The lawyers are coming!
Listing 1 shows just one example of the bad code in that presentation. I don't know if the snippet contains any bugs, as most of the other examples were found to. And that's a problem. Where are we supposed to begin an analysis of the code in Listing 1? What is this code supposed to do when it works? What range of input values is appropriate to test? What are the correct output values for a given input? Is this code responsible for handling out-of-range inputs gracefully?
The original listing had no comments on or around this line to help. I eventually learned that this code computes the year, with accounting for extra days in leap years, given the number of days since a known reference date (such as January 1, 1970). But I note that we still don't know if it works in all cases, despite it being present in an FDA-regulated medical device. I note too that the Microsoft Zune Bug3 was buried in a much better formatted snippet of code that performed a very similar calculation.
Listing 2 contains another example, this time in C++, with the bug-finding left as an exercise for the reader. You can find the full set of slides from my talk online at http://bit.ly/badcode.
Loading comments... Write a comment