Using Redundancies to Find Errors

gsbarnes writes "Two Stanford researchers (Dawson Engler and Yichen Xie) have written a paper (pdf) showing that seemingly harmless redundant code is frequently a sign of not so harmless errors. Examples of redundant code: assigning a variable to itself, or dead code (code that is never reached). Some of their examples are obvious errors, some of them subtle. All are taken from a version of the Linux kernel (presumably they have already reported the bugs they found). Two interesting lessons: Apparently harmless mistakes often indicate serious troubles, so run lint and pay attention to its output. Also, in addition to its obvious practical uses, Linux provides a huge open codebase useful for researchers investigating questions about software engineering."

I have no idea what this article means !

[red-beard's]

NO flame intended i just have no clue as to the point of this . What exactly do these flaws cause and etc.. Maybe I'm just not l33t enough but i could sure use an explanation from someone more learned than me .

Re:I have no idea what this article means !

[The+Bungi]

In any large system there's bound to be some amount of redundant code that can sometimes cause subtle errors, like slow memory leaks. These conditions develop over the lifetime of the code. Analyzing the code *as a whole* provides information about these types of situations and how to fix them, which more often than not is not trivial.

"Dead" or unreachable code is almost always caused by patches or fixes to an existing codebase and it's always good to detect and get rid of it because it may point to other problems in the application (in my experience), or is simply dead wood that should be removed.

Re:I have no idea what this article means !

[RollingThunder]

And moreover, in the areas where you find these mechanically detectable bugs, the likelihood of more subtle bugs is higher, as these errors are made when the programmer isn't really thinking about what he's doing. It's like triaging your wounded code, to fix the worst first.

Re:I have no idea what this article means !

Well let me summerize it for you:

That paper explored the hypothesis that redundancies, like type erros, flag higher-level correctness mistakes. They evaluated the approach using four checkers which they applied to the Linux operating system. These simple analyses found many superising (to them) error types. Further, those errors correlated well with known hard errors: redundancies seemed to flag confused or poor programmers who were prone to other error types. According to them, these indicators could be used to decide where to audit a system.

Re:I have no idea what this article means !

[KDan]

That's why we all like Java... the Java compiler doesn't even let you have dead code.

Daniel

Re:I have no idea what this article means !

[fitten]

Yes, and to the point, critical systems software tests have use code coverage as one of the measures of being 'fit' to use. Dead code cannot be executed and thus falls into the 'untouched code' category. If the software package has much of this untouched/untouchable code, it can't be used in a critical system. For example (going from memory here), Motif couldn't be certified for digital graphical primary instrument display because of this (I think that even after exhaustive testing, it only hit the 66% coverage mark, IIRC) on the Boeing 777. It could therefore only be used for an alternate display and the primary displays had to be implemented using something else.

The problem is that if the code can't be tested, it cannot be trusted and if *somehow* that code got executed while operational, the results could be "bad".

Re:I have no idea what this article means !

[vidarh]

Which of the Java compilers? This has nothing to do with language, and everything to do with specific compilers and compiler versions.

Re:I have no idea what this article means !

[pediddle]

Sorry, wrong: the Java Language Specification requires that compilers error out on unreachable statements.

Examples:

while(true) something();
unreachable();

or

throw new Exception();
moreUnreachable();

You can still have variables that never get used or methods that never get called, but true dead code is illegal according to any compiler.

Re:I have no idea what this article means !

tcode

Here's a text link

PDF usually crashes my computer (crappy adobe software). So here's a convenient text link!

http://216.239.37.100/search?q=cache:yuZKW8CjTqIC: www.stanford.edu/~engler/p401-xie.ps+&hl=en&ie=UTF -8

Re:Here's a text link

[Ace+Rimmer]

May your computer contains too much redundant hardware ;-).

Re:Here's a text link

[kasperd]

Did anybody look on the moderations of the parent?

Moderations: 20% Offtopic, 90% Informative

Oh, now people are probably just going to claim something about math being different on slashdot.

More details / PostScript version

[Amsterdam+Vallon]

More details
Appeared in FSE 2002. Finds funny bugs by looking for redundant operations (dead code, unused assignments, etc.). From empirical measurements, code with such redundant errors is 50-100% more likely to have hard errors. Also describes how to check for redundancies to find holes in specifications.

Link to PostScript file for easy viewing/printing
File

Re:More details / PostScript version

[The+Bungi]

Don't you get tired of this obsessive karma whoring?

Re:More details / PostScript version

[Interrupting+Cow]

Reminding people about karma whoring is karma whoring ;-)

Re:More details / PostScript version

[The+Bungi]

Actually, according to the Omnipotent Moderation Gods On Duty Tonight - it's offtopic *grin*

Jesus...

[goatasaur]

Modded down within 10 seconds of posting.

Slashdot is a harsh mistress. :(

Re:Jesus...

[c0wh]

I think if the post constains the string "cmdrtaco," it's automatically downmodded.

Let's see!

Re:Jesus...

Yup.
Let's try... cmdrtako

Errors like...

This really old Slashdot logo still in use over on Team Slashdot's page on distributed.net.

Patience!

[houseofmore]

"...dead code (code that is never reached)"

Perhaps it's just shy!

Re:Patience!

[yourmom16]

"...dead code (code that is never reached)"

Perhaps it's just shy! or maybe it was taken straight out of BSD

Re:Patience!

[Greeneland]

All too often people cut and paste blocks of code and then change parts of the pasted blocks and don't look at the rest of it enough to recognize problems.

Re:Patience!

[heikkile]

"...dead code "

It's not dead - it is resting. It is pining for the fjords.

Re:Patience!

You mean like when they take existing *BSD code, editing out the copyrighting comments, sticking it in the Linux tree and claiming it is all your own work?

Flame away, folks, but it happens (and has been proven).

Re:Patience!

[Lars+T.]

I'm confused, is this an anti-Linux Troll or a "BSD is dead (code)" Troll?

Re:Patience!

[saskboy]

Speaking of code, how is it that I saw a +6 next to your post above when looking at your profile?

Re:Patience!

[Vlad_the_Inhaler]

Neither.
A device driver for an IDE Raid card came out a few months ago. One of the bsd developers had written a driver for the same device shortly before and looked at it to see how the linux developer had approached the problem.

It was his code with the comments changed to remove all references to him.

At a guess, this was 8 months back but it could easily be a year ago. The kernel was one of the 2.4.x releases.

html

[farnsworth]

html version is here.

Google cache

[Una]

Dont even bother using the google cache of the pdf.
Its completely unreadable.

If you dont believe me, look for yourself:
here

Re:Google cache

[kasperd]

Its completely unreadable.

True, but the PS version previously mentioned is in fact readable (except from the tables).

New slogan

[mentin]

Given enough lints, all bugs are shallow!

Analysis "by file" vs "by function"?

[mcdrewski42]

A file (module/unit/whatever) is still a fairly high granularity to make decisions upon. I'd be more interested at finding bugs within specific functions rather than just files...

Re:Analysis "by file" vs "by function"?

[smallfries]

How does this get marked up as +3 insightful? Did you read the paper?

They are using analysis techniques to locate bugs at specific points within the parse-tree.Hence, they are locating bugs within specific functions rather than just files. As all of their examples showed. Sure, its a nice point. But it is what they are doing.

redundant?

[1nv4d3r]

To me 'redundant' implies duplication of something already there. (a=1; a=1;)

a=a; and dead code aren't so much redundant as they are superfluous. It's still a sign of possible errors, for sure.

Re:redundant?

[drzhivago]

Rendundant code would be more akin to something like this:


if (a==1)
{
[some chunk of code]
}
else
{
[same (or almost exact) chunk of code]
}


where the same code block appears multiple times in a file/class/project. By having the same block of code appear multiple times the chance of a user-generated error increases. Easily fixed by moving the repeated code into a parameterized function.

Re:redundant?

[Anonymous+Hack]

a=a superfluous? HOW DARE YOU! a=a is the foundation from which everything else derives! a=a proves that the only logical course of action is to TAKE! a=a is the single, most important, non-patented discovery since the wheel!

Now, i'm off to create a new form of steel that will revolutionize the railroad industry!

Re:redundant?

[Karl+Hungus,+nihilis]

Steve McConnell in the excellent book Code Complete talks about this sort of stuff. One of the big things was unused variables. Completely harmless, but a good indication that the code may have problems. If whoever is maintaining the code didn't bother to remove useless variables, what else are they not bothering to take care of?

It's not, keep the code squeaky clean because cleanliness is next to godliness, it's keep the code clean so it's easy to read. Keep it clean because it's a discipline that will pay off when it's time to spot/fix the real errors in the code.

Re:redundant?

[Anonymous+Hack]

And, excuse me for replying again, but ALL GOOD CODE SHOULD HAVE AT LEAST ONE a=a; STATEMENT! Lest we forget our rational principles.

Re:redundant?

[Ambassador+Kosh]

a=a is used in some languages when you are working with an object persistence system to signify a change to a mutable object so that it gets saved to the db. With ZODB for example if you make a change to a mutable object like a list, dictionary etc you can assign the object back to itself and the persistence system will save that object or you could do self._p_changed=1. Other OODB systems have similar types of persistence signaling.

Re:redundant?

Ayn Rand would begin all code with 1=1. However, a true revolutionary would include an occasional

if (1==2)

to encapsulate the code of the oppressive bourgeoise he is fighting to supplant.

Re:redundant?

[miu]

Now, i'm off to create a new form of steel that will revolutionize the railroad industry!

Give 'em hell Mister Rearden!

Re:redundant?

LOL :-)

-ah

Re:redundant?

[JohnFluxx]

>[code] cleanliness is next to godliness
That explains why MS is evil!

Just kidding, just kidding..

Re:redundant?

[Kafka_Canada]

Who is John Galt? No, seriously, who is he?

Re:redundant?

Actually Code Complete is published by Microsoft Press!

Re:redundant?

I got the feeling that the term redundancy used not to describe the actual code lines but the effect of said lines. In that way a=a is really redundant (and will be stripped by optimising compilers) unless performed on volatile storage.

Being an amateur programmer (in the sense of not being particularly skilled and without training or experience outside my own home) I was mildly shocked with many of the examples given in the text. If I can recognise the bug immediately, so should the much more skilled programmers doing the kernel hacking that is accepted into the tree(s).

Re:redundant?

[heffrey]

That sounds like a really clear and intuitive idiom...NOT!

Re:redundant?

"keep it clean" is EXACTLY right.
In my DECADES of debugging software code I have found all manner of clues useful in finding bugs, including pointless tabs at the end of lines.
Believe it or not, even use of whitespace can be a useful clue to careless coding.

Re:redundant?

[hackstraw]

Back when I was in school this was called "attention to detail". And a lack of it would indicate inevitable errors and problems down the road.

Would you question other stories a journalist writes, when you find one that has typeos and gramatical mistakes in it?

Re:redundant?

[arkanes]

Because doing something like a.Serialize() or a.Save() is so much less clear, right?

Re:redundant?

[rocca]

That's still not redundant, moreso inefficent coding. :-)

Redundant would be:

a = b;

[operations here which do not effect a or b]

a = b;

Re:redundant?

[jmischel]

According to my trusty American Heritage Dictionary:

re*dun*dant: 1. Exceeding what is necessary or natural; superfluous. 2. Needlessly repetitive; verbose.

So both "a=a" and dead code are properly characterized as redundant.

Porky

The redundancy checker would have a field day in code written by Porky the Pig. ...th..th..tha..that's all folks...

Is this not Obvious

[goombah99]

so run lint and pay attention to its output.

pardon me, but DUH???

Re:Is this not Obvious

[gmack]

If only the story poster had actually read the paper.

They used a custom checker that finds these things much more effiectivly than lint.

I actually remember the flood of bug reports and kernel patches that toy of theirs generated the first few months they put it to use on the kernel.

How to Avoid Mistakes? Practical Advice?

