Which language features are considered harmful?

Question

Please, explain why and list which languages have the (mis)feature implemented As far you know.

Post what you consider a harmful feature, not what you dislike.

Answer 1

Register Globals in PHP

Information : http://php.net/manual/en/security.globals.php

This is by far the worst feature to be ever implemented for readability reasons and security reasons. Basicly all the GET parameter received are transformed into variables.

For example with this URL : /index.php?value=foobar

You can do the following :

<?php
echo $value; // return foobar
?>

When you are reading code, it is very confusing to know where the variable comes from.

Also if the feature is misused, it can lead to security hole. Here's a code example from php.net that shows how it can be misused :

<?php
// define $authorized = true only if user is authenticated
if (authenticated_user()) {
    $authorized = true;
}

// Because we didn't first initialize $authorized as false, this might be
// defined through register_globals, like from GET auth.php?authorized=1
// So, anyone can be seen as authenticated!
if ($authorized) {
    include "/highly/sensitive/data.php";
}
?>

Answer 2

Allow Null by default, the "trillion"* dollar mistake. Sorry Tony Hoare. Almost every language available on planet.

Tony Hoare explains

*I adjusted the expression coined by Tony Hoare to reflect actual loss on these days :-)

Answer 3

C and C++ MACROS. If I ever have to see another compiler error due to someone choosing a standard function name for their macro which screws up my code I'm going to scream. Let's see the last offending one:

#define vector(int) new VARIANT[int];

Aaarg! What have you done with my STL vector!?

Answer 4

Fallthrough by default in C and C++ switch statements.

Answer 5

Implicit type conversions when the types being converted between have no obvious relationship. For example, converting a random, non-numerical string into an int, like in PHP.

Answer 6

goto: although ok in rare cases, it is more often misused and leads to hard to read programs.

Answer 7

NONE

Just because a feature gets misused frequently does not make it harmful.

IMHO the entire "is considered harmful" is the Reductio ad Hitlerum of programming language discussions.

Most, if not all, of the "harmful" features have, or had originally, a very valid use case or are simply convenience methods in the first place. It is up to the developers to understand the pros and cons and code accordingly.

If your questions was meant to be something along the lines of "what language features have common pitfalls or unfortunate side-effects" my answer would be different.

[edit] To be clear: I do not mean the continued use of deprecated methods. If the developers are depreciating/removing a feature you should use the replacement. I am referring to concept that a current part of the language is considered harmful because some do not like what it encourages or the trade-off involved in using it that many people discuss.

Answer 8

Although some folks disagree with the man or various things he says, a lot of Douglas Crockford's JavaScript: The Good Parts is basically this question applied to JS. Amongst Crockford's complaints:

• Global scope by default for everything (DC shows how to use function/objects as namespaces and scope delimiters to wrangle this in.)

• Statements like with, whose failure behavior is to define things at the global namespace. (Gah! Its like the JS motto is if you fail, then fail as hard as possible!)

• Unexpected behavior with the == operator, which basically requires you to always use the === operator.

• Semicolon insertion.

Really a whole lot of JS should be considered harmful, maybe even the whole language, but the good parts are just so darn good that it kind of makes up for it (at least for me.)

Answer 9

Autovivification (or other bind-variable-on-(assign|use) feature) is the feature which I've found to give me the most bugs.

Answer 10

PLEASE in INTERCAL. Don't use it enough, it complains. Use it too much, it complains.

Answer 11

In C/C++: That assignments are also expressions COMBINED WITH the very similar assignment = and comparison == operators. Not a harmful feature per se, but it's way to easy to introduce (sometimes subtle) bugs by accidentally mistyping the operator.

int i = 10;

someCode();

if(i = 5)
{
    /* We don't want this block to be executed, but it is */
    moreCode();
}

Answer 12

"Failing silently" in Flash Player as default behavior

Ok, not really a feature of the language itself but still pretty closely related.

Suddenly your Flash/Flex application stops working and nobody can give you the slightest hint what the f* has happened. No error message, no stacktrace, no nothing. It's just that suddenly the screen transition doesn't happen (or happens in a completely wrong way), or buttons don't react to clicks any longer, or comboboxes are empty instead of being populated with some entries.

That "feature" alone is responsible for several shrug reports and a whole bunch of gray hair I've been getting. -.- While popping up some cryptic message in the user's face isn't desirable either, it can at least help the developer getting the problem fixed.

