The assert Solidity function is intended to only check on statements that evaluate to true. Having a false statement passed into this function points at the code not functioning correctly or the function being misused, for instance, to validate input.

Example 1: The following code uses the assert function to check on a false statement.

contract A {
    B b = new B(7);

    function checkWithAssert(){
        assert(b.retValue() == 21);
        ...
    }

}

contract B {
    uint _par;
    constructor(uint par){
        _par = par;
    }

    function retValue() returns(uint){
        return _par;
    }
}

This expression will always be non-null because it references a function pointer rather than the return value of the function.

Example 1: The following conditional will never fire. The predicate getChunk == NULL will always be false because getChunk is the name of a function defined in the program.

  if (getChunk == NULL)
    return ERR;

Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function's stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced. The problem can be hard to debug because the cause of the problem is often far removed from the symptom.

Example 1: The following function returns a stack address.

char* getName() {
  char name[STR_MAX];
  fillInName(name);
  return name;
}

Static methods cannot be overridden by definition, since they belong to the class rather than an instance of the class. Although there are cases where it looks like a static method has been overridden in a subclass, which may cause confusion and can lead to the incorrect version of the method being called.

Example 1: The following tries to define an API for authenticating users.

class AccessLevel{
  public static final int ROOT = 0;
  //...
  public static final int NONE = 9;
}
//...
class User {
  private static int access;
  public User(){
    access = AccessLevel.ROOT;
  }
  public static int getAccessLevel(){
    return access;
  }
  //...
}
class RegularUser extends User {
  private static int access;
  public RegularUser(){
    access = AccessLevel.NONE;
  }
  public static int getAccessLevel(){
    return access;
  }
  public static void escalatePrivilege(){
    access = AccessLevel.ROOT;
  }
  //...
}
//...
class SecureArea {
  //...
  public static void doRestrictedOperation(User user){
    if (user instanceof RegularUser){
      if (user.getAccessLevel() == AccessLevel.ROOT){
        System.out.println("doing a privileged operation");
      }else{
        throw new RuntimeException();
      }
    }
  }
}

At first glance, this code looks fine. However, since we are calling the method getAccessLevel() against the instance user and not against the classes User or RegularUser, it will mean that this condition will always return true, and the restricted operation will be performed even though instanceof was used in order to get into this part of the if/else block.

The Java Object Serialization Specification enables developers to manually define Serializable fields for a class by specifying them in the serialPersistentFields array. This feature will only work if serialPersistentFields is declared as private, static, and final.

Example 1: The following declaration of serialPersistentFields will not be used to define Serializable fields because it is not private, static, and final.

class List implements Serializable {
public ObjectStreamField[] serialPersistentFields = { new ObjectStreamField("myField", List.class) };
...
}

Calling Object.equals() against an array is a mistake in most cases, since this will check the equality of the arrays' addresses, instead of the equality of the arrays' elements, and should usually be replaced by java.util.Arrays.equals().

Example 1: The following tries to check two arrays using the Object.equals() function.

...
  int[] arr1 = new int[10];
  int[] arr2 = new int[10];
  ...
  if (arr1.equals(arr2)){
    //treat arrays as if identical elements
  }
...

This will almost always result in code that is never executed, unless at some point there is an assignment of one array to the other.

Certain families of functions are implemented as functions on some platforms and macros on others. If the functions rely on a shared resource that is maintained internally rather than passed in when they are invoked, they must be used in the same program scope because the otherwise the shared resource will be inaccessible.

Example 1: The following code uses pthread_cleanup_push() to push the function routine onto the calling thread's cleanup stack and returns. Since pthread_cleanup_push() and its partner function pthread_cleanup_pop() are implemented as macros on platforms other than IBM AIX, the data structure created by pthread_cleanup_push() will not be accessible to subsequent calls to pthread_cleanup_pop(). The code will either fail to compile or behave incorrectly at runtime on all platforms where these functions are implemented as macros.

void helper() {
   ...
   pthread_cleanup_push (routine, arg);
}