tags:

views:

280

answers:

15
+1  Q: 

Examples of software bugs

Possible Duplicate:
Software bugs examples

I am looking for examples of bugs one must check in his code...

But I do not mean logical bugs (such as Adding instead of Subtracting), I am talking about bugs that can be discovered (may be guessed) just by looking into code without knowing its purpose....

Examples:

  • infinite loops
  • opening connections without closing it (files, database)
  • write to shared variable in multi threaded code without locking..

Please help me in finding more bugs like these...

Thanks

+7  A: 

This one is quite famous, the ol' assignment instead of the intended conditional:

if(a = b) {
  ...
}
Jacob Relkin  2010-10-17 11:11:25
Luckily, many compilers warn about this.
JoshD  2010-10-17 11:19:30
+4  A:  
if ( obj == null && ! obj.IsValid() ) // bad short circuit behaviour
Motti  2010-10-17 11:12:15
why this is a bug?
Betamoo  2010-10-17 11:14:04
@Betamoo, sorry there was a bug in my original code, now if obj is `null` the second branch will still be used thus dereferencing a `null` reference. The correct code was what I wrote before (using `||`) so that if obj is `null` the second branch isn't taken.
Motti  2010-10-17 11:21:24
@Motti, congratulations, you have achieved buggy bug example code!
iconiK  2010-10-17 11:30:26
@iconiK It's like I always say: _you have to strive to have an even number of bugs!_
Motti  2010-10-17 12:23:32
+2  A: 

A classic c and c++ one: Dereferencing NULL pointers.

Similarly: Trying to access variables that have gone out of scope.

shuttle87  2010-10-17 11:12:30
+10  A: 

Improper loops:

for (int i = 0; i < 10; i++);
{
   //some code
}
JoshD  2010-10-17 11:13:09
It still takes me a minute of staring to see the bug. I need to do this stuff less ;-)
Graham Lee  2010-10-17 11:15:24
@Graham Lee: Yeah, very easy to miss. And it still runs the `some code` once, so you may imagine it's working... very deceptive.
JoshD  2010-10-17 11:19:05
Does this ever crop up in real code? I’ve never seen that outside toy examples.
Konrad Rudolph  2010-10-17 11:25:37
What bug...? ;)
Ashish  2010-10-17 12:25:31
I have to admit I almost didn't see that one... but again I've never seen that "bug" anywhere yet, thankfully!
Yanick Rochon  2010-10-17 20:48:21
+4  A: 

Look at the laundry list for any static analysis tool. That's all they do; look for known bugs in code they don't understand. In non-GC environments, memory management problems (double free, no free, use uninitialized memory, don't check for NULL from malloc() etc.) are common.

Graham Lee  2010-10-17 11:14:25
Actually I intend to develop a similar 'blind' bug detector..
Betamoo  2010-10-17 11:15:44
@Betamoo, I'm guessing that if you have to post to stackoverflow for examples of bugs you shouldn't be writing a static code analyzer...
Motti  2010-10-17 12:25:28
+4  A: 

A most egregious issue in c++:

if (1 < x < 10)

This was peppered throughout some code I just inherited.

To clarify why this is an issue, first 1 < x is evaluated giving true for x is 2. Then true < 10 will be evaluated, becoming 1 < 10, which isn't comparing x to 10.

Suppose x were 0. The first comparison is false. So it becomes 0 < 10. True. So no matter what the value of x, it is always true.

