Sabotage the coding standards

36

15

There are various coding standards enforced at software companies which have the goal of increasing code reliability, portability, and, most importantly, readability in code written jointly by different developers.

Two notable examples are the MISRA C, and the C++ standard developed for the JSF project.

These are usually in the following form, after carefully specifying what the words "must", "shall", "should", "might", etc. mean:

Example:

Rule 50: Floating point variables shall not be tested for exact equality or inequality.

Rationale: Since floating point numbers are subject to rounding and truncation errors, exact equality may not be achieved, even when expected.

These coding standards pose restrictions, usually on code which would be legal from the compiler's point of view, but it is dangerous or unreadable, and is therefore "considered harmful".

Now let's abuse this!

You are accepted as a member of a small standardizing committee at your company, which is intended to design the new coding standards every developer at the company will be required to use. Unbeknown to the others, you are secretly in the employ of a sinister organization and have as your mission to sabotage the company. You have to propose one or more entries to the coding standard which will later hinder the developers. However, you must be careful to not make this immediately obvious, otherwise you risk it not being accepted into the standard.

In other words, you must introduce rules to the coding standard which look legitimate and have a good chance of being accepted by the other members of committee. After the projects are started and countless man-hours are invested in the code, you should be able to abuse these rules (for example, by a technicality, or by a very literal interpretation) to flag otherwise normal and good quality code as being against the standard. So they must put a lot of effort in to redesign it, and the rules will hinder them from this point on, but as the rules are active for quite some time now, pure momentum will keep these roles alive, and as there are significant conflicts of interests between different levels of management, the other managers will probably keep the rules alive (they would be foolish to admit their mistake!), therefore hindering the company! Mwahahahahaaa!

Scoring

The highest voted answer after approximately 2 weeks from the first valid entry wins. I have an idea for a good answer, but I will only post it a few days later, as someone else might come to the same idea, and I don't want to rob them from the pleasure. Of course, my own answer will not be accepted above any other, no matter the score.

Voters are encouraged to score answers based on how well the loopholes are hidden, and how frustrating to the developers they would be.

Rules and regulations

  • The rule or rules must look professionally written, like in the above example
  • The rules should look genuine (so things like "all variables must contain at least one underscore, one upper case letter, one lower case letter and two numbers" are not accepted. They would indeed hinder developers, but would most likely not be accepted by the committee) and if their merit is not immediately obvious, you should give a good rationale.
  • You should be able to find a way to use/abuse your rules to sabotage the developers later on. You might abuse any ambiguity in other rules, or you might use multiple rules which are harmless on their own, but diabolical once combined!
  • You should post an explanation in spoiler tags at the end of your post about how you could abuse the rules
  • The language used must not be an esoteric language. A language widely used in real projects must be chosen, so languages with C-like syntax (instead of things like Golfscript) are preferred.

vsz

Posted 2014-10-30T16:58:25.350

Reputation: 7 963

Question was closed 2016-04-18T14:48:28.710

2

I'm voting to close this question as off-topic because underhanded challenges are no longer on topic: http://meta.codegolf.stackexchange.com/a/8326/45941

– Mego – 2016-04-18T06:02:54.430

Just to let you know, there are some rather "unconventional" languages which are used in real projects, like APL. – Martin Ender – 2014-10-30T17:08:16.633

@MartinBüttner : I only wanted to exclude esoteric and joke languages. A language with universally understood syntax is preferred, but not exclusively required. However, I guess most people wouldn't vote on answers which need to explain the basic syntax of the language itself. – vsz – 2014-10-30T17:16:07.327

Why not just standardise tabs in Java? :-) – John Dvorak – 2014-10-30T17:39:33.023

4Python, Ruby, Haskell, Makefile, XML, etc. are some languages used in lots of real projects which don't have a C-like syntax. – kennytm – 2014-10-30T17:48:45.730

@JanDvorak Because that can be fixed with a few lines of program - just replace tabs/spaces with the new version. – None – 2014-10-30T17:55:39.343