[webword]

Unfortunately, this paper doesn't really offer any practical advice. Is is probably a little useful to very good, or great programmers. However, for new or moderately good programmers, it probably won't be very useful. It is certainly interesting in the academic sense, but I always want to see more practical advice. (I suppose that good practical advice flows down from good theoretical advice.)

What are some of the best ways to learn to avoid problems? I know that experience is useful. Trial and error is good, mentoring is good, education is good. What else can you think of? What books are useful?

Also, I wonder about usability problems. In other words, this article mainly hits on the problems of "hidden" code, not the interface. I'd like to see more about how programmers stuff interfaces with more and more useless crap, and how to avoid it. (Part of the answer is usability testing and gathering useful requirements, of course.) What do you think about this? How can we attack errors of omission and commission in interfaces?

Re:How to Avoid Mistakes? Practical Advice?

[trance9]

I think the lesson here is basically that the compiler is your friend. Turn on all the error checking you possibly can in your development environment and pay attention to every last warning.

If there is something trivial causing a warning in your code--fix it so it doesn't warn, even though it wasn't a "bug". If your compiler output is always pristine, with no warnings, then when a warning shows up if it's a bug you'll notice.

Kind of common sense if you ask me--but maybe that's just a lesson I learned the hard way.

Re:How to Avoid Mistakes? Practical Advice?

[Pseudonym]

I'd put it more strongly than that. Reading between the lines of the paper, don't just fix the warning. Look around the place where the warning happened. You'll most likely find a bug.

It's also a call for compilers to generate more warnings, which can only be a good thing.

Re:How to Avoid Mistakes? Practical Advice?

[Glass+of+Water]

I think the lesson is just what they're saying. Applying these tests on a body of code is a good way to find high-level errors, even though the tests just check for low-level mistakes.

That seems pretty practical to me.

The issue you raise about interfaces is only tangentially related. There, you get in to the problem (a very real problem) of confusing coding. This paper does not deal with the issue of whether the code is written well from the point of view of other programmers who need to work with it.

Re:How to Avoid Mistakes? Practical Advice?

[MisterFancypants]

What do you think about this? How can we attack errors of omission and commission in interfaces?

There are many products that do code coverage testing such as PureCoverage. Basically they analyze code as it is running and make note of which parts of your code have been executed and which haven't. This is very useful in making sure all possible code paths are tested, and if a code path isn't hit at all it gives you a good indication that you've got a 'dead' patch of code that you might want to look more closely at. Sadly such tools are generally very expensive.

Re:How to Avoid Mistakes? Practical Advice?

[1nv4d3r]

I'd like to see more about how programmers stuff interfaces with more and more useless crap, and how to avoid it.

Well, identifying it as useless crap is a good first step.

And for managers:

while(economy.isDown())
if(newInterface.isUselessCrap())
{
fireEmployee();
hireNextTelecomRefugee();
}

If you want a serious answer, one reason programs get filled with so much useless crap is because 80% of programmers program so they can collect a paycheck. They don't give a flying fuck if their code is good or not. That was a big eye-opener for me when I first got out of school. I couldn't believe how many people just didn't care.

If you are interested at all in not muddying the interface, you are most of the way there. Give it some thought, consult with your peers, and try to learn from mistakes.

Don't be afraid to refactor code every so often, because, schedule or no schedule, new requirements move the 'ideal' design away from what you drew up last month. That's (to my mind) the second largest contributor. Even good coders crumble to cost and schedule, and band-aid code that just plain needs to be rethought. In some environments, that's a fact of life. In others you will have to fight for it, but you can get code rewritten.

Re:How to Avoid Mistakes? Practical Advice?

[sbszine]

Don't be afraid to refactor code every so often, because, schedule or no schedule, new requirements move the 'ideal' design away from what you drew up last month. That's (to my mind) the second largest contributor. Even good coders crumble to cost and schedule, and band-aid code that just plain needs to be rethought. In some environments, that's a fact of life. In others you will have to fight for it, but you can get code rewritten.

In my experience, programming for an employer is the process of secretly introducing quality. This usually consists of debugging and refactoring on the sly while your pointy-haired boss thinks you're adding 'features'.

Is it just me, or this the way it's done most places?

Re:How to Avoid Mistakes? Practical Advice?

Practical advice ?

Well, here's a word or two of practical advice:
debugging code still takes 90% of the time spent over any given line of code, in average.

Any tool that enables you to mechanically track down some classes of bugs is good.

This is what these guys are doing. Of course, their main point is to prove their tool is legitimate, because they have to earn a living as researcher.

But they do find bugs, and have done in the past. I suspect that the best practical advice you can follow is download their checker and use it.

Audit your code! don't trust yourself. Most programmers are not as 3l33t as they think they are. The best ones are the ones who think they never make mistakes.

(is it just me, or does the /. crowd looks even more clueless than usual today ?)

Re:How to Avoid Mistakes? Practical Advice?

[Ed+Avis]

I think it is the software version of 'zero tolerance'. Get rid of beggars and squeegee merchants and you make the more serious crimes (bugs) easier to detect and solve. Or something like that.

Re:How to Avoid Mistakes? Practical Advice?

[megaralf]

On the contrary. This paper is most practical.
Just use this mechanism and you can find thousands of errors in an already tested system.
What impressed me most was something like this.
if( complex statement );
do=that;
Notice the semicolon! This kind of errors are very hard to spot and they can stay in the code forever.
I will propose to use a code-checker like this in our software to improve the quality.

Re:How to Avoid Mistakes? Practical Advice?

[awol]

I have only one piece of advice I give in answer to this kind of question. If you observe something in an application (and this applies to big ones more than little ones, but it is worthwhile for all software) that you cannot explain, it is a problem, almost certianly a bug. But a problem waiting to bite you in the ass nonetheless.

We spent almost two years with software that was live and on about three occasions during that time we observed a problem that was moderately serious (critical but for the redundancy of the architecture). Now eventually we found the problem, design flaw/bug, but the evidence for the problem was there for all to see a year before the system went live, even in testing. An apparently benign difference in counters between different instances of the same component, that none of us could adequately explain, since they should all have been the same, But all the other counters were identical (these other counters were of a coarser grain and counting different things). If we had found the cause of the difference at the time we would have found the flaw at the time (guaranteed, since it was obvious once one knew the source of the deviation).

That one is the best example that I can think of to demonstrate the "If you can't explain it, it's broken" aspect of software behaviour

Re:How to Avoid Mistakes? Practical Advice?

[varslot]

It is also useful to use different compilers in this respect. I have had much success with compiling source code on both a gcc compiler and a Borland c compiler. The reason being that different compilers spew out warnings for different things, and that some compiler warnings are easier to understand than others.

Re:How to Avoid Mistakes? Practical Advice?

[blibbleblobble]

"Unfortunately, this paper doesn't really offer any practical advice."

It looks like it's intended for the people who program GCC, perl, kaffe, etc., as they can use this information to build better checking into their respective compilers, rather than for programmers.

Re:How to Avoid Mistakes? Practical Advice?

[chiph]

Here's some ideas I've had:
1) Code purposely (have a specific goal for the function you're writing)
2) Acquire good habits from better coders (study their code)
3) Avoid interruptions (the "Man from Porlock" effect)
4) Write a lot of code, and be willing to throw it away when it isn't good enough.
5) Adapt the woodworker's saw: "Design twice, code once".
6) Be willing to work hard. Good software development isn't easy.

Chip H.

Re:How to Avoid Mistakes? Practical Advice?

[ConceptJunkie]

Sometimes it's worse. I quit a job after 15 months, because I was constantly getting in trouble for trying to fix the cause of the problems rather than the symptoms.

I was working on a 300,000-line Windows application, and I am not exaggerating here, it was about 5/6 redundant code. 100-line functions would be copy-and-pasted a dozen times and two lines changed in each. Plus, there were numerous executables to this project and often the same code (with minor variations of course) would exist in different executables.

It was originally written in Borland C++ and the back-end was ported to Visual C++, but all the utility and support functions still existed in _both_ the Borland code and Microsoft code. Worse, they were not identical. Even worse, there was substantial use of STL, which doesn't work the same in Borland C++ (which is an ancient version... circa 1996) and Visual C++.

That and the fact that using strcpy would have been a step up in maintaining buffer integrity, usually they just copied buffers and if one #define was different from a dozen others in completely different places, memory would be toast and we all know how that manifests.

Worse, there was UI code written by someone who completely confused parent windows and base classes, such that the child window classes had all the data elements for the parent window, because they were derived from the parent window class!

I spent an entire week once reviewing every single memcpy, etc, in the entire codebase (which was spaghetti-code in the extreme) just to eliminate all the buffer overruns I was discovering. THe program used a database with about 100 tables (a nightmare of redundancy in itself) and there was a several thousand-line include file of all the field sizes, maintained by hand (with plenty of typos). Eventually, I wrote a util to generate that include file automatically, which of course wasn't appreciated.

I was trying to overcome these difficulties while being barraged with support calls, sometimes critical because this was software to manage access control systems for buildings, meaning I spent 80% of my time fighting fires. You know, situations like: "Our system is down... you need to fix this bug because we've had to hire guards for each door until we can get it back up again."
There was only one other person working with me, and he quit in disgust and was not replaced for about 3 months.

Finally, after stuggling mightily (in time, effort and at the expense of emotional well-being) to overcome the sheer incompetence put into this project (parts of which were 10 years old), I finally gave notice after it looked like my unscrupulous boss (who wrote a lot of this code) was doing everything he could to make it look like my fault to the client (even though they knew better and really liked working with me, precisely because I was not a BS-artist)... and after 15 years over never needing more than two weeks to find good work, I have been unemployed since May 2002.

There's a moral here, but it escapes me.

Re:How to Avoid Mistakes? Practical Advice?

[ynohoo]

Turn on all the error checking you possibly can in your development environment and pay attention to every last warning. If there is something trivial causing a warning in your code--fix it so it doesn't warn, even though it wasn't a "bug".

Rather depend on how good the compiler/language is - for instance I got a compiler warning about an empty perform loop - when the function of the loop was to set the value of the index iterating the loop! I just ignored the warning. A later programmer put a redundant "move A to A" statement in to make the warning go away... which is precisely the kind of garbage these guys are looking for!

Re:How to Avoid Mistakes? Practical Advice?

[DrPascal]

Do you mean that you had something like this?:

while(*(c++) != 0);

or the like? Because if you are referring to a complaint by the compiler that the while loop has no statement after it, you could have easily put the incrementing portion in a block after it, such as:

while (*c != 0) c++;

Or am I missing the point?

Re:How to Avoid Mistakes? Practical Advice?

[AnotherBlackHat]

Unfortunately, this paper doesn't really offer any practical advice.

[...]


What are some of the best ways to learn to avoid problems?

Contrary to academically popular opinion, good programming skills are not limited to bug prevention.
Finding and fixing bugs is extremely important, though virtually untaught.
(Good commenting is also extremely important and rarely taught, but that's a seperate issue.)

The paper lists three techniques for spotting errors,
and gives several actual examples of real errors that were found with the techniques.
If you can't find any practical advice in the paper, then you should re-read it.

-- this is not a .sig

Re:How to Avoid Mistakes? Practical Advice?

Not necessarily. My experience (15 years of earning my bread-n-butter cutting code) of dead-code is from older programs that have been heavily modified over their life. New business rules mandate functional changes, and sometimes these can render whole functional areas redundant. Quite often, such code is a zillion lines away from the change.

Personally, I just love ripping out such dead code and pointless instructions!

Re:How to Avoid Mistakes? Practical Advice?

[hondo77]

There's a moral here, but it escapes me.

I think it's Look before you leap. ;-)

Re:How to Avoid Mistakes? Practical Advice?

[rew]

In my experience a compiler with all warnings on will warn of something "innocent" in about 90% of the cases. On average it will cost me about 30 seconds to fix the warning, and recompile.

However, those 10% of the cases, I'll save more than half an hour because the compiler pointed me to a bug, line number and all.

