IfSQ

DP-1—Parameter Not Checked

Defect Indicators: A received parameter is used without first checking to see if its contents are safe. For example:

• A pointer is being used without checking to see if it is null.
• An integer is being used as a divisor without checking to see if it is zero.

Risks:

• A program may use an invalid value and fail (access violation, divide by zero, etc)
• A program may fail silently, in other words, it will continue processing when it should have stopped, with potentially disastrous consequences, such as data corruption or loss.

Assessment: For each of the parameters to the routine:

• Locate its first use.
• If its validity is checked at this point then proceed to the next parameters, if any.
• If it is simply passed to a routine, locate its next use and check that.
• If it is used in any other way mark that use.

Remedy: Explicitly check parameters at the beginning of each program.

References:

• Software Errors and Complexity: An Empirical Investigation (Victor R. Basili, and B.T. Perricone), 1984.

Research Findings:

• 39% of errors caused by interfacing:
  39% of all errors are caused by internal interface errors / errors in communication between routines.