1@KennyTM : please read my previous comment. I didn't say the languages on your list are forbidden. – vsz – 2014-10-30T17:56:02.553

7This question appears to be off-topic because it isn't a programming contest. – Peter Taylor – 2014-10-30T18:02:12.730

5@PeterTaylor : the definition includes "Programming puzzles" which doesn't mean the answer must be a piece of software code. Nowhere in the definition of the site is it written that it's only about "programming contests". The definition is : "Code golf / Programming puzzles / Other programming contests or challenges"

" – vsz – 2014-10-30T18:09:24.127

7@PeterTaylor it looks like a contest about programming to me; in cops & robbers challenges the robbers don't code either (and if your argument is that robbers comment, then be sure to comment on the meta post that suggests splitting cops and robbers challenges to two separate questions) – John Dvorak – 2014-10-30T18:13:29.570

@JanDvorak, it looks like a contest about using the English language to me. (As for cops and robbers, I've been ignoring them since the first one, because the conclusion I drew from my participation in that one is that it's not a good format). – Peter Taylor – 2014-10-30T19:18:24.683

1@PeterTaylor It's using the English language to create programming standards. I'm new to PPCG, but i've looked at contests before from the Hot Network Questions list, and i seem to remember other contests regarding English. – Scimonster – 2014-10-30T19:23:58.070

2

Reading both of these pages http://codegolf.stackexchange.com/help/on-topic , http://codegolf.stackexchange.com/help/dont-ask I still don't find any rule regarding questions on this site must have software code as answers. If so, it would be called "programming contest", bit this term only shows up as "other", and "programming puzzles" precedes it. But I don't necessarily want to play a rules lawyer, so I expect from others to not do it either. So, sincerely, what is it what you don't like in this question, and how do you think it could be improved?

– vsz – 2014-10-30T19:30:41.307

2@Scimonster, the people who aren't new to PPCG will know that I think that being on the HNQ is negatively correlated with being a good question, and I believe that some of them share that opinion. But I can't recall seeing any other questions like this one. If you can remember enough keywords to find them, I would be interested to see. – Peter Taylor – 2014-10-30T19:38:54.923

@PeterTaylor On the other hand, if requiring the answers to include some software code is what makes questions on-topic, than I can answer that as well. A good answer is expected to have the rule or rules described, and after that, a code example which shows a reasonable code which is clear, useful, and in common style, probably the best way to solve a problem, but which would fail to adhere to the company standard because of the loopholes you built into it. – vsz – 2014-10-30T19:45:14.023

@vsz, I'm not quite sure what you're quoting - none of the instances of other in the pages you link seems to fit the context. The lack of specific wording in the on-topic page doesn't constitute carte blanche: it probably just means that the topic hasn't come up before - this meta question might be the closest we've seen. I'm not sure that the question can be fixed, but if you want to try then I suggest that the place to do it is the sandbox.

– Peter Taylor – 2014-10-30T19:45:57.273

@Scimonster: Do you mean Sort a list and write some English!? That question is about disguising code as a business letter.

– Dennis – 2014-10-30T19:49:43.220

4@PeterTaylor then why isn't it called "coding contest", or just purely "programming contest". Why puzzles? But we can discuss it, I'm listening to your arguments. Just here and now it seems that you are the one who is just rules-lawyering. Should we ask in meta what constitutes a "programming puzzle"? I think this site would be boring if we only allowed questions like "solve this basic problem in an obscure language with as few characters as possible". Why not include puzzles which are indeed about programming. I doubt this question would be more on-topic on english.stackexchange.com – vsz – 2014-10-30T19:50:55.050

2In fact, it would definitely not be on topic on [english.se]. This seems to be a programming puzzle, that only fits on this SE site. – Scimonster – 2014-10-30T19:55:39.733

If you had let me post my example (which I postponed only to let others figure it out) you would have seen how this question can be answered in an on-topic way, by actually programming / writing code. – vsz – 2014-10-30T20:17:43.393