The classical
if (ch = EOF) { ...

will generate a warning. You'll find it if you pay attention to your compiler warnings. And that's only possible if it normally doesn't spew pages full of "benign" warnings.

So: I fully agree: fix the warnings, so that your code compiles cleanly.... And of course, if your compiler complains it does pay to look around the code a bit to see the problem. In the above example, you can make the warning go away by adding an extra set of braces:

if ((ch = EOF)) { ...

but that just hides the warning, it doesn't fix the bug. So if you're coding: stay alert.

Re:How to Avoid Mistakes? Practical Advice?

That sucks, and sadly, it's all too common in our field (including the lack of income) :(

Re:How to Avoid Mistakes? Practical Advice?

[fstanchina]

I don't know about your point, but the second statement is not equivalent to the first. Think about it.

Re:How to Avoid Mistakes? Practical Advice?

[ynohoo]

Dear Dr. Pascal, Different language, different compiler! I thought the "move a to a" might be a give-away... Yours, Mr. Cobol P.S. Delphi rocks!

Re:How to Avoid Mistakes? Practical Advice?

[ConceptJunkie]

Thanks for the sympathy.

I know that 90% of programmers out there are hacks, posers or wannabes, but there doesn't seem to be any way to convince an employer that I'm better than they are, even though I am (and have been told so by people whose opinions matter).

Re:How to Avoid Mistakes? Practical Advice?

[whereiswaldo]

Wow, for awhile there it sounded like maybe I'd worked with you on a past project... that goes to show you aren't the only one to work with such jokers! By the way, I ended up quitting, too. :)
.
.
.
FUCKERS.

Good Design = Tight Code

[chewtoy-11]

Writing repetitive code only once offers the same benefits as using Cascading Style Sheets for your webpages. If there is a serious error, you only have to track it down in the one place where it exists versus every single place you re-wrote the code. Also, it makes adding features much simpler as well. I'm an old school procedural programmer that is making the rocky transition to OOP programming. THIS is where it starts coming together...

Re:Good Design = Tight Code

I've been getting some WIERD errors today; perhaps someone needs to cull out the redundent slashcode a little :)

(Posting as AC 'cos amongst other things I can't log in.. wtf, saves my karma I guess!)

Re:Good Design = Tight Code

[shortscruffydave]

I'm an old school procedural programmer that is making the rocky transition to OOP programming

I agree whole-heartedly with what you say about code re-use. However I wouldn't see this as being a feature solely of OOP. Get the design right, and you can have some equally tight, highly-reusable procedural code.

Re:Good Design = Tight Code

[ArthurDent]

While OOP can be one method of solving repetitive code, good design is always the best way to solve it. What I've found is *any* time you're tempted to use the cut and paste functions within code, you need to ask yourself: Is there a common function that I can factor out to make only one opportunity for errors rather than two?

You'll have more functions and the code might be a little harder to follow for the unfamiliar, but it will be much easier to debug if there is only one function that does a particular task.

Ben

Re:Good Design = Tight Code

[hackstraw]

[just poking fun]

I question your title.

I don't think you meant:

Good Design == Tight Code

because your not saying they are equalities.

Since assignment goes left to right, you could have written:

Tight Code = Good Design

But since they are not necessarily equal, this is not much better.

I guess you really meant:

if (Good Design) then Tight Code;

[/just poking fun]

All kidding aside, I think you have a really valid point. Also, something I've learned over the years is that the more time I spend upfront, on paper, getting my "Good Design" in place, the easier it is to code and debug my application. I work with physisists (sp?) and chemists that have no concept of "Good Design", and its a pain in the ass to write code with them. They code by brute force and "pile it higher and deeper" (these damn PhDs!) Some of the apps I work with have code that is older than I am, and noone knows what it does (if it does anything) nor do they know how it works. And the code keeps getting larger!

Oops, here comes one of em...

Re:Good Design = Tight Code

[bluGill]

I just wish all programing languages had things like function calls. I recall one case where I had to write an array to hardware in one atomic operation. (If it wasn't atomic I would have to block real time data for a long time, not recomended when they are going to do performance tests on that data, to say nothing about what customers would think) My programing language didn't support arrays or function calls, other than calls to C code that couldn't return a pointer. I ended up with code like this: Find slotdata for slot 1 slot1data=slotdata->port1 slot1data+=slotdata->port2 ... for all ports on slot 1 Find slotdata for slot 2 slot2data=slotdata->port1 slot2data+=slotdata->port2 ... for all ports on slot 2 ... For all 16 slots! callCExternal writeSlotData(slot1data, slot2data,...) Oh, and the same code had to be cut and pasted two 3 different "functions" because I might need to write that data from 3 different places and there were no funciton calls.

Please, if you design a language don't ignore the bascis just because you have a good idea. In my case the language generally allowed me to do everything I needed without arrays, and normally I could design things so that function calls were not needed. Not in this case though.

And their other findings ...

[kruetz]

They also found that:

Russian errors cause code
Incorrect code causes errors
Missing code causes errors
Untested code causes errors
Redundant codec causes redundancies
Driver code causes headaches
C code causes buffer overflows
Java code causes exceptions
Perl code causes illiteracy
Solaris code causes rashes
Novell code causes panic attacks
Slashdot code causes multiple reposts
Slashdot articles cause poor-quality posts
Microsoft code causes exploits
Apple code causes user cults
Uncommented code causes code rage
RIAA code causes computers to stop functioning
(Poor idea causes long, desperate post)

Re:And their other findings ...

[Hektor_Troy]

NASA code causes expensive crashes

Re:And their other findings ...

[n3m6]

Perl code causes illiteracy

heh. that explains a lot.

So...

[worst_name_ever]

...bad programming causes problems? Golly! What will those crazy scientists come up with next?

Using redundant code to find errors

[Amsterdam+Vallon]

while(1)
findError();
while(1)
findError();
while(1)
findError();
while(1)
findError();

Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.

Re:Using redundant code to find errors

[nebbian]

I was going to moderate this but there's no +1 Redundant.

lint is horrible

[Anonymous+Hack]

It really is. It's a redundant holdover from ye old BSD versions. Granted, there are one or two times i've used it when -Wall -pedantic -Werror -Wfor-fuck's-sake-find-my-bug-already doesn't work, but a lot of the time it comes up with a LOT of complaints that are really unnecessary. Am i really going to have to step through tens of thousands of lines of code castind the return of every void function to (void)? Come on.

Re:lint is horrible

[yourmom16]

void functions arent supposed to have a return value.

Re:lint is horrible

[AuMatar]

Why the hell would a void function have a return to begin with?

Re:lint is horrible

[RhettLivingston]

I enforced a policy of eliminating all Lint info messages on a 1.5 million line, from scratch project. And, I do mean from scratch. we wrote our own operating system, ANSI c Library, and drivers and ran it on hardware that we designed and produced. In the first 2 years of deployment, only five bugs were reported. Lint was only part of the reason, but it was a total part.

Re:lint is horrible

Why the hell would a void function have a return to begin with?

I think he means casting the result, as in

(void) printf("hello, world\n");

Re:lint is horrible

[popeyethesailor]

Perhaps he just ends with a return :)

Re:lint is horrible

Stop bragging, Linus.

Re:lint is horrible

[Interrupting+Cow]

Wow. I don't know where to start. Do you have any idea what you're talking about? Before you start let me answer, "No".

castind [sic] the return of every void function

Um, void functions don't return anything. A simple return will suffice.

Am i really going to have to step through tens of thousands of lines of code

Yes, if you have crap that is returning something in void functions.

If you want to know some of the things lint can look for that are perfectly legal code constructs look at this list.

Compiling is not the same as error analysis.

Re:lint is horrible

[miu]

I think the fellow was talking about casting the return of calls like printf, they return a value, but most of the time you are not interested in it.

Re:lint is horrible

[Anonymous+Hack]

Lint? Lint compains if you call a function that returns an int and you ignore the int. This is particularly irritating in the case of strcpy() and similar functions where you would normally do:

strcpy(buf, "hello");

except you're supposed to do:

(void) strcpy(buf, "hello");

or...

buf = strcpy(buf, "hello");

And that's just the beginning...

Re:lint is horrible

[Anonymous+Hack]

Sorry i meant casting the return of a non-void function to void :-) Screwed up.

Re:lint is horrible

[hayne]

castind the return of every void function

I suspect that he meant "of every non-void function". And I've done that sort of thing on a big project but also just gotten rid of such spurious complaints via grep -v on the log file. And I did find some functions where the return value was being ignored when it definitely shouldn't have been!

Re:lint is horrible

[Interrupting+Cow]

Yeah I got that from other replies you made. But you do want the check return values from most things, even the standard library functions. The return value is usually zero on success and some int code for an error otherwise. If there's a non-zero result you usually want to call perror or something to log it.

It's just the difference between quality code and the rest. You still might want to ignore the return value, but it should be a conscious decision. Lint-like tools just help that.

Re:lint is horrible

[Arandir]

Lint compains if you call a function that returns an int and you ignore the int.

Seeing that you used strcpy() as an example, I can certainly understand why you don't like lint. For those of us who know better than to use such dangerous functions, lint and -Wall are our annoying but useful friends.

Re:lint is horrible

[jhunsake]

One of the purposes of str*() returning a pointer is that you can program in a semi-functional way. eg strcpy(buf1,strcat(buf2,"test"))

Re:lint is horrible

Use tendra. http://www.tendra.org

Re:lint is horrible

[Anonymous+Hack]

Yeah, you're right :-) But it's a bitch, ya know? Explicitly casting 90% of API functions to void, or checking for errors on printf() which 99.999999% of the time works, unless you're running on some weird embedded platform that doesn't have stdout. In my current project checking API returns would be nasty... It may only be a few processor cycles, but having the compiled code do lots of JNZ instructions that most of the time will never be true could mean the difference between waiting 20 seconds and 30 seconds for the program to complete its task... and i think i'd rather have the performance.

Re:lint is horrible

strcpy, strncpy, strlcpy, you name it, it was just an example of a function that has a return value that is either redundant or very rarely useful.

Re:lint is horrible

C'mon dude, don't be anal :-) strcpy(), strncpy(), whatever. My point was just that sometimes you get redundant return values (e.g. in strncpy() the return value is always the same as the first argument - check the libc source).

-ah

Re:lint is horrible

[Anonymous+Hack]

Thankyou for not bitching about me using strcpy() in my example instead of strncpy() :-) And this is a very good point you make - i've used the functionality a few times. I'd mod you up if i could. Of course, on a single line, it's still irritating... Ahhh this whole thread has gotten out of hand, really, because most people reading this will be using Red Hat, and their lint doesn't warn about ignoring return values from glibc anyways (make of that what you will).

Re:lint is horrible

[Anonymous+Hack]

Wow. This is a way cool project! Thanks for the link :-)

And mods, give this guy a few plus points on me.

Re:lint is horrible

Of course, you look like less of a moron when you pick your examples carefully, like strlcpy.

In case you didn't know, NOT checking the return value of strncpy is deadly: in case of overflows, strncpy does NOT terminate the string.

And well, strlcpy gives you a very clean indication of information loss. Only fools ignore it.

Re:lint is horrible

[jgotts]

"Seeing that you used strcpy() as an example, I can certainly understand why you don't like lint. For those of us who know better than to use such dangerous functions, lint and -Wall are our annoying but useful friends."

char buf[80];
strcpy(buf, "john");

Dangerous? strcpy() is perfectly okay if you are aware in advance of the length of the source string.

Re:lint is horrible

BSD folks rarely use lint anymore as well.

Re:lint is horrible

[Ed+Avis]

Check out Splint (formerly LCLint). Whereas traditional lint is less needed now that compilers have -W switches, splint has a whole bunch of extra stuff which gcc won't warn about. The only trouble with it is that by default, it wants you to add annotations to your program to help it be checked (for example if a function parameter is a pointerm you can annotate whether it is allowed to be null). If you go along with that then splint can give lots of help in finding places where null pointer dereferences could happen, and other bugs. But even if you don't want to annotate and you use the less strict checking it's still a handy tool. (OK, maybe C99 has some of this stuff too, but splint has more.)

