this post was submitted on 09 Feb 2024
844 points (97.6% liked)

Programmer Humor

19594 readers
863 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 109 points 9 months ago (4 children)

This wouldn't pass PR review and automated tests, unless they were a senior dev and used elevated privileges to mess with things behind the scenes.

[–] [email protected] 168 points 9 months ago (1 children)

It's bold to assume those exist. Maybe there's a reason the coworker left

[–] [email protected] 108 points 9 months ago (1 children)

rand() will be infrequent < 10 (at least ten in 2^15 times, if not exponentially more), so automated tests are likely to pass. If they don't, they're likely to pass on the second try, and then everyone shrugs and continues. If it's buried in 500 other lines, then it's likely the code reviewer will give it all a quick scan and say "it's fine". It's the three line diffs that get lots of scrutiny.

In other words, you seem to have a lot more faith in the process than I do.

[–] killeronthecorner 27 points 9 months ago (1 children)

rand will be called every time true is used, which could be hundreds of times for all we know

[–] [email protected] 25 points 9 months ago (1 children)

If it's a 16-bit integer platform, it might hit every once in a while.

If it's a 32-bit integer platform, it'll hit very rarely.

If it's a 64-bit integer platform, someone would have to do the math with some reasonable assumptions, but I wouldn't be surprised if it would never hit before the universe becomes nothing but black holes.

[–] [email protected] 12 points 9 months ago (1 children)

The point being made is that it also depends how often the 'true' value gets used in the code. Tests might only evaluate it a few times per run, or they could cause billions of evaluations per run. You can't know the probability of a test failure without knowing the occurrence rate of that expression.

[–] killeronthecorner 4 points 9 months ago* (last edited 9 months ago) (1 children)

Yes you're correct, this was the point I was making.

To elaborate: could be 100s of times in a codebase, even 1000s, being executed in tests on local machines and build servers 100s of times a day, etc. etc.

[–] themusicman 2 points 9 months ago

But it would hit a different place every time... Most developers wouldn't even consider checking for this, and the chance of getting a repro in a debugger is slim to none

[–] [email protected] 60 points 9 months ago* (last edited 9 months ago) (2 children)

Write a 5 line PR and receive 5 comments. Write a 500 line PR and receive no comments.

[–] [email protected] 14 points 9 months ago
[–] grandkaiser 10 points 9 months ago

Attn: security team

Hi,

I think someone on Lemmy has hacked into every work environment I've ever coded in

[–] [email protected] 17 points 9 months ago (1 children)

you'd be surprised what slips through review