Code Review Document

Virtual Museum Explorer

By

Group - 10

Neel Mittal
15010142
Prashansi Kamdar
15010147
Suhas Kantekar
15010177
Table of Contents

1 Introduction 3
2 Common Bugs tested 3
Reports
3 Report by Developer 1 7
4 Report by Developer 1 9
5 Report by Developer 1 11
6 Conclusion 13

2
 Code Review Document
INTRODUCTION
The document contains common bugs which occur during coding which directly or indirectly manifest
themselves to a larger damage to the running program. A general classification of types of coding errors
have also been added for better understanding of the document. Software bugs or errors cause an
increase in the cost of development both in terms of time and revenue. The document compiles a list of
common bugs that have been tested for the museum explorer and the results of the code inspection
process.

The document contains reports submitted by different developers who worked in a team and examined
the document for common software bugs. The reports have then been compiled and been used to draw
conclusions for issues with the software built. The developers had been asked to understand and search
the code thoroughly to find some common coding errors by their knowledge and a list of common errors
provided to them. A team consisting of three developers was made for this purpose.

COMMON BUGS TESTED

The last page contains conclusions about several errors and their severity for the software.
Some of the types of errors, their common frequency and severity compiled in the document
are:
Memory Leaks: (frequent, catastrophic) A memory leak is a situation, where the memory is
allocated to the program which is not freed subsequently. This kind of situation can cause ever
increasing usage of memory and hence at some point of time, the program may have to come
to an exceptional halt because of the lack of free memory.
Temporary values returned: (rare, catastrophic) The variables declared in a function represents
some data which is private to that function. If the data is not dynamically allocated, it will be
stored in the stack otherwise it will be stored in the heap. If we return the statically allocated
variables address, then we are giving access to programs stack. If some data needs to be
shared, then declare the variable as public and use that to access the common data.

NULL dereferencing: (frequent, catastrophic) Improper initialization and missing the

initialization in different paths leads to the NULL reference error. This can also be caused
because of aliases (two variables refer to the same object, and one is freed and an attempt is
made to dereference the second variable). To dereference a memory location, it should be
initialized first and then dereferenced. The following code pattern illustrates NULL dereference
bug.

3
Uninitialized memory: (rare, major) Sometimes, it may be possible that a number of cases are
included which initializes the data. But some cases might have been skipped because they were
not expected. But if such cases arise, they impose problems like uninitialized memory.
Values outside Domain: (frequent, minor) If one makes initializations to variable with a value
which is not inside its range, then it may give rise to unexpected results. This should be checked
with more care whenever there are some floating point operations involved.

Buffer overflow/underflow: (frequent, catastrophic) Buffer Overflow is an anomalous situation

where the data is written beyond the acceptable limit of the given storage (buffer). In general,
when an array is declared, we need to specify the size and any access on that array should be
limited to its valid indices. So we are not supposed to write beyond this limit. Any code which
puts data in some buffer without having any kind of checking for the size can cause a buffer
overflow. This is one of the major security issues in software development.

Arithmetic exceptions: (frequent, major-minor) Arithmetic exceptions are a class of errors.

Some examples are: divide by zero, floating point exceptions etc. The result of these may vary
from getting unexpected result to termination of the program.

Off by One: (frequent, major) This is one of the most common error which can be caused in
many ways. Starting a loop variable at 1 instead of starting at 0 or vice versa, writing <= N
instead of <N or vice versa and so on are examples of this error
Enumerated data types:(frequent, major) Enough care should be taken while assuming the
values of enumerated data types. This is more needed when the value of enumerated data type
is used for indexing an array. These can be prevented by checking the values before performing
the operation.

Wrong assumptions on operator precedence: (frequent, minor) [26] This is an error which is
not directly visible and the results are not as expected. This is more dependent on the
programmer’s logic in coding. Learn the precedence rules of the programming language. Do not
write big and complicated expression. Use parenthesis to avoid the confusions.