Re:lint is horrible

[mosch]

I take it that you had an incredibly shitty testing department. The only way to have 5 bugs in 1.5 million lines of code is to redefine the term bug such that it no longer means what it usually means.

Re:lint is horrible

In which case you just wasted 75 bytes, you memory-hogging bastard!

Re:lint is horrible

If you know the source string in advance you'll either use a #define, or if the string is used multiple times, you'll skip the strcpy and go:

char *buf = "john";

Better yet, make "john" a define there too... or put it in a resource file of strings that the program reads in. No sense having your code littered with string literals you may need to hunt down and change later.

Meanwhile, unpredictable input should be collected by a granular, expanding buffer and not a "big ass" static buffer. User input from the keyboard is one of the few things so slow that you can afford to use realloc().

strcpy() is very dangerous. Use strncpy() or memcpy() instead.

Re:lint is horrible

[arkanes]

Well, he did say deployment, implying that this would be after testing. That's still a hell of a figure, and I'd assume that things like feature requests and cosmetic changes (often filed as bugs for ease of tracking) weren't counted.

Re:lint is horrible

[All+Names+Have+Been]

Personally, I find the following hilarious:

1. Download lclint (the free lint for Linux)
2. Unpack
3. ./configure
4. make
5. Receive the following output:

// Compiling cpplib.c / compiled: 1 (of 120 files)
cpplib.c: In function `timestamp':
cpplib.c:2632: warning: assignment makes pointer from integer without a cast
cpplib.c: In function `special_symbol':
cpplib.c:2777: dereferencing pointer to incomplete type
cpplib.c:2778: dereferencing pointer to incomplete type
cpplib.c:2778: dereferencing pointer to incomplete type
cpplib.c:2782: dereferencing pointer to incomplete type
cpplib.c:2782: dereferencing pointer to incomplete type
cpplib.c:2783: dereferencing pointer to incomplete type

On both a stock Redhat 7.3 and stock 8.0 system.

Re:lint is horrible

[pmz]

lint is horrible

No, it isn't. I took a legacy application that I began maintaining and used lint to eliminate hundreds of lines of code and several real never-before-detected bugs. It also encouraged me to remove dozens of implicit declarations and redundant "extern" statements in favor of real header files. The application really is better for it, and to do this work without lint would have been very very tedious. Granted, my experience is with Sun's compiler's lint, so I can't say whether other implementations are as good.

...it comes up with a LOT of complaints that are really unnecessary.

Actually, all of lint's complaints are about a potential problem. You just have to decide what is worth the time to fix.

Using lint is a deliberate process that should take several days or weeks for a large application (on the first time through). After that initial investment, using lint is still an important part of the ongoing health of the program, but it should become less and less of an effort each time.

Re:lint is horrible

[RhettLivingston]

Actually, we had an incredible testing process. It was a two year project and in the last 6 months we did 42 baselines for testing. Every change in every baseline was reviewed at the code level by myself and a customer representative (who was seated with our team for the entire project). Out tests involved automated code scanning using lint and a supplementary tool that we wrote to scan for mistakes we had made in the past, low level looping of almost 100% of our code through 10,000 iterations on at least two different machines to make sure we had no intermittent problems, and adhoc testing by engineers, managers (I figured they should be useful for something), and the customer 2 to 3 shifts a day throughout (amongst other things). I personally reached the point where all I had to know was who wrote the code and I could usually look at it and find several bugs immediately. In many cases, I would then add logic to our scanner to catch that persons common mistakes. Besides writing the operating system and most of the drivers, every single line of code in the 27 applications delivered to run on the system went past my eyes.

My definition of a bug includes any design flaw. In fact, in my experience, about 80% of bugs are design bugs. The statement "it works as designed" is pretty much banned as an excuse on the projects I work on. I believe it is the programmer's responsibility to communicate with the customer throughout to find the optimal design. When an optimal design is not possible, options should be made available to allow for flexibility, or a conscious decision should be made by the customer as to which direction to take (usually after tons of painful explanation). Don't take that to mean that I believe the customer always knows best. The programmer always knows way more about the problem than the customer. But the programmer should be able to communicate those minute details that the customer didn't realize were in their process and educate the customer to the point of allowing them to make informed decisions.

Re:lint is horrible

[poot_rootbeer]

I think you missed the point of the article. All those warnings that you think are unnecessary, maybe they're not so unnecessary after all...

DARPA?

[djupedal]

Additional support was provided by DARPA under contract MDA904-98-C-A933

Must be for that new lean, mean killing machine they've been asking for.

I Hope They Didn't Get Paid

[the_mad_poster]

I seriously hope no one paid them for this.

Are they telling me that if I write useless code intentionally I'm increasing my chance of errors as I increase my code?

Or, maybe they're saying that if I write useless code by mistake, I'm being careless which invites more errors?

Brilliant insight... I wish I had thought of all that before I turned my clear, concise 10 line application into a mangled mess of 100000 lines (hey look... I just rewrote the Windoze kernel!)

Re:I Hope They Didn't Get Paid

I think you and some other posters misinterpret the results. Or perhaps I am.

The hypothesis they're testing is that high-level errors or confusion on the side of the programmer (difficult to find automatically) tend to produce code that contains easily-detected code patterns.

They show that some extent it is true, for
four very simple patterns: idempotent operations,
redundant assignments, dead code, and redundant
conditionals.

This technique could then, to a certain extent, be used to identify code that may need careful auditing: if a sufficient number of these indicators are present, chances are that someone
working on that code makde an error.

There are some good lints around that detect these four patterns, and several other, such as pointers being used after being freed or realloced to another name, array indexes out of bounds,
severe type clashes, etc.

Re:I Hope They Didn't Get Paid

Did you actually read the fucking article?

For all of you who think this article is useless, here is why it is not:

It states that a good way to FIND errors is to search for redundant code. In most cases the redundant code was written _without_ the programmer realising that they had written the redudant code.

This article simply gives us emperical _evidence_ (as opposed to speculation) on the correlation between redudant code and hard errors.

I'm always shocked by the amount "well duh" posts I see on Slashdot, which plainly show that readers just aren't reading the stories close enough. .semantix.

Re:I Hope They Didn't Get Paid

[Temporal]

Read the paper, will you? Of course good programmers don't write redundant code... at least, not intentionally. So, when you do see redundant code in a program, it is more likely a typo, and if it's a typo, it is likely a bug. So, if you have a program which detects redundant code, it will likely find bugs for you. They wrote such a program. It found hundreds of bugs in the Linux kernel.

Here's an example they cite from the Linux kernel:

/* 2.4.1/net/appletalk/aarp.c:aarp_rcv */
else { /* We need to make a copy of the entry. */
da.s_node = sa.s_node;
da.s_net = da.s_net;

That last line assigns a variable to itself. Do you think that's what the programmer intended? Of course not. It's a bug. But no one caught it. If not for their program, maybe it would never have been caught.

You think this research is useless? Do you always write bug-free code? Maybe you should run this program on your own code and see what happens.

Re:I Hope They Didn't Get Paid

maybe it would never have been caught

If a bug is never caught, is it really a bug?

(only half serious)

Re:I Hope They Didn't Get Paid

The sad part is that these sorts of errors are much less likely to be found and fixed than many others, because there is a surprisingly large amount of code that emits compiler warnings under gcc, signifying that the author didn't bother to compile it in the first place. And, to make matters worse, I've seen code modules emit these compiler warnings for several kernel builds in a row, which tells me that the author didn't bother to double-check his code after it had been incorporated into an official kernel.

That lack of discipline is probably the seminal cause of the more serious errors that the paper cites.

The sad part is that, under the Linux software development model, it is unlikely that there will be a formal code review by a group of knowledgeable experts who will go down and visually read and inspect every line of code.

I worked for several years at a well-known vendor of a UNIX system, and that sort of code inspection was rarely, if ever, done. It's gotten too expensive. It took a lot of wheedling and sheer luck to get one programmer to edit a typo in an error message that was being printed on the system console. The only reason I was finally able to get it fixed was because the programmer had been in the module earlier in the day, had broken something, and I needed him to fix his new problem. While he was editing the code, I also pointed out the misspelling in the 'printf' statements, and he took an extra 30 seconds to tidy it up. I refer to him as a 'programmer' and not a 'software engineer' because he, like some Linux kernel code writers' lack the rigorous discipline needed to be a true software engineer.

Re:I Hope They Didn't Get Paid

> rigorous discipline needed to be a true
> software engineer

That and an Engineering degree...

Everybody understands you can't just go around calling yourself a lawyer or a doctor...

Engineering is exactly the same.

Re:I Hope They Didn't Get Paid

He probably can't run it on his code, because, like most people on slashdot, he has never written anything more complex than a 100 line perl program.

Well, duh!

[ucblockhead]

Redundent code means the coder wasn't thinking. Hence more bugs.

IN SOVIET RUSSIA...

Errors find YOU! find YOU!

Most prevalent source of redundant code....

[1nv4d3r]

Three letters: NIH.

Now, if you'll excuse me, I've got to get back to my text editor project.

Finding errors in your code

[Amsterdam+Vallon]

Isn't this the job of that smart dude down the hall who runs Lunix computers and reads some Slash Period website or something?

Well, at least that's how I finish all my projects.

Error checking compilers

".. so run lint .."

I understand that there are non-C compilers out there that actually detect code errors without running a separate utility. Amazing!

Re:Error checking compilers

I understand that there are non-C compilers out there that actually detect code errors without running a separate utility. Amazing!

Silence! We will not tolerate such subversive thoughts here.

Dead Code?

We have MS Windows conained inside of the kernel?

Re:Dead Code?

[yourmom16]

We have MS Windows conained inside of the kernel?

No its bsd thats dead, and you call yourself a troll?

A good editor...

[yintercept]

A good editor could easily cut that article in half without loss of any information.

Intentional redundant code

[1nv4d3r]

I've seen this (they were fired the next month):

// and now to boost my LOC/Day performance...
x += 0;
x += 0;
x += 0;
x += 0;
x += 0;
x += 0;

It actually caused a bug 'cuz they accidentally left the '+' off one of the lines. What an idiot.

Re:Intentional redundant code

[gUmbi]

I've seen this (they were fired the next month): // and now to boost my LOC/Day performance...


Was the manager asking for lines of code/day fired too?

Re:Intentional redundant code

"op=" is a bug created by Dennis Ritchie and remains uncorrected even today.

Re:Intentional redundant code

[Anonymous+Hack]

Ugh, counting LOC sucks. I find my most productive days are the ones i REMOVE lines of code, not add them. If i get a loop running tighter and faster, if i remove stuff that i could do better another way... that's what i'm paid to do.

Re:Intentional redundant code

[1nv4d3r]

I think he just wanted to look like he was busy. We weren't judged by LOC/day, but we did take regular metrics. I guess he thought if the manager saw 400 new lines that week, the assumption would be that he was doing more work than he was.

Re:Intentional redundant code

[Ace+Rimmer]

"... that's what i'm paid to do"

Ahh...so your boss pays you per removed line ;)
Sorry, couldn't resist this lame joke.

Re:Intentional redundant code

[jsse]

Must be Microsoft, they always bloat how many lines of code a new release of Windows exceeding the previous version. :)

Re:Intentional redundant code

15 years ago, writting code for a military contractor, I showed my boss a 1" stack of computer software code printout and a 5" stack of computer software printout to show him how much redundant/inefficient code I removed and how pointless it was to measure productivity by LOC. They were not yet measuring productivity by lines of code, but it was being discussed. By the way, the author of the redundant code was a doctor by training but refused to work as a doctor so his ex-wife wouldn't get half his income.

Re:Intentional redundant code

[inerte]

It actually caused a bug 'cuz they accidentally left the '+' off one of the lines.

They should have been fired for not using copy and paste properly!