But Flash Player leaves you stabbing around in the dark, relying on the user's description (while the problem may actually originate from a completely different location in the code that doesn't have anything to do with what the user was doing). Only if you use the Debug Player you actually get the popup window with an error message and a stacktrace.

However, it can be quite interesting to watch flash embedded movies on certain news sites and get repeated messages about Null references from the used embedded player SWF. :D

Answer 13

Replacing undefined variables by an empty string in shell without any warnings: rm -rf $nosuchvar/*.

Answer 14

Access modifiers in Java with package private language default and private programming convention default.

Answer 15

The ability to turn counterclockwise in LOGO. Wtf, lets just turn clockwise 360 - x degrees.

Answer 16

Stopping Thread from an other Thread

In Java and in other language you could stop a thread from an other one arbitrarily without giving the time for the thread you stopped to finish properly. This ability have been deprecated considering the huge amount of problem it could bring in nearly all situation.

Answer 17

Variable Variables in PHP

Just because you $can doesn't mean you $$should

Answer 18

Arrays in AWK starting at index 1!

Answer 19

The With statement in Delphi comes to mind, although there are cases when it's usefull.

Answer 20

Python 2.x's relative import syntax. Suppose I have a package x.plugins that adds support for various other libraries for x. And suppose I have a sqlalchemy module in x.plugins so I can add sqlalchemy support to x. What do you think will happen if I add the following line to sqlalchemy.py?

import sqlalchemy

The answer is that the module will try to import itself. What this syntax does is essentially make it impossible to import the actual global sqlalchemy package. Python 2.5 added a way to specify that this is a relative import:

from . import sqlalchemy

...but it isn't until Python 3 that the first syntax was actually gotten rid of (although it can be disabled in Python 2.6+ with from __future__ import absolute_import).

Answer 21

In Perl, scalar context vs. list context can be tricky. It's got some good points that make certain operations convenient, but occasionally you run into something terrible, like completely changing the meaning of an operator (potentially from a significant distance away in the code).

sub foo { (1..5) }
my @list = foo();           # (1,2,3,4,5)
my $length = scalar @list;  # 5. the length of the list.
my $length2 = scalar foo(); # '' (the empty string. because it's false)

That's just not right.

(It arises from trying to make something that acts sort of like the regular range operator, so you can say something in a loop like next if /start_regex/ .. /end_regex/).

Answer 22

magic_quotes in PHP.

Unexperienced developers either rely on it being enabled and thus assume all user input to be escaped for use in a SQL query or rely on it being disabled and thus always escape their input.

When assuming it's enabled and then running the code on a system where it's not it opens gaping wide SQL injection holes.

When assuming it's disabled and it's not, it will result in backslashes being actually stored in the DB, causing ugly/incorrect strings.

There is also no extremely simple way to handle both cases - you need to check if it's enabled using get_magic_quotes_gpc() and then apply stripslashes() on all values in the $_* arrays - since array_map is not recursive you need a custom function for this.

Answer 23

Object Orientation (from all statically typed languages). I'll wager this feature has, and will continue, to cost vastly more than null pointers. Object Orientation is only good in a dynamic message passing language. So it should be dropped from dynamic languages like Python too (since it doesn't use message passing but conventional subroutine calling).

Answer 24

FORTRAN common blocks. If you made a simple mistake, one part of an application could clobber another part's globals.

FORTRAN assigned goto statement / COBOL alter statement. Self-modifying code. Danger, warning, flying spaghetti monsters!!

Answer 25

sun.misc.unsafe is my alltime favorite; the collection of "we needed this to implement things, but really, really don't think you should use it."

Answer 26

going out a bit on a limb here - void functions. a function always does something, hence it should either return the result or some other bit of information regarding its success or failure.

Answer 27

The language feature that allows programmers to write uncommented or meaningless-commented code.

Answer 28

POKE in BASIC...

Answer 29

I'd have to say garbage collection. It does not eliminate the need to think about memory management, but it eliminates the perception of the need to think about memory management, which all too often eliminates the actual thought, and then you get enormous resource hogs and don't know why. Especially when the behavior of modern generational GCs could be described without too much hyperbole as "one big memory leak by design" anyway.

Answer 30

C, and definitely C++: Pointer arithmetic. Allowing people to convert integers into memory addresses is asking for trouble.

And maybe even raw access to pointers altogether?

In C++ you have references that makes pointers almost completely unnecessary. For the remaining cases smart pointers should be considered mandatory.

Java is also proves that you can make a programming language that uses pointers without allowing people access to the pointer value itself.

Apart from null ... but that's a different story.