5I voted to reopen. It seems like we still have some questions where we can't agree on whether they are on topic. This reminds me of that art related one that got closed then reopened twice. I do have an idea for an answer for this question and it is definitely programming related. This question even fits 2 of the tags on the site. – hmatt1 – 2014-10-30T21:18:39.187

2I'm not saying that requiring the answers to include some software code makes questions on-topic: that isn't sufficient, as is being discussed on meta in the context of "art questions". The reason for this site's name is that it was originally created to move code golf questions off StackOverflow, and in area51 and very early meta discussions the scope was widened to include more than just code golf. But that doesn't mean that the scope is widened to include anything which has a connection to programming. – Peter Taylor – 2014-10-30T23:12:15.253

3I agree that this question wouldn't be on topic on english.stackexchange.com, but that doesn't mean that it must therefore be on topic here. There are many questions which aren't on topic on any site in the StackExchange network. – Peter Taylor – 2014-10-30T23:12:54.180

2The first answer only serves to reinforce my feeling that this is only superficially related to programming. – Geobits – 2014-10-30T23:18:06.297

"by a technicality, or by a very literal interpretation" seems reminiscent of code-trolling and the standard loopholes.

– grc – 2014-10-31T02:30:19.357

I remember, that in the early days, almost all popularity contests and underhanded challenges (basically everything not a code-golf) were voted to be closed. – vsz – 2014-10-31T03:51:31.433

1I was on the fence about this question, but the clever answer posted by the OP sold me on it as a programming puzzle. – xnor – 2014-10-31T04:35:00.873

1Voting for reopen. It's certainly an on the edge of off topic but I do believe it is related enough and could be fun. At the very least it could serve as an example for either side of the argument on meta. – Ingo Bürk – 2014-10-31T06:20:49.200

1This is so much fun thank you for re-opening! Do my managers secretly play this game? I think so! – ErlVolton – 2014-10-31T16:05:04.957

2@ErlVolton I'm wondering if vsz is playing this game with the rules and regulations in the question, considering the use of "must" and "should". :P (I kid, they're clear to me) – FireFly – 2014-10-31T16:57:46.193

Answers

40

C / C++

Rule 1: octal constants shall not be used

Rationale: octal constants can be a cause of confusion. For example, a casual glance over the line const int coefficients[] = {132, 521, 013, 102};
might miss the fact, that one of the numbers in the array is defined in octal.

If you want to be even more evil, add the following:

Rule 2: hexadecimal constants shall only be used in the context of bit manipulation.

Rationale: If a constant represents a numerical value, it's more readable if it's in decimal. A hexadecimal constant should indicate that it represents a bit mask, not a numerical value.

How it can be abused:

Take the following simple program which will add the first 10 elements of an array. This code would not be standard-conforming.

sum = 0;
for (i = 0; i < 10; i++) 
{
    sum += array[i];
}

Note, that 0 is, per definition, an octal constant. Per rule 1, requiring it to be written as 0x00 all through the code is frustrating. Per rule 2, even more frustrating.

vsz

Posted 2014-10-30T16:58:25.350

Reputation: 7 963

1Could you link to the coding standard definition that says that 0 is an octal constant? I presume that it's because it starts with character 0. It would strengthen your hypothetical pedant's argument. – xnor – 2014-10-31T04:04:10.870

8http://stackoverflow.com/questions/6895522/is-0-a-decimal-literal-or-an-octal-literal http://stackoverflow.com/questions/26625311/is-0-an-octal-or-a-decimal-in-c – ErlVolton – 2014-10-31T04:10:07.270

16

Python

Rule 1: All code must be byte-compiled using the -OO flag, which optimizes the bytecode. We want optimized bytecode for size and efficiency!

Rule 2: Tests must be run against the same "artifact" of code that will be put into production. Our auditors require this.

Using -OO removes assert statements. Combined with rule 2, this effectively bans the use of assert statements in tests. Have fun!