Re:Intentional redundant code

[ralbury]

Hear, hear: it's one of your responsibilities as a software engineer to write as little code as possible, because as expensive as code is to develop, it's even more expensive to maintain.

Re:Intentional redundant code

Mhm my LOC count is usually sort of a curve over a project. Starts low (project start) getting higher an higher until i suddenly start finding more on more lines to remove and the LOC decreases once more. Probably i am not leet enough to see the short version from start :(.

Re:Intentional redundant code

A friend of mine used Smalltalk in a place where the manager counted LOC. So he submitted his changefile output; added or deleted, a copy ends up there.

Re:Intentional redundant code

Quickest way to remove redundant code: rm -rf *.c *.h

Re:Intentional redundant code

[Ace+Rimmer]

Wrong ;). If there is a subdirectory contaning a part of your sources, it won't be deleted (unless you name your directories with .h or .c extensions).

The correct construct has been left to the reader as a tricky excercise.

Re:Intentional redundant code

[boots@work]

And on a similar note:

Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it.

-- Brian W. Kernighan

lint *is* available for Linux

[Amsterdam+Vallon]

While lint(1) "proper" doesn't exist for Linux (because copyright issues), you all could try lclint.

It's available at larch.lcs.mit.edu:/pub/Larch/lclint.

"If all you're doing is compiling programs that have lint(1) targets in the Makefile, you can probably just comment out (or remove) the lint targets and actions from the Makefile. If the program has already been ported to Linux, they won't produce anything of interest to you unless you are a developer. I hope this helps."

Redundancy?

[kubrick]

Ummm... surely if any story should be duped in the near future, it's this one. Please submit story suggestions accordingly.

PDF usually crashes my computer

Maybe PDF has too much redundant code.

Re:PDF usually crashes my computer

[kasperd]

Maybe PDF has too much redundant code.

If it was only PDF the OS would not crash together with PDF. They are probably both buggy.

Interesting Research

[Beatnick]

Some code can be labeled as dead code but that
doesn't necessarily make the code non-useful
if the parameters and software requirements change.
I've placed code (don't flame me too hard) within
my own coded creations (with necessary documentation)
for future considerations that my clientele may
consider at a later date.

It's good to see an outside group looking over
various coding issues in Linux. It gives me
the feeling that most of the community provides
some scrutiny over its development which by
and large increases support of Linux.

Now that Microsoft has opened up its code (within limitations),
I would like to see (as I am sure some of you are)
someone check it over.

Just curious.

Re:Interesting Research

[sniggly]

My "dead code" (or rather undead since it could be alive) "lives" within /* */ - not compiled: no issue.

They're not an outside group. If you track their histories - Dawson Engler studied under Frans Kaashoek who studied under Andrew S. Tanenbaum who is the father of Minix which is the precursor to Linux. They're all fairly famous in their line of work and have done massive amounts of work & research that usually ends up in a bsd, unix or linux.

Re:Interesting Research

How does someone test unreachable code?

If you sense the full implications of this
question, you might agree that unreachable code
should be removed.

Re:Interesting Research

To get the most out of this post, read it out loud
while someone backs you up on bongos.
Craaazy, man.

Saw his talk at FSE

[owenomalley]

I saw Dawson's talk at FSE (Foundations of Software Engineering). He uses static flow analysis to find problems in the code (like an advanced form of pclint). The most interesting part of his tool is in the ranking of the problem reports. He has developed a couple of heuristics that sort the problems by order of importance and they supposedly do a very good job. Static analysis tools find most of their problems in rarely run code, such as error handlers. Such problems are problematic and sometimes lead to non-deterministic problems, which are extremely hard to find with standard testing and debugging. (This is especially true, when the program under consideration is a kernel.) Dawson also verifies configurations of the kernel that no one would compile, because he tries to get as many possible drivers at the same time as he can. The more code, the better the consistency checks do at finding problems.

By making assumptions about the program and checking the consistency of the program, his tool finds lots of problems. For instance, assume there is a function named foo that takes a pointer argument. His tool will notice how many of the callers of foo treat the parameter as freed versus how many treat the parameter as unfreed. The bigger the ratio, the more likely the 'bad' callers are to represent a bug. It doesn't really matter which view is correct. If the programmer is treating the parameter inconsistently, it is very likely a bug.

He also mentioned that counter to his expectations, the most useful part of his tool was to find 'local' bugs. By local, I mean bugs that are local to a single procedure. They are both easier for the tool to find, more likely to actually be bugs, and much easier for the programmer to verify if they are in fact bugs.

He analyzed a couple of the 2.2.x and 2.4.x versions of the kernel and found hundreds of bugs. Some of them were fixed promptly. Others were fixed slowly. Some were fixed by removing the code (almost always a device driver) from the kernel. Others he couldn't find anyone that cared about the bug enough to fix it. He was surprised at the amount of abandonware in the Linux kernel.
It is extremely frustrating that Dawson won't release his tool to other researchers (or even better to the open source community at large). Without letting other people run his tool (or even better modify it), his research ultimately does little good other than finding bugs in linux device drivers. *heavy sigh* Oh well, eventually someone WILL reimplement this stuff and release it to the world.

On a snide comment, if he was a company he would no doubt have been bought by Microsoft already. Intrinsa was doing some interesting stuff with static analysis and now after they were bought a couple of years ago, their tool is only available inside of Microsoft. *sigh*

Re:Saw his talk at FSE

[RodgerDodger]

It is extremely frustrating that Dawson won't release his tool to other researchers (or even better to the open source community at large).

There's probably a bunch of reasons why he hasn't done this. The most likely one is that he's using it as a research tool, and he doesn't want someone else to beat him to the punch in his research. A second is that it's probably not really in a fit state for sharing as yet (the tool is not the goal of the research, after all).

He's got a bunch of papers up describing how the tool works, so it can be reimplemented. Also, if he's like most academics, he'll probably talk your ear off if you ask him how it works. :)

Re:Saw his talk at FSE

There *are* better tools already available, though not for free.

I've long wished that Gimpel Software would release a Linux version of their lint -- it does everything described in the PDF article and much more.

Re:Saw his talk at FSE

[CH-BuG]

A second is that it's probably not really in a fit state for sharing as yet (the tool is not the goal of the research, after all).

This is not a valid reason, I know a lot of people (including me) that would be happy to improve his research code into something useful for the community at large. I remember a paper describing a gcc extension to write semantic checks (for instance, reenable interrupts after disabling them). This program found an amazing number of bugs in the linux kernel. I really wish I could have something like that at hand!

Re:Saw his talk at FSE

[Slashamatic]

Wasn't Gimpel's tool put out in good old fashioned shrouded C? If so, it would probably work, however, it isn't cheap.

Re:Saw his talk at FSE

[vidarh]

Gimpel's lint has been available for Linux for ages. We have it installed, and use it fairly regularly. You need to look for Flexelint, not PC lint. Flexelint is the Unix version, and is shipped as shrouded source code. But from what I've seen of it, it doesn't do nearly what is described in the PDF article.

Re:Saw his talk at FSE

[Salamander]

I know a lot of people (including me) that would be happy to improve his research code into something useful for the community at large.

I'm sure a lot of people would say the same about any piece of software, but who coordinates the patches? Who writes docs or, in the absence of docs, fields endless emails from people with questions? Releasing software implies a time commitment that the author might not be willing to make; it would certainly be nice if he did so, but nobody has a right to demand it of him.

I remember a paper describing a gcc extension to write semantic checks (for instance, reenable interrupts after disabling them). This program found an amazing number of bugs in the linux kernel.

That tool was called Metal, and it was by the same guy. His success in finding and reporting those hundreds of bugs already represents a greater contribution to Linux than all but a few could ever dream of.

Re:Saw his talk at FSE

[crow]

Actually, I believe he isn't releasing the code because he is starting a company to market it. There are lots of places that would happily pay thousands of dollars for that software, and much more if he would help customize it for their particular project.

Re:Saw his talk at FSE

[Ben+Hutchings]

If it's based on gcc (which the version described in the paper is) he'll have to release the source when he sells the binaries.

Re:Saw his talk at FSE

[crow]

I believe that only a small part of it is based on gcc; the bulk of the work is in an external program not covered by the GPL.

Concurrency Issues

As any good kernel volk know, concurrent programming can contain certain blocks of code that might seem redundant, even meaningless to the average procedural programmer. Hope they're not getting confused.

If unnecessary code is "redundant"

[RhettLivingston]

I suppose they've hit my pet peeve. I've seen many simple problems turned into hideous monstrosities with many bugs by people trying to handle bugs that can't ever happen and imaginary special cases because they were never taught how to abstract a function. Perhaps it can't be taught. In 20+ years of programming, its been a very rare time when I've picked up code and not been able to cut out large chunks without replacing them.

Re:If unnecessary code is "redundant"

I've seen many simple problems turned into hideous monstrosities with many bugs by people trying to handle bugs that can't ever happen

Yeah, me too, but I've also seen many simple programs crash and burn monstrously hideously because people didn't handle a case that "couldn't ever happen"...

Re:If unnecessary code is "redundant"

[RhettLivingston]

True. But adding code because it might be needed can't win statistically past a certain point that is actually not very far from not adding any code that you're doubtful of. Statistically, you'll create more errors in the code added than you'll solve.

I code routines for how they are being used in my project. If someone uses them for some case different from design, that's their issue. Everyone has the responsibility of making sure that every system routine they use was designed to handle their case. The reduction in code size allowed by not handling every case allows for this to actually be possible to achieve, even on the million line projects I work on. My methods are old, but by not jumping on the bandwagons of modern coding fashion, I've been able to lead several projects to packing multi-million line functionality into million line products with very very low bug counts. In my experience, rewrites of products usually contain much lower bug counts than the past generation "mature" products. That is opposite industry experience, and I attribute much of it to reduction in code complexity through design all levels of the product to solve end user's needs instead of designing the lowest levels to solve higher level developer's needs in a too general fashion.

talk about redundant

[Cheeze]

the article is in a pdf. now that redundancy.

are they just too lazy to "export to html" and put it up as a webpage?

and no, i don't want to load the adobe viewer. 30 megs of ram for a viewer program? there's probably 80% redundant code loaded into memory in that program alone

Re:talk about redundant

[mlk]

Google is your friend

Dawson Engler's past life as a bodybuilder

http://www.pdos.lcs.mit.edu/~engler/jr-calif.html

That didn't make any sense at all!

[Daetrin]

Until i realized that at 164% zoom all the equals signs looked like minus signs. I spend several minutes trying to figure out how that code could compile at all before i thought to turn the zoom up to 200% :)

Interestingly enough, 163% zoom doesn't cause the problem, nor does 165%. After a bit of experimenting i couldn't find any other isolated case that had the same results. There's a sudden transition to illegibility at 131%, but everything below that is also illegible. 164% is just odd, strange that that happened to be picked as the default when i opened it.

Double posting

[baywulf]

Is that why there are so many double postings of articles on Slashdot? Trying to use redundancies to find errors?

"redundancies ... correlate with ... errors"

[voodoo1man]

At the risk of being modded redundant (hah!) I have to point out that a correlation between sloppy coding and errors does, in fact, exist. Many of us who write software have suspected this for a long time, and it is good to know that our hypothesis is supported by concrete research from the academic community, who seem to have finally proven that "redundancies seemed to flag confused or poor programmers who were prone to other error types."

Hopefully, we can expect much more of such valuable breakthroughs from the academic community in the future, complete with papers full of badly formatted C code!

Go Dawson!

Go Dawson Engler! I almost took an advanced OS course from him this quarter. But I must say, if you know where to look (his MIT website *hint* *hint*) you can find pictures of him all oiled up for a bodybuilding competition. The man is ripped.

Rates a 10 on the DUH scale...

[Dr.+Bent]

...but seriously tho, I've always found that it's best if you go out of your way to make sure that code is duplicated as little as possible. Sometimes it takes some major refactoring to move a method when you discover that it's needed someplace else, but it's almost always worth it in the time saved testing, debugging and keeping the methods in sync.

