This wouldn't pass PR review and automated tests, unless they were a senior dev and used elevated privileges to mess with things behind the scenes.
this post was submitted on 09 Feb 2024
482 points (100.0% liked)
Programmer Humor
418 readers
3 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
It's bold to assume those exist. Maybe there's a reason the coworker left
load more comments
(2 replies)
rand() will be infrequent < 10 (at least ten in 2^15 times, if not exponentially more), so automated tests are likely to pass. If they don't, they're likely to pass on the second try, and then everyone shrugs and continues. If it's buried in 500 other lines, then it's likely the code reviewer will give it all a quick scan and say "it's fine". It's the three line diffs that get lots of scrutiny.
In other words, you seem to have a lot more faith in the process than I do.
Write a 5 line PR and receive 5 comments. Write a 500 line PR and receive no comments.
lgtm
you'd be surprised what slips through review
Yeah but even a single automated test would catch it and reject the PR. You just need a single test.
No, you can't assume that. The probability of hitting the condition each time is low. If there aren't very many calls that hit this, it could easily slip through. Especially on 64-bit int platforms.
Yes agree if you’re talking about unit tests. I’m thinking smoke tests, which is are the most common automated tests in games, where I’ve spent most of professional career. The amount of booleans checks that happen in a single frame I doubt the game wouldn’t crash within the first couple seconds.
But rand() is a number between 0-1, so it will never be >10
Basically this is just #define True = False
The C standard library function int rand(void) returns a pseudo random integer between 0 and RAND_MAX (which should be at least 2^15, depending on the actual implementation).
Depending on the distribution of the pseudo random numbers, it will be true for over > 99% of its applications.
Source: trust me bro, and C++ reference
Furthermore, there is no integer between 0 and 1, but I guess you mean a real number between 0 and 1.
I'm not sure what's worse. The engineer that thought this would work or the company that doesn't do code reviews.
I hope I learn some day how to code a bug in python that will not show up in any error messages and absolutely ruins a program. I'd love to find a random program at whatever job I end up at and before quitting just ruin it with a random line of code that doesn't output an error code.
What the hell? Thats not funny or anything it just fucks with your ex-coworkers who probably werent the problem, management isnt affected by that.
Pro tip, you seem really arrogant (including some other comments) and you need to tone that down before you enter the industry. Its nothing to be ashamed of and I'm not trying to insult you, you just assume your experiences are way more universally valid than they are.
Easy, it's just... continue programming in python. (large codebases are a mess in python...)
More seriously: Don't do that, it'll only create headaches for your fellow colleagues and will not really hit those (hard) that likely deserve this.
learn C and u will get undefined behaviour for free :)
If you're thinking about rage quitting a job you don't even have yet, maybe take a different career from the beginning?
What the hell.
It's not hard to do. What would be hard would be getting it through code review. Like the example provided.. how would that ever get through code review for a merge? Must not be a well-protected code base?
Publish your own package to PyPI that on import does some evil stuff. Name the package something similar to a known, but not too well known package. Supply chain attacks are even less defended against than other stuff.
All this relies on companies being shit though, but well, we all know that's the case in a lot of places.
That's just called malware
import os
os._exit(2)
A lot of you have a lot of faith in people reviewing PRs. I know a few Sr. developers, that if shit was too busy, would skim it and say 'fuck it, it will be QAs problem. If you put this in the correct sub-system in file that would only be executed once a month, for example a maintenance class, It would be really hard to notice something is wrong if it didn't cause issues seen immediately. Maybe this is the story of an intern that added something that also fucked up boolean comparisons in a subsystem used once a month. Where there is a 2 week lag between the execution and operations noticing something wrong.
Is this some simple line of code that just shuffles everything around in file storage areas?
This looks like a C macro. Basically what it does is replaces the word "true" in the code with (rand() > 10). The rand() function will return a random number from 0 to 32767. So (rand() > 10) will very likely return "true" but not always.
So say you have some code like this: if (someVar == true) { // Do stuff } It would replace "true" with code that usually evaluates to "true" but not always. So every so often your code would just do the wrong thing but it would be hard to debug because it would be rare.
Granted, in that example you probably would just write "if (someVar)" making this moot, but there are more realistic cases where you'd use the constant "true"
rand() generates a number from 0 to a constant defined in stdlib, which usually corresponds to the architechture of your compiler. So, for 32 bit systems (assuming all the software in the line is 32 bit, too) it will be 2^31-1 = 2 147 483 647, as 1 bit in integers is reserved for negative numbers and 1 number is 0.
Though, by design it is guaranteed to be at least 32767, which is a value for 16 bit integers.
Oh good to know. I googled it and got that 32767 number but it did say "guarantee to be at least 32767"