ErlVolton

Posted 2014-10-30T16:58:25.350

Reputation: 261

This also removes docstrings, meaning you don't get anything out of help() at the REPL, and informal REPL-testing is still testing. – Kevin – 2015-10-21T19:03:48.013

Nope. If you write a proper test framework, it will use the unittest or module, which implements its own assertions not depending on the __debug__ flag. Doctests will silently not run however. Sneaky! – pppery – 2016-05-29T18:33:23.717

15

This is for a Node.JS project.

Section 3 - Speed and efficiency are of essence

Rule 3.1: Files should be kept to a maximum of 1kb. Files bigger than this take too long to parse.

Rule 3.2: Don't nest functions more than 3 levels deep. The V8 engine must keep track of many variables, and deep closures like this make it work harder, slowing down general interpretation.

Rule 3.3: Avoid require() runarounds.

Rule 3.3.1: Any modules require()d should not require() to a depth of more than 3. Deep require() chains are expensive both in terms of memory usage and speed.

Rule 3.3.2: Core modules count as a single require(), no matter how many times they require() internally.

Rule 3.3.3: External modules count as a maximum of 2 require()s. We cannot afford the same leniency as with core modules, but can assume that module authors are writing efficient code.

Rule 3.4: Avoid synchronous calls at all cost. These often take a long time, and block the entire event loop from continuing.

How it can be abused:

Rules 3.1 and 3.3 do not work well together. By keeping a maximum of 1kb and 3 require()s down the chain, they will be hard-pressed to succeed.
Rules 3.2 and 3.4 are almost incompatible. 3.4 bans synchronous calls; 3.2 makes advanced asynchronous work difficult by limiting the number of callbacks.
Rule 3.4 is, in all honesty, a rule that is good to follow for real. 3.1, 3.2, and 3.3 are complete bogus.

Scimonster

Posted 2014-10-30T16:58:25.350

Reputation: 2 905

11

JavaScript (ECMAScript)

7.3.2: Regular expression literals

Regular expression literals must not be used. Specifically, the source code must not contain any substring matching the RegularExpression nonterminal defined below.

RegularExpression     :: '/' RegularExpressionBody '/'
RegularExpressionBody :: [empty]
                         RegularExpressionBody [any-but-'/']

[empty] matches the empty string and [any-but-'/'] matches any single-character string except the one containing '/' (slash, U+002F).

Rationale

Regular expressions are often discouraged for readability reasons. It is often easier to understand code with traditional string operations rather than by resorting to regular expressions. More importantly however, many regular expression engines offer subpar performance. Regular expressions have also been associated with security issues in the context of JavaScript.

However, the Organization™ recognizes that regular expressions occasionally is the best tool for the job. Therefore, the RegExp object itself is not forbidden.

(The syntax of the grammar excerpt itself [not the one it defines] corresponds to that of the ECMAScript specification. This would of course be defined more rigourously at another point of the hypothetical specification.)

The trick

The following program is non-conforming:

// sgn(x) is -1 if x < 0, +1 if x > 0, and 0 if x = 0.
function sgn(x) {
  return x > 0?  +1
       : x < 0?  -1
       :          0
}

The productions for the RegularExpressionBody nonterminal given above shows a common way of expressing lists in BNF by relying on explicit recursion. The trick here is that I "accidentally" allow the empty string as a RegularExpressionBody, such that the string // is forbidden in the source code. But who needs single-line comments anyway? C89 and CSS seem to do all right while allowing only /* */ block comments.

FireFly

Posted 2014-10-30T16:58:25.350

Reputation: 7 107

15It's actually even more evil than that: the code may not contain block-comments either, nor more than one division operator per file. – Chromatix – 2014-10-31T21:04:16.417

Oh yeah, you're right. I didn't even think of that. :P – FireFly – 2014-10-31T21:16:38.373

5

C#

12.1 Static methods that affect the state of the program are forbidden

This is because it is hard to reliably test the results of a static method, especially one that changes some state.