What does this mean

... about all those seemingly harmless redundant articles, then?

vi!

[gregstoll]

vi could do it!

Re:vi!

[yintercept]

I was thinking human editor. As for documenting code, Word is the funnest editor because it does things like replaces "i = 1" with "I = 1" -- keeps you on your toes.

Re:vi!

[russh347]

vi: the first 2 letters in the word 'vile', the middle 2 letters in the word 'evil', the initials of the 'village idiot'.

Re:Finally

[Radio+Shack+Robot]

I know exactly what you mean. I've spent the last few hours helping customers and selling Verizon phones, only hoping that another post would show up to cure my boredom. Slashdot should queue the posts with a schedule so we'll know exactly when to check. But they never will because of the FPs. heh

lclint pointer incorrect...

[Samrobb]

For the record, it's been moved...

Larch FTP Site
January 28, 1999

Many files formerly on this site were moved elsewhere after a disk
crash in March, 1998.

The LCLint distribution can be found at
ftp://ftp.sds.lcs.mit.edu/pub/lclint
or http://www.sds.lcs.mit.edu/lclint

redundant servers

[mjp9055]

Servers are dotted! Maybe they should have used redundant servers. Not all redudancy is bad.

Linux for research

[Champaign]

Using Linux for academic research is hardly a new idea. In my group alone one of the profs has been publishing papers and giving talks about research using Linux since 2000.

An example of such is http://plg.uwaterloo.ca/~migod/papers/evolution.pd f - about the evolution of Linux

heed all warnings

[fermion]

There are two practical upshots of this that I use in my own code. First, it is best to treat all warnings as bugs. Warnings are an indication that the compiler or programmer can get confused with the code. Neither is a good situation. Code that generates warnings should be rewritten in a more understandable manner. Some would say this stifles creativity. This may be true, but we can't all be James Joyce, and, as much as we may like to read his work, few of us would enjoy wading through such creative code.

Second, use standard idioms. For some, that may mean learning the standard idioms. These should become second nature. Programmers should express their creativity in the logic, structure, and simplicity of the code, not the non standard grammar. Standard forms allow more accurate coding and easier maintenance.

Re:heed all warnings

[Arandir]

First, it is best to treat all warnings as bugs.

They ARE bugs. Trying to find one error in an output of twenty thousand warnings on a distributed build qualifies as an problem in itself.

it's both!

[simpl3x]

a floor cleaner... and a desert topping!

Re:it's both!

[Kymermosst]

a floor cleaner... and a desert topping!

You put Pine Sol on top of your Mojaves and Saharas?

Freak.

[OT] Speaking of redundant fault tolerances...

[cgenman]

...What's been happening to Slashdot's servers for the past 3 hours? Did Kuro5hin take them down?

Re:[OT] Speaking of redundant fault tolerances...

[Arandir]

It happens every week or so, typically on Wednesdays at 11:00 PST. I think it's caused by redundant slashcode.

Smatch

[Error27]

The Stanford Checker is great. I was blown away when I read their papers last year. Their checker is not released yet, so I wrote a similar checker (smatch.sf.net) based on their publications.

The poster mentions Lint, but I did not have any success using Lint on the kernel sources. The source is too unusual.

Also Lint does not look for application specific bugs. For example, in the Linux kernel you are not supposed to call copy_to_user() with spinlocks held. It took me about 10 minutes to modify one my existing scripts to check for that in the Linux kernel last Monday. It found 16 errors. (It should have found more but I was being lazy.)

A lot of the time, you can't tell what will be a common error until you try looking for it. One funny thing was that there were many places where people had code after a return statement. On the other hand, I didn't find even one place where '=' and '==' were backwards.

It's fascinating stuff playing around with this stuff. I have been learning a lot about the kernel through playing around with Smatch.

Re:Smatch

[CH-BuG]

God, I wish I had found this project before !

Are the gcc people interested in including this feature in the official gcc ? This would provide a "standard" distribution, which would be quite nice...

Re:Smatch

[JohnFluxx]

Did you get the bugs that you found fixed?
It wasn't clear if you submitted it.

Btw, I'm mulling with the idea of writing a write-time checker that would do a lot of this sort of stuff but as you are coding. That way your favourite editor can underline errors (like a spell checker does).
One of the things I was most interested in doing was number-ranges. Basically if you have a for-loop that loops x between 0 and say 10, then inside that for-loop you know x=[0-10]. Then you can check if you access an array outside of those bounds.
Do you have any idea how useful this would be? Or any ideas if it has been done, or anything?

It is an area that really interests me, but that I have no knowledge about :)

JohnFlux

Re:Smatch

[The+boojum]

If you play with Java, have a look at Eclipse (www.eclipse.org) It can parse the Java code as you write and flag errors with a colored squiggle underline much like MS Word's grammar checker. On top of that, in the margin it offers a "quick fix" icon. Click it and it shows you a couple of ways that it can automatically correct it. (e.g. If it doesn't know about that class in one context, but there's a package with a class by that name over there it can automatically add an appropriate import.) It's a pleasure to use for writing Java.

Re:Smatch

[Error27]

>Did you get the bugs that you found fixed?

At first I sent the errors to the lists but that was too hard to track which bugs were real etc. Now I have a web page with the results. I am on the kerneljanitors mailing list and they fix the bugs. Randy Dunlap has been especially helpful. I will get a static IP and a bandwith boost tomorrow and then I'll email lkml so that the web page becomes better known.

You could write a checker script for the for loop using smatch. Email the smatch-discuss list if you have any proplems.

I think that checking code as you write it is a great idea.

Re:Smatch

[ethereal]

The problem with the array bounds thing is that usually the array index is another variable, and it's tougher to predict what that variable's value might be within the loop. For constant array indices this would work great, I just don't know how much code uses a lot of constant array indices. But don't let me discourage you; for all I know my code is unusual.

Re:Smatch

[Deef]

The IDEA environment from IntelliJ (www.intellij.com, or www.intellij.net for the beta versions) finds a variety of coding errors as you type, underlining problem spots. It pretty much finds the same errors as the compiler would. (e.g. "this statement may throw exception Foo which is uncaught", "this variable may not yet have been assigned", etc.)

When working with other editors, I used to compile individual code files once in a while just to make sure that my full build would succeed. With IDEA, I find that once I have fixed all the things that the IDE is pointing out as I type, my build is almost guaranteed to succeed, with no need for intermediate compiles for syntax checking.

There are a LOT of other cool features (refactoring support, etc.) in this IDE as well. I'll never use JBuilder again...

(No, I don't work for IntelliJ. Just a happy customer.)

Re:Smatch

[JohnFluxx]

In quite a few cases the variable which is being used in the array index can be trivially deduced anyway.

How many times have you seen this sort of thing:
for(int i =0; i10; i++)
myarray[i]=2*i;

What I was thinking is then parse that into:

{
i=[0-9]
myarray[0-9]=(2*[0-9])=[0-18]
}
i=10

The bit (2*[0-9]) wouldn't be there, that's to demonstrate..
Checking that [0-9] is within the bounds of myarray, and [0-9] is within the bounds of an int (or whatever myarray is)

Re:Smatch

[Apathetic1]

The latest version of ActiveState Komodo (an IDE for Perl, Python, and other open source languages for those who don't happen to know that already) does realtime syntax checking. Green squiggles for warnings, red for errors.

Re:Smatch

[JohnFluxx]

Hmm. The trouble is that it is $295. I'm a lowly student and can't really justify that kind of money. It has a non-commerical version, but that would mean I can't develop GPL'ed software in it.

Same problem I have with the other ide someone suggested in this thread..

In this case, it isn't anywhere near as powerful as what I'm after tho. And there's no way I'm developing plugins for a proprietry app :)

At the moment I'm thinking of plugins in for eclipse.

Sigh! Nice article...

[greppling]

...but I'd much prefer to be able to actually use the tool.

They have regularly provided helpful posts to linux-kernel listing huge number of bugs, see their most recent message listing potential buffer overruns.

This would be an extremely valuable tool for any Software project, proably even more useful than e.g. valgrind.

Comparison to Redundant and Unused DNA Code?

[mrflip]

This made me immediately think of the 'redundant/unused code' conundrum in biology (Sorting through DNA). Surprisingly little of the DNA string seems to be 'active' code, where active means 'codes for a gene.' Most of it is either has no use, or uses that are not clear to us now. One pedestrian use for this 'dead' code is simply to separate the genes logically and spatially; this reduces the probability of simultaneous defects in multiple genes.

DNA code also has high redundancy, which allows error-correcting transcription and other hacks ( see Parity Code And DNA or DNA's Error Detecting Code)

In both cases factors yielding robust DNA code are found to indicate bad digital computer code.

flip

(background: Ars Technica's Computational DNA primer

Re:Comparison to Redundant and Unused DNA Code?

Lots of DNA code evolved by the mechanism of code doubling and redoubling and redoubling again to allow random errors many chances to create someting useful. Its one of millions of evidences of NO designer.

Re:peace in the world

[zcat_NZ]

That's nice, but have you actually caught Osama yet? Dead -or- alive? How long's it been?

Perhaps you'd have better luck if more of the Americans in Afghanistan were actually looking for Osama and not building an oil pipeline.. or was that the real objective here all along?

Where there's smoke, there's fire

[rufusdufus]

So many people have made silly comments about this being obvious, useless or whatever. This is probably because they did not actually READ the paper.

The paper is not about obvious code redundancy bugs, it is about subtle errors which are not as simple as just duplicate code. It is about code that *appears* to be executed but actually is not.

Go take a look at the examples and see how long it takes you to notice the different errors...now imagine have a thousand pages of code to peruse..would you catch it? Many of them probably not.

The conclusion of the paper is basically, errors cluster around errors; finding a trivial unoptimal syntactical constructions tends to point to real bugs.

Where there's smoke, there's fire.

Re:Where there's smoke, there's fire

I'm not entirely convinced that this really works. Maybe the code they inspected has a uniform distribution of bugs, but they only noticed the ones near the spots their tool highlighted?

Even the smallest program...

[OttoM]

This is widely known:

1. Every programs contains bugs.
2. Every program contains redundancies and so can be made smaller without changing behavior.

Therefore the empty program is redundant but still buggy.

Related research at Berkeley: CQual

[sailesh]

CQual

It's been used to find security holes.

Parallel programming 101

[Skuto]

They made fools out of themselves with this one:

if (!cam || !cam->ops)
return -ENODEV; /* make this _really_ smp-safe */

if (down_interruptible(&cam->busy_lock))
return -EINTR;

if (!cam || !cam->ops)
return -ENODEV;

Their comment: 'We believe this could be indication of a novice programmer...blabla...shows poor grasp of the code'.

BZZZZZZZZZT

Nice try kids, but unlike you, this piece of code was probably written by an experienced guy that has actually written code for parallel systems before. Since it's tricky, you would be excused if not for the 'novice programmer' comment above and the fact that the code itself says it's there for SMP safety.

Here's a hint: UNTIL you acquire the lock on 'cam', any other process can change the value, including at the point BETWEEN the first check and the acquisation of the lock.

--
GCP

Re:Parallel programming 101

[idletask]

Gee, reread yourself... Sorry but they're 100% right. If they could acquire the lock, cam and cam->ops cannot be NULL due to the first check.

BTW, in 2.4.18, the code now looks like this for this same function:

struct cam_data *cam = dev->priv; int retval; if (!cam || !cam->ops) return -ENODEV; DBG("cpia_mmap: %ld\n", size); if (size > FRAME_NUM*CPIA_MAX_FRAME_SIZE) return -EINVAL; /* REDUNDANT! */ if (!cam || !cam->ops) return -ENODEV; /* make this _really_ smp-safe */ if (down_interruptible(&cam->busy_lock)) return -EINTR;

Re:Parallel programming 101

why cant cam->ops not be null? Someone could have changed in between the first check between the first check and the lock (which ostensibly does not allow futher modification of anything on cam)
Anyway there is too less data here to come to a solution

Re:Parallel programming 101

[Skuto]

>If they could acquire the lock, cam and cam->ops
>cannot be NULL due to the first check.