4
String handling errors: There are a number of ways in which string handling functions like
strcpy, sprintf, gets etc can fail. Firstly, one of the operands may be NULL. Secondly they may
not be NULL terminated resulting in unexpected results. The source operand may have greater
size than the destination.

Redundant Assignment: (rare, minor) Redundant assignments which are never used are a
result of defensive programming. These can be found through a simple intra procedural
analysis. The following code fragment illustrates the error possible through an unexpected
redundant assignment.

Dead Code: (frequent, major) Dead code refers to that part of code which will be never
executed. These reflect the false beliefs of the programmer that some code which is
unreachable, gets executed. Mistaken statement terminators, single iteration loop (where next
increment is never executed), unintentional fall through may result in common dead code
problems.

Redundant Conditionals (rare, major-minor) In some cases, the presence of if, while, switch
can’t effect the flow of control in the program because of redundant conditional statements. So
this kind of programming is likely to be a serious error. The type of bug can range from
nonsensical error (of type x=0 ; if (x==0) ) to programmers lack of understanding or missed
conditions.

Virtual function is not overridden: (rare, major) If there is a virtual function in the base class
with some prototype, and there is another function in the derived class with same name but
with a mismatch in the prototype. Hence the virtual function of base class is not overridden.
The programmer may be in a false belief that the derived class method is called when there is
dynamic method dispatch.

Compare strings as object references:(rare, minor) In JAVA, when string operands are
compared by == or != operator. ‘==’ returns true only if operands point to the same object, so it
can return false for two strings with same contents. The following function will return false. So
use of == instead of equals() can cause a serious error like this.

5
Some other common errors that have been taken into account and are quite obvious are:

 Jump into loops

 Jump statements (This is not an error but a good programming practice to not use jump
statements)
 Non terminating loops
 Free resources multiple times
 Comparison of different types
 Procedure parameters
 Loop variables initialization
 Data types and exposures

6
REPORT BY DEVELOPER 1
MODULE 1 COLLIDER:
Errors checked
Uninitialized Memory
Jump into loops
Jump statements
Non terminating loops
Value outside the domain
Memory Leaks
Return of temporary values
Free resources multiple times
MODULE 2 DETAILS
Errors checked
Uninitialized Memory
Jump into loops
Jump statements
Non terminating loops
Value outside the domain
Memory Leaks
Return of temporary values
Free resources multiple times
MODULE 3 INTERACTIVE CONTROLLER:
Errors checked
Uninitialized Memory
Jump into loops
Jump statements
Non terminating loops
Value outside the domain
Memory Leaks
Return of temporary values
Free resources multiple times
7
Reported status of error
Not found
No loops to jump into
No jump statements used
No loops used in this module
Variables are initialized with values in the domain
Not found
Void functions used. No values being returned
Not found
Reported status of error
Not found
No loops to jump into
No jump statements used
No loops used in this module
Variables are initialized with values in the domain
Memory used is not being freed explicitly
Void functions used. No values being returned
Not found
Reported status of error
Not found
No loops to jump into
No jump statements used
No loops used in this module
Variables are initialized with values in the domain
Memory used is not being freed explicitly
Void functions used. No values being returned
Not found
MODULE 4 INITIALIZER:
Errors checked
Uninitialized Memory
Jump into loops
Jump statements
Non terminating loops
Value outside the domain
Memory Leaks
Return of temporary values
Free resources multiple times
MODULE 5 MAIN MENU MODULE
Errors checked
Uninitialized Memory
Jump into loops
Jump statements
Non terminating loops
Value outside the domain
Memory Leaks
Return of temporary values
Free resources multiple times
8
Reported status of error
Not found
No loops to jump into
No jump statements used
No loops used in this module
Variables are initialized with values in the domain
Memory used is not being freed explicitly
Void functions used. No values being returned
Not found
Reported status of error
Not found
No loops to jump to
No jump statements being used
No loops used in this module
Variables are initialized with values in the domain
Memory used is not being freed explicitly
Void functions used. No values being returned
Not found
REPORT BY DEVELOPER 2
MODULE 1 COLLIDER:
Errors checked
NULL referencing
Data type and exposures
Arithmetic exceptions
Off by one
Enumerated data type
String handling error
Gaining root privileges
Exploiting heap
MODULE 2 DETAILS
Errors checked
NULL referencing
Data type and exposures
Arithmetic exceptions
Off by one
Enumerated data type
String handling error
Gaining root privileges
Exploiting heap
MODULE 3 INTERACTIVE CONTROLLER:
Errors checked
NULL referencing
Data type and exposures
Arithmetic exceptions
Off by one
Enumerated data type
String handling error
Gaining root privileges
Exploiting heap
9
Reported status of error
No variables used
No variables are used in this module
Division by 0 not present
The variables are seem to be initialized correctly
Not applicable
Not applicable
Not applicable
No direct input from user being used
Reported status of error
No similar names are given to different variables
Variables are used as per their types
Division by 0 not present
The variables are seem to be initialized correctly
Not applicable
Not found
Not applicable
No direct input from user being used
Reported status of error
No similar names are given to different variables
Variables are used as per their types
Division by 0 not present
The variables are seem to be initialized correctly
Not applicable
Not applicable
Not applicable
No direct input from user being used
MODULE 4 INITIALIZER
Errors checked Reported status of error
NULL referencing No similar names are given to different variables
Data type and exposures Variables are used as per their types
Arithmetic exceptions Division by 0 not present
Off by one The variables are seem to be initialized correctly
Enumerated data type Not applicable
String handling error Not applicable
Gaining root privileges Not applicable
Exploiting heap No direct input from user being used

