to detect ways.
Admin
Odd, I would have thought if we didn't have a 2 to work with that 1 + 1 == 10.
Admin
!!! BIG WARNING !!!
Be sure to check permissions again when serving the actual file!
Button availability is not so important, it's better to show button to everyone and fail due to permissions after clicking on it than allowing some hacker with a Web Development Console to download the file even with disabled button.
Admin
Sorry, i left out a step. We only have one bit to work with, so we end up in overflow condition: MAX_BOOL + 1 == MIN_BOOL.
Since these are presumed to be signed bools, MAX_BOOL = 1; MIN_BOOL = -1
Admin
Right here: https://msdn.microsoft.com/en-us/library/microsoft.office.core.msotristate.aspx
Note that this "tri-state" actually has 5 states, 3 of which have description "Not Supported."
Admin
FTFY
Admin
Am I the only one that first read that as "Maul"?
And does that make me TRWTF?
Admin
Not that familiar ... I can guarantee she never saw this line before. This would trigger alarms with anyone sane.
Boolean math is a separate mathematical system; the rules are slightly different than normal math. There are only two values to begin with, 1 and 0. There's no carry, and the results are always in the same set. So in that system:
That leads indirectly to the precedence rules. As Boolean math developed, most equations came to be of the form
ab+cd+efg... that is, the sum of the products. Therefore, it made hierarchical sense to treat the Boolean add and the Boolean multiply with the same precedence as the normal mathematical equations. Now, of course, we use&&for Boolean multiply and||for Boolean add; and the hierarchy rules track.In computers, hierarchy came to be subdivided further, because in an equation like
a==b||c==dwe want the comparisons to be done first, to save parenthesis. For some weird reason, saving parenthesis was a very important thing to language designers back in the 50's and 60's. (But APL solved precedence confusion by saying "always right-to-left unless you use parenthesis"; it's actually one of the great things about that language.)But now we know (at least we're supposed to know) that parenthesis are cheap and we should use them. Human understanding of programs is far more important than compiler nanoseconds.
Hear, hear!
I think this is one of the most overlooked elements of web page security. Clients (browsers) are inherently insecure; security cannot be controlled by disabling elements in the browser--or by using "display:none". A certain system I work with sends data to the "browser" with data the user is not permitted to see set to "display:none". All they have to do to see the actual data is to scrape the underlying log...which any user can do. :facepalm:
Admin
Are you sure this CodeSOD is client-side?
Admin
So you switched from APL to LISP?
Admin
Lots of Irritating Silly Parenthesis?
No, I've never used that language. My understanding is that, in that language, the parenthesis have meaning besides just order of execution: They also indicate sets and sets of sets and sets of sets of sets; and language bracketing (equivalent to braces in C) and probably things related to color, shape, ...well, parenthesis are just used for everything.
It sounds worse, to me.
Admin
Easy: Tri-state: Not True, Not False, FILE_NOT_FOUND
Admin
But that does yield the interesting possibility that:
Admin
I've always loved the concept of negative and positive zero... Seemed edgy to me, like the rising and falling edges of a pulse...
Admin
Admin
That's one's complement. In one's complement, a byte ranges from -127 to +127, with the high bit storing the sign. A signed bit would range from -0 to +0. I honestly don't know why they still teach one's complement - processors stopped using it decades before I went to school decades ago.
In two's complement, a byte ranges from -128 to +127. A signed bit would range from -1 to 0. (8 bits: -128 to +127, 7 bits: -64 to +63, 6 bits: -32 to +31, 5 bits: -16 to +15, 4 bits: -8 to 7, 3 bits: -4 to 3, 2 bits: -2 to 1, 1 bit: -1 to 0. One of my favorite bogus interview questions is "what's the range of a signed bit?" I throw it into conversations for fun, but I've never asked it in a serious interview, but one day.. one day...