It *CAN* on an SMP machine, which is the whole point.

--
GCP

Re:Parallel programming 101

[ochinko]

if (!cam || !cam->ops) return -ENODEV;

Strange, I am just an ignorant code monkey, but I would never write it like this. I much prefer:

if (!(cam && cam->ops)) return -ENODEV;

Yes, there is one more pair of parenthesis, but only one negation which makes the code to be understood faster by humans, and involves two operations instead of three which could also help the compiler to produce better code.

Re:Parallel programming 101

[idletask]

No, it cannot, read the code! Specifically, read drivers/media/video/videodev.c:video_mmap(), where you can see that the mmap() operation is protected by lock_kernel()/unlock_kernel()...

Re:Parallel programming 101

[John+Harrison]

Your way is harder for me to read. Anyhow I would be shocked if modern compilers are unaware of de Morgan's law and don't optimize such that the complied code is the same in either case.

Re:Parallel programming 101

I've read a lot of code in my life, and I can see that you're one of those 'clever' programmers, who chips away at readibility, on the theory that it'll make for slightly faster code. In fact, all you've accomplished is making yourself feel superior while generating harder to maintain code. '(!(' is hard to read.

Re:Parallel programming 101

[Skuto]

You are right about the kernel lock, but notice that the code gets and releases cam->busy_lock, which doesn't make sense to me if there really isn't anything else than can access cam at that point. If you can explain, please do so.

PS. I didn't find the quoted code from the paper in 2.4.1!? The code in that kernel is the same as the snippet you posted, and there the check does look redundant.

--
GCP

Re:Parallel programming 101

[Salamander]

unlike you, this piece of code was probably written by an experienced guy that has actually written code for parallel systems before.

I suggest you check out Dawson Engler's resume; he has almost certainly done 10x more parallel-systems development than you have. This particular code example might be a bad one, because the analysis that supports the author's conclusion is omitted from the article, but the basic point is still valid: code that contains duplicate condition checks like those in the example is more likely to contain real bugs than less duplicative code, and the "low-hanging fruit" can be identified automatically. It's not hard at all to see how deeper analysis, different rules, or annotation could do a better job of weeding out false duplicates without compromising the tool's ability to flag legitimate areas of concern.

You're arguing about low-level implementation, when the author was trying to make a point about a high-level principle. That's the hallmark of an insecure junior programmer.

Re:Parallel programming 101

[ochinko]

Your way is harder for me to read. Anyhow I would be shocked if modern compilers are unaware of de Morgan's law and don't optimize such that the complied code is the same in either case.

Ok, this is obviously a matter of taste.

Nevertheless it seems to me that you add another point to my thesis. This is a kernel code after all. Wouldn't it be better if the assembler output matches the C source more closely in case one decides to dive in it?

Re:Parallel programming 101

pwned!!

Re:Parallel programming 101

[ochinko]

I've read a lot of code in my life, and I can see that you're one of those 'clever' programmers, who chips away at readibility, on the theory that it'll make for slightly faster code. In fact, all you've accomplished is making yourself feel superior while generating harder to maintain code. '(!(' is hard to read.

Everything but that. I'm not trying to be 'clever' here. I'm trying to produce more simple code by eliminating one operation.

Never mind the compiler. John Harrison is absolutely right about the ability of the average compiler to optimize that code.

It is all about the reader of the code. Is it less readable to have two operations instead of three, and to skip one negation? To me, it isn't, and having an additional pair of parenthesis doesn't bother me as much as it bothers other people.

Re:Parallel programming 101

Are you actually saying that and OR and two negations is easier to read than an AND and one negation? Thats just plain retarded.

Re:Parallel programming 101

[John+Harrison]

I agree that it is a matter of taste. I don't agree with your second point. You should write the code in a way that it is easily readable by those who maintain it. The compiler is going to do all sorts of other things to it that you can't and don't want to control. Otherwise you would be writing in assembly. Trying to guess what the compiler is going to do in order to match your code to it strikes me as a waste of time.

Re:Parallel programming 101

[dunkstr]

Yes... But isn't the point that you should mark such variables as volatile? Otherwise a smart compiler might (rightly) remove the code! Admittedly the surrounding comments in the paper imply a different interpretation; wouldn't their checking program ignore it if the variables were properly labeled 'volatile'?

I haven't actually bothered to check the surrounding code in 'cpia.c:'; but am I right in thinking that shouldn't matter?

Re:Parallel programming 101

[Skuto]

>This particular code example might be a bad one,
>because the analysis that supports the author's
>conclusion [slashdot.org] is omitted from the
>article,

I agree (and with the rest).

>You're arguing about low-level implementation,
>when the author was trying to make a point about
>a high-level principle.

I'm arguing about this being used as an example 'look how silly the original programmer was', when in fact, this is a much more complicated issue than the paper makes it out to be. I don't argue with the rest of the paper - anything that aids in automatic bug discovery is a welcome addition in my book.

--
GCP

Re:Parallel programming 101

[PenguiN42]

>If they could acquire the lock, cam and cam->ops
>cannot be NULL due to the first check.

It *CAN* on an SMP machine, which is the whole point.


Uhm, if cam was NULL after the first check, wouldn't cam->busy_lock cause a segfault (or whatever, i'm not a linux kernel programmer)?

I can't comment on the cam->ops though, since I don't know the implementation details.

Re:Parallel programming 101

[Skuto]

>Uhm, if cam was NULL after the first check,
>wouldn't cam->busy_lock cause a segfault

I don't feel bad about being flamed by people that missed my point, but I do feel bad about this. You are 100% right - the way I read the code can't possibly be correct.

--
GCP

Re:Parallel programming 101

[ethereal]

IMHO, the original is cleaner, because it's easy to miss the ! in the middle of ((. The logical way that you would describe this condition to someone is: "if either cam or cam->ops are 0, bail out". You wouldn't say "if cam and cam->ops together are 0, bail out". We don't care about "cam && cam->ops", anyway; that combination is nonsensical. We just care that neither are 0, which is why it makes sense to check each to see if it is 0, and then OR the combination.

There's an advantage to maintaining code that reads more like natural language, it seems to me. Or it could be that I'm just more used to reading the Linux kernel sources somehow, which is a scary thought :)

Re:Parallel programming 101

[iabervon]

'cam', being a local variable on the stack, isn't visible to any other thread. It's theoretically possible that cam->ops might change, although I'd guess that nothing would modify such a field.

Actually, it looks to be more like an incomplete cleanup of worse code; the original could have failed to copy the value into a local and needed the second check. But then the lock acquisition could break, and the second check fails to drop the lock. So somebody fixes it by replacing the heap copy with a stack copy, and forgets to remove the second check.

Alternatively, it could have been written by a programmer who's taken Parallel programming 101 but doesn't understand the thread model used in the kernel...

On error....

shouldn't that be

if(strcpy(buf, "hello")==0){
return (OUT_OF_MEMORY);
}

Re:On error....

[Anonymous+Hack]

But if you've already malloc()ed or have the memory on the stack (char buf[32]) it's already there.

Re:On error....

Go sit in the corner and keep quiet, you're only embarrassing yourself.

Re:On error....

The buffer's already there. strcpy failing would be some kind of memory access error rather than out-of-memory... and any respectable OS should kill your process dead for accessing memory improperly, in which case the code would never reach the return.

Copy and Paste

[oliverthered]

Couldn't you also search for seeminly copy and pasted code blocks as a sign of errors (or code that at least needs refactoring)

Re:Copy and Paste

That works for the first c&p, but what happens when the copies have had different bug fixes applied over the course of years - they're still supposed to be doing the same thing, mind you, but they no longer look similar. Or one copy has had the variable names standardized, while the other hasn't.

This is not hypothetical, alas.

Nothing I've seen can top this one:

(for i = 0; i MAX; i++){
if (i == MAX) {...

No, there's no intervening code, and no sign there ever was any. No clue what the if is supposed to do, or why it would care if i == MAX

Re:Copy and Paste

[oliverthered]

Ok the idea was that if someone has copy and pasted a bit of code, then the rest of the code around that area may be poor, because; they may not have understood the problem in the first place if the copy and pasted instead of writing a generic function macro template or whatever.

This is the same as the redundant code Idea, it isn't that the redundant code is an error, it's that the preson who crearted the redundant code may not have been in the best state of mind and made lots of mistakes.

Slashdot editors already knew this

as they are posting dupes to ensure quality of stories

Errr...

Dead code

[xyote]

Dead code is most likely found in really old code that has been modified many many times. Does really old code that has been modified many many times have lots of bugs? Quite likely.

Is this dead code going to get removed?

No.

Why not?

Because, one, it's only an opinion that it's dead code. There could be some obscure case that no one imagined that could use it. Two, if some programmer removed it and it turned out that it was needed or the programmer screwed up the removal, the programmer would be blamed and take a lot of grief for it. If it ain't broke, don't fix it.

Now, it could be that the dead code doesn't work properly for the obscure case. But how could you tell? Do you want to write a test case for code that no one can figure out how it gets invoked?

Re:Dead code

[Squeak]

On a project I worked on recently one file contained a comment reading something like: // The below code is unnecessary but the program // does not work if it is removed. // With the code commented out everything is fine.

The group of people involved in that area of code were also masters of redundancy and inefficiency. Their code could often be rewritten and shortened to 20% of its original length. Not BY 20%, TO 20%.

Re:Dead code

[arkanes]

Dead code is code that is either unreachable or should be unreachable (like an error handler that checks for an impossible case). It's not an "opinion", it's a provable, testable case. If you can't figure out how it's invoked, then you can't test it, and thats a bug. If you remove it and somethign breaks, then you just found out where your bug is.

Re:Dead code

[/dev/trash]

This says to me that the code is not documented very well at all. Document it and you'll see that there is no truly dead code.

Re:Dead code

[xyote]

The dead code that I had experience with was reached through conditional logic. The expert opinion what that the conditions necessary to reach that code section could not occur. But it's opinion, not something that is provable. Certainly not with the size of the system we were working with, millions of lines of code.

The proper way to deal with code that has a lot of problems is to rewrite it. You are making a trade off, that you are removing more bugs caused by the old croufty code than you are introducing by the new code including the ones you introduced by not completely understanding the old code.

On rewrites, I used to leave out everthing that I couldn't figure out, and end up putting back in about half. You learn a lot on rewrites, even if you thought you knew the old code really well to begin with.

Re:Dead code

[arkanes]

Well, the dead code detected by the program in the article is not an opinion - it's something that is provably unreachable. If you've got well documented functions, it should still be possible to either generate a test case or prove that certain code branches are unreachable. In fact, if you were working on REALLY mission critical stuff, one of the audits is to trace each and every possible branch of execution. Yes, thats an enormous amount of work. However, it's also (largely) possible to automate it.

Re:Dead code

[WzDD]

>Because, one, it's only an opinion that it's dead code.

No it isn't. If if is not called at all and there is no way to call it, then it is dead. An example would be a function in the kernel sources that doesn't get called by any other kernel function and isn't exported.

Confirms that 80/20 works for defects, too...

[bryane]

This isn't really new information - there have been studies that show bugs cluster, as well as the intuition most programmers have that "this part is really bad"

If you look at a CVS repository and identify those files that have high revision numbers, there's a good chance they are full of errors and need to be rewritten.

One visualization is to color code according to it's age - old code blue, and new code red - then look at the results. You will often see that the red code clusters, and there are huge regions of blue that have been stable for years. You will also see relatively small clusters of differening shades of red, as people need to keep banging on the same problematic code.

Re:the mothers and the widows

WTF?

I don't understand what he's trying to say.

Signed/Unsigned comparison

[pommiekiwifruit]

But is this readable and maintainable?

for (std::vector<mytype>::size_type i = 0; i < myvar.size(); ++i) { ... }

And hoping that mytype is indeed the type of myvar.

