Sunday, March 08, 2009

Resident Evil

Do you know about the time-bomb viruses? Those ones which start execution in a certain time frame. Today, I have a similar behavior but this time not a virus. It's an evil code.

We have an application on the production environment which has been created seven years ago. The project seems to be working properly for a long time with no massive problems. However, an exception suddenly encountered when any user try to edit some data items.

Microsoft VBScript runtime error '800a0006'
Overflow: 'CInt'
/newsline/newsline/dbshell.asp, line 641
The project was implemented in classic ASP and VB script. If you had the opportunity to work with this crappy-style languages, you can imagine how debugging in this kind of code is missy. So I had no way except to analyze the exception getting the most out of it.

If you notice, it's an overflow exception. This means that CInt has got some large integer number to convert and failed to. After googling, I have found that there is a maximum limit for this method input and it's 32768. From a second look in the exception, you can see that it happens in a file called: "dbshell.asp". This leads to conclude that the number this method is trying to convert is retrieved from the database.

This was actually a good guessing. In the production environment and after seven years, some data table in the database reached to have more than 33974 records. The method couldn't convert any sequence ID for any items with ID larger than 32768. The issue couldn't be captured in the quality test as this low level test case couldn't be considered or even thought to be problematic.

The developer who wrote this code from seven years ago didn't imagine that some day the number of the records will reach this limit. The exception was resident to blow up after these long period. These lead us to an old lesson. At the time of building your application, you don't think that your application will last for long. You need to consider which data you think will go large and which is not. Hence you follow the appropriate guidance in the implementation.