MODULE 5 MAIN MENU MODULE

Errors checked Reported status of error
NULL referencing No similar names are given to different variables
Data type and exposures Variables are used as per their types
Arithmetic exceptions Division by 0 not present
Off by one The variables are seem to be initialized correctly
Enumerated data type Not applicable
String handling error Not applicable
Gaining root privileges Not applicable
Exploiting heap No direct input from user being used

10
REPORT BY DEVELOPER 3
MODULE 1 COLLIDER:
Errors checked
Dead code
Procedure Parameters
Operator Precedence
Comparison
Loop variable initialization
Redundant conditionals
MODULE 2 DETAILS
Errors checked
Dead code
Procedure Parameters
Operator Precedence
Comparison
Loop variable initialization
Redundant conditionals
MODULE 3 INTERACTIVE CONTROLLER:
Errors checked
Dead code
Procedure Parameters
Operator Precedence
Comparison
Loop variable initialization
Redundant conditionals
11
Reported status of errors
No dead code in this module
Parameters are correctly used
Not applicable
Not applicable
No loops
Not applicable
Reported status of errors
Dead code found
Parameters are correctly used
Can benefit from using more brackets
Comparison is done with same type of
variables/objects
No loops
Found
Reported status of errors
Found
Parameters are correctly used
Can benefit from using more brackets
Comparison is done with same type of
variables/objects
No loops
Found
MODULE 4 INITIALIZER
Errors checked
Dead code
Procedure Parameters
Operator Precedence
Comparison
Loop variable initialization
Redundant conditionals
MODULE 5 MAIN MENU MODULE
Errors checked
Dead code
Procedure Parameters
Operator Precedence
Comparison
Loop variable initialization
Redundant conditionals
12
Reported status of errors
Not found
Parameters are correctly used
Can benefit from using more brackets
Comparison is done with same type of
variables/objects
No loops
Not found
Reported status of errors
Not found
Parameters are correctly used
Can benefit from using more brackets
Comparison is done with same type of
variables/objects
No loops
Not found
CONCLUSION
The following common errors were found in the code review procedure:

 Dead Code
 Redundant conditionals
 Operator Precedence
 Memory Leaks

The first three errors are not major ones. Operator precedence can get better by using brackets
in some places in some units. The Dead code is never being used, along with some redundant
conditionals that are just increasing the size of program.
The last error can be major one if a large number of variables were being used. But due to very
small number of variables being used, among which almost all are used till the end of
application this can be taken into account as a minor error. The product seems quite robust
after this code review procedure.

13