12.2 Static methods must be deterministic

If the static method takes an input and gives an output the result must be the same each time the static method is called with the same input.

Why

The entry point for a C# program is the private static method 'main'. By the first rule this is now forbidden because the rule forgets to state that only public, protected or internal methods should follow this rule. If testing really is the concern only public methods should follow rule 1. Main may also break rule 2 as the program will give an error code if the program fails, this may occur independent of the input parameters. For example the program might not find a file or may have dependencies on other systems that are not setup correctly.

sydan

Posted 2014-10-30T16:58:25.350

Reputation: 171

4

JAVA/SPRING

4.2 Use of Reflection in Production Code

Because Reflection can be used to access otherwise restricted parts of our source code use of reflection in Production Code is strictly prohibited.

The Trick

Spring technically uses reflection to instantiate and manage the objects that it supports. By enforcing this rule, all Spring utility would have to be removed.

tfitzger

Posted 2014-10-30T16:58:25.350

Reputation: 979

3

Website encoding

666.13 UTF-8 must not be used and shall be replaced by UTF-7
Rationale: UTF-7 is more efficient than UTF-8, especially when targeting users from Arabic countries which we do.

How it can be abused:

HTML5 specifically disallows UTF-7. That means, modern browsers won't support it. If all the testing is done on a browser such as IE 11, nobody will notice this until it is too late.

Stefnotch

Posted 2014-10-30T16:58:25.350

Reputation: 607

2

JavaScript Bitwise Operators

1.9 You shall not use multiplication or division or flooring unless they are considerably faster than their bitwise counterparts. They shall be replaced by the bitwise operators <<, >> and ~~ respectively.
Rationale: The bitwise operators are more efficient.

How it can be abused:

Using << or >> instead of multiplication or division will cause troubles when handling large numbers. Also, they ignore operation precedence and decimal points. The double tilde will return different values when you give it a negative number.

Stefnotch

Posted 2014-10-30T16:58:25.350

Reputation: 607

2I think it's already obvious that x = (x<<10) + (x<<8) + (x<<5) + (x<<4) + (x<<3) + (x) is inferior in every way (possibly even speed) to x *= 1337, and that replacing division by a non-power of two with sums of bitshifts is even worse. – lirtosiast – 2015-06-21T15:03:13.897

@Thomas Kwa I edited my answer appropriately. Thank you for pointing this out. I am new to bitwise operators. – Stefnotch – 2015-06-21T15:22:12.780

1

JavaScript (ECMAScript)

7.3.1: Identifier conventions

Restrictions are placed on identifiers depending on what type of identifier it is. Identifiers are split into the types Variable, Constant, Function and Constructor; see 5.3. The restrictions are given below.

  • Variable: The first character must be a lowercase letter character. Camel-case (see 1.3) should be used to separate words within an identifier.

  • Constant: The identifier must consist of only uppercase letter characters and underscores ('_', U+005F). Underscores should be used to separate words within an identifier.

  • Function: Functions must follow the same rules as the Identifier type.

  • Constructor: The first character must be an uppercase letter character. Camel-case (see 1.3) should be used to separate words within an identifier.

Rationale

Readable identifier names is very important for maintainability. Restricting the identifiers to well-known conventions also eases transition between different code bases. These particular conventions are modelled after the standard conventions for the Java™ programming language [1].

The trick

I regret to inform the jQuery team that the most common name for their "global jQuery object" clashes with this name convention. Luckily, they've already thought of that and provide both $ and jQuery as global names referring to the same object. I imagine that the userbase might not be as keen to switch from $ to jQuery everywhere, though.

FireFly

Posted 2014-10-30T16:58:25.350

Reputation: 7 107

2»Functions must follow the same rules as the Identifier type.« – do you mean »as the Variable type«? – Paŭlo Ebermann – 2015-04-03T19:23:41.270

Asked: 2014-10-30T16:58:25.350

Viewed: 2 551 times

Active: 2015-06-21T15:21:14.243