JoshD  2010-10-17 11:15:22
In Python, this is perfectly valid.
Tim Pietzcker  2010-10-17 11:19:41
Thanks for clarifying that this is a problem in C++ - could you also explain why this is so? Is it that `1 < x` evaluates to `1` which is then compared to `10` so a case where `x==10` will "unexpectedly" return `True`?
Tim Pietzcker  2010-10-17 11:29:13
@Tim Pietzcker: yup. In fact it's true always.
JoshD  2010-10-17 11:33:38
Ah...clever :-)
Tim Pietzcker  2010-10-17 16:19:53
+8  A: 

In Java :

if (someString == otherString) { /*...*/ }
Yanick Rochon  2010-10-17 11:16:15
I'm not so well versed in Java. Could you explain how this is a problem?
JoshD  2010-10-18 20:31:19
to make it short: strings in Java are not primitives, but objects. Their `equals` method may return the same value, but they occupy two different places in memory. Sometimes, the JVM may detect that they both contain the same suite of characters, but for efficiency, this check is not enforced on all strings. So, this is why using `equals` will always return true on same strings, but not using `==`
Yanick Rochon  2010-10-18 21:31:17
+3  A:  
if ( 1 )
   if ( 0 )
       printf("foo");
else
   printf("bar");

Programmer expected no output, but got "bar".

Personman  2010-10-17 11:20:40
+5  A: 

Switch statement without breaks.

Example:

switch (/*condition*/)
{
case 1: retCode = SUCCESS;
//...
default: retCode = UNKNOWN_ERROR;
}
return retCode; // Always UNKNOWN_ERROR
rursw1  2010-10-17 11:25:18
These can be really ugly :-)
Helper Method  2010-10-17 12:07:23
+2  A: 

Well, there are many, many things you have to check. Here are a few ones, based on your examples:

  • Loops

Check that at least one of the variables used in the loop condition is modified by the loop body. If not, you're looking at an infinite loop.

Also look out for stray semicolons, as in:

for (int i = 0; i < length; ++i);
{
    // This code will only run once.
}
  • Leaked connections

Don't introduce these bugs in the first place by using RAII throughout your project. Most, if not all, languages have some kind of construct that guarantees resources are freed when leaving the scope (e.g. C++'s destructors, C#'s using, Python's with, Common Lisp's (unwind-protect), etc.).

  • Missing locks in concurrent variable access

Hopefully the shared variables are clearly visible (e.g. they share some naming convention, or there's an up-to-date list somewhere, or they're all defined in the same module). Then you can grep the source for those variables and verify locks are put in place around all stores to them.

Of course, it's always better to encapsulate write access to shared variables inside functions or methods or whole classes that perform the necessary locking themselves. See Herb Sutter's Active Objects for an very good abstraction of this concept.

Frédéric Hamidi  2010-10-17 11:28:33
+2  A: 

And also some nice ones can be found here.

rursw1  2010-10-17 11:29:44
+4  A: 

All the answers are great, but as you intend to develop a "bug detector", I strongly recommend you to go through this FindBugs bug description list on SourceForge.

This resource and other resources in the website will be an awesome starting point for your project.

zengr  2010-10-17 11:31:29
+2  A: 

improper use of properties:

class Foo
{
    private Int32 bar;

    public Int32 Bar
    {
        get { return Bar; }
    }            
}
Hungary1234  2010-10-17 12:16:09
+2  A: 

The software bug.

alt text

Ashish  2010-10-17 12:30:42
+2  A: 

Not handling a divide by zero condition that may occur ..

Overflow and underflow error

Abhi  2010-10-17 13:29:07

related questions

Project tracking/management tool
Great programming quotes
What are the most commonly used anti-patterns?
What is your favorite IDE for Perl development?
Hidden features of Eclipse
Website Monitoring Libraries
What are the best Java Podcasts?
What ETL tool do you use?
Best technical shibboleths and keywords
What non-programming books should programmers read?
Best Scrum tools
Poll: What measure do you use to size software?
How would you spend $150 on developer tools?
What is your programming record in a single sitting?
What bug tracking software do you use?
What is the worst interviewee answer?
What is the best interview question?
What college/university course(s) you wish you have taken more seriously?
Recommended Fonts for Programming?
Best Multi-Language Documentation Generator
What code analysis tools do you use for your Java projects?
What programming language do you wish would catch on?
What good technology podcasts are out there?
What JavaScript library would you choose for a new project and why?
What books would you recommend for a beginning Software Developer?