Or creating a whole new class just to use for_each

When in the olden days it was

for (int i = 0; ...

Or could we cheat a little and try

for (size_t i = 0; ...

Eclipse has an excellent sanity checker (for java)

[FirstEdition]

The Eclipse IDE has some of this functionality, eg unused variables, unreachable blocks, etc.

One of my "favourite" bugs is a simple accessor:

public Integer theVal;

public void setTheVal(Integer theval) {

this.theVal = theVal;

}

Which, of course, is legal java but does nothing when the accessor is called, and can be difficult to find that the parameter is incorrect case.

Eclipse warns you if you have just made this mistake. Man, I love that IDE!

And I think there is a c++ plug in for it.

Silences compiler warnings

[Kris+Warkentin]

Stupid people have obviously never worked with big, complicated software before. Take something like gcc or gdb. You have a bunch of functions that you implement to support a new target and give them to gdb so it can call them. These have a defined API so you have to implement them with the same arguments. If you don't use one of the arguments, you get a compiler warning. Hence a=a. The compiler will optimize all that redundancy out anyway.

Re:Silences compiler warnings

[arkanes]

One of the projects I worked on used an UNUSED macro for this sort of thing. Having the macro there shut the compiler up, and it's alot more obvious and self-documenting than a=a.

Re:Silences compiler warnings

[ejasons]

Stupid people have obviously never worked with big, complicated software before. Take something like gcc or gdb. You have a bunch of functions that you implement to support a new target and give them to gdb so it can call them. These have a defined API so you have to implement them with the same arguments. If you don't use one of the arguments, you get a compiler warning. Hence a=a. The compiler will optimize all that redundancy out anyway.

I've never seen a compiler that would flag unused function arguments as errors. However, if I were to encounter such a beast, I think that using:

(void) a;

is a lot clearer than is:

a = a;

This comes as a surprise?

No wonder I use FreeBSD. They only have one pointy hat to pass around, not one for every developer.

And for the java programmers ...

[Paul+Lamere]

Try this: pmd

Removing dead code...

[wowbagger]

I have a saying:

If a line of code doesn't exists, then it cannot contain a bug.

Like more aphorisms, you can argue this, but my point is this - every line of code in a program is a potential bug. Every line of code requires a bit more grey matter to process, making your code just that much more difficult to understand, debug, and maintain.

So I ruthlessly remove dead code. Often, I'll see big blocks like this:


#ifdef old_way_that_doesnt_work_well
blah;
blah;
blah;
#endif


And I will summarily remove them. "But they were there for archival purposes - to show what was going on" some will say. Bullshit! If you want to say what didn't work, describe it in a comment. As for preserving the code itself - that is what CVS is for!

By stripping the code down to the minimum number of lines, it compiles faster, it checks out of and in to CVS faster, and it is easier to understand and maintain.

I will often see the following in C++ code:


void foo_bar(int unused1, int unused2)
{
unused1 = unused1; // silence compiler warning
unused2 = unused2; // silence compiler warning
}


And I will recode it thus:

void foo_bar(int , int )
{

}


That silences the "unused variable" warning, and makes it DAMN clear in the prototype that the function will never use those parameters. (True, you cannot do this in C.)

Code should be a lean, mean state machine - no excess fat. (NOTE - this does NOT me remove error checking, #assert's, good debugging code, or exception handlers).

Re:Removing dead code...

[Q+Who]

That silences the "unused variable" warning, and makes it DAMN clear in the prototype that the function will never use those parameters.

Parameter names are part of the function definition, not the prototype.

Re:Removing dead code...

[wowbagger]

Frequently, people will cut & paste the function definition into the header as the function prototype, thus removing the variable names from both helps make it clear that the variables are unused.

Re:Removing dead code...

[that+_evil+_gleek]

I'm not as ruthless as you, because it sucks when the 'dead' was right, and the guy
who /fixed/ it was wrong -- perhaps because of some other bug was introduced, in another
system and the new code was coded to the buggy behavior. Or perhaps, the spec changes back and forth --- a lot....
CVS is good, but searching CVS for the 'right' version can be a pain, ESP, if I only want the 1 change -- a file might have many changes , and ESP if I'm not the one who screwed it.
Instead I #if 0 things, leave it until it is 'stone dead', then clean up, /and / refactor if it looks like a win.

Also, computer systems software, the O.S. , kernel, editors, tools etc all really done differently,
than company in house software. In the former you either control the spec, or can
expect rational change, in the latter, the software reflects business rules which the code /must/ reflect, but some of the changes may be temporary. As in: 'our contract with X is up and for the next two monthes we need to work with Y's system' So gut that stuff, and one might make a lot
more work for oneself later -- if it ever goes back to the old way -- can't just roll back CVS you'd lose all the fixes and enhancements to that file done in the mean time. Lots of fun, especially if was done by someone else, and I just took over the maintance: find old code, work out relevent part,put back in, take out 'new old' and don't bring back any old bugs, or lose any new fixes.... Throw in a network outage and really make my day.

If the CODE is the spec you might want to keep some of that old code, and if you've never heard
the phrase 'just do it like it was done before', consider yourself blessed -- light a candle in the church of emacs even ;-) Esp, if that code was GOOD code -- yeah throw out the stuff that never worked and quick, but if was good maybe not so quick, unless of course you work in some paradise, where everything is documented -- by someone else (of course).

But in general, I agree, just being 'ruthless' about it can cause problems in some places.
I imagine its not the redundancies themselves, but that they are the tell tale markers, 'the droppings' if you will, of lazy and/or untalented programmers. Of these esp. bad are those who actively argue against efforts to refactor and clean up, even in sections they don't maintain.
But also irrating, are those who are smart, but 'summarily remove dead code' when they are new hires, or contractors hired for only a quarter, and would have no sense when dead code is truly and forever dead, or when it might be easily be resurrected next year, and because it is done 'summarily', they have no idea what they gutted or when, and theres no CVS tag, of course, and they smirk as they pass the buck back to me, and go to their next job, leaving me with twice the work as I would have had before...

Crappy Adobe Software

[martinschrder]

You could use GhostScript.

And if the authors had used pdfTeX, their PDF would actually be readle on-screen.

So that explains it

[rjamestaylor]

So that explains it: Duplicate articles are the editor's way of debugging Slashdot. Cool!

Code reviews and unit tests

[ipjohnson]

The best way to avoid problems is peer reviews and well written unit test plans. Point blank.

If you have good reviewers (someone that know what the code is supposed to do and could write it themselves) code reviews will pick out atleast 50% of the bugs. With a well written unit test (test all possible paths and all possible functionality) you will find all your functionality bugs (hopefully)

These are two things that you can implement easily and effectivly. It also provides an early frame work for some software process ...

You can find duplicated Java code...

[tcopeland]

...using this thing here:

http://pmd.sourceforge.net/cpd.html

CPD uses a variant on Greedy String Tiling to find duplicated code in Java programs. There's also a JavaSpaces version since finding duplicated code is fairly parallelizable....

Yours,

Tom

The pdf font is horrible, get the text version.

[BoomerSooner]

Thanks for the link!

Re:The pdf font is horrible, get the text version.

[ynohoo]

Yes thanks - I tried putting it thru Adobe's PDF->HTML converter and it came back with garbage...

Just like MIT

Sounds familiar ... Greenspun on SICP:

[T]he authors used to have a review wall outside their offices at MIT. University professors from around the world writing in scientific journals said "finally I understand what all this computer science stuff is about; this is the most brilliant book ever. I'm glad that we're using it to teach freshmen now." In the center was a review from Byte magazine: "I didn't understand any of this book."

intuitively obvious common sense

[sohp]

This isn't a revelation for me. For some time it's been clear to me that sloppy code is a sign of sloppy thinking generally. I see code that is formatted oddly, indented irregularly, and I know I'm in for trouble. Throw in unused variables, or redundancies like the article talks about, and for sure that program is going have nasty bugs.

Ah! The /. secret is out!

[BiOFH]

Using Redundancies to Find Errors

So this is what's up with redundant posts on /. !!!
They're looking for errors!
After analysing the data from this experiment, the error is clearly apparent; Timothy.

Thank you, thank you, you've been a great audience. I'm here all week!

And the lock ....?

[A+nonymous+Coward]

So it's ok to return from the first check without the lock, and ok to return from the second check with the lock?

Methinks it is YOU who needs a hint, preferably delivered with a clue by four.

Valid reasons for NIH

[yerricde]

Now, if you'll excuse me, I've got to get back to my text editor project.

There are valid reasons for rewriting code because it's "not invented here". One is for homework, where you are expected to write all the code in the program by yourself with no outside help. Another is that no code exists under an appropriate free software license. Another is that the popular text editors do not support features of your constructed language such as text-direction or multi-color glyphs.

A consitently nonsensical kernel hacker?

[cuteface]

"The minor errors were operations that seemed to
follow a nonsensical but consistent coding pattern.."

What papers have you published?

[pclminion]

You're one of those guys who thinks that anyone who doesn't grasp precisely all the different technical fields you do, must be an fool.

These researchers obviously have a good hold on compiler technology, since they implemented their checkers with xgcc. They also seem to understand logic quite well, since their code uses and extends on gcc's control-flow analysis algorithms. And they do, actually, understand what's going on here.

As for your particular example, the check really is redundant, but it was almost definitely intentional. It's true that another processor could change the cam variable between the first check and the lock -- but taking the first check out would have no impact on the functionality or correctness of the code. It's just a performance enhancement so that the routine can exit early in the error case, without the overhead of locking the lock. Removing the bit of redundant code would just add a little overhead to the error case.

In short, their checker found a true redundancy. They may have not realized its purpose since they don't have specific experience with this kind of parallel programming, but it's a redundancy. If you had actually read the paper instead of merely glancing over it, you would have seen that their checker respects the volatile nature of variables declared as such -- the checker is fully aware that a second thread can change the value between one operation and the other -- and it still figures out that the check is redundant.

Here's a hint: don't go around claiming people are fools unless you've got some evidence. These guys had hundreds and hundreds of bugs to go through, and expecting them to perfectly analyze every last one of them is unfair.

Oh, and -10 points for using "BZZZZZZT".

Re:What papers have you published?

[Skuto]

>You're one of those guys who thinks that anyone
>who doesn't grasp precisely all the different
>technical fields you do, must be an fool.

Not quite. I did actually read the paper and even the authors resume before posting here, but I still did because the snippet and the comments surrounding it didn't make any sense. After seeing that the original code in 2.4.1 is different from the snippet in a critical way, I'm guessing they slightly rearranged it to fit their paper better. In that sense, my original annoyance towards their comments at the original author don't hold, since it's not what he wrote in the first place. (And that's was exactly the reason why I made the original post). But I think the end result is that the example is now particularly unfortunate.

There is some irony in that while I critiqued the statement that the original author was a dummy, I'm now being attacked because I supposedly think the papers author is a fool. Bzzz, eh, I didn't say anything.

I'm guessing being wrong and still moderated up to 5 doesn't help either.

--
GCP

Cut-and-paste coding, and lack of abstraction

[alispguru]

I suspect a lot of those redundant code instances were caused by people recycling code via cut-and-paste - the quick and dirty, programming-by-pattern-matching approach we all take when we just want to get something done without taking the time to deeply understand someone else's code.

The current word for making this stuff go away is "refactoring" - noticing redundant patterns in code and abstracting them out. The problem is that refactoring is hard in the most popular languages (C, C++, Java) because of their requirements for picky, static type declarations on all the built-in types. Type declarations are necessary for low-level bit mashing and the last order of magnitude improvement in performance, but most of the time they make it hard to refactor code by pushing implementation details too far down into it.

Common Lisp got this one right a long time ago. Objects in CL are strongly typed, and variables are untyped by default, but you can add declarations which the compiler can then use to speed up code. The CL developer's mantra is "make it work, profile it, then make it fast." That way, you only do the declaration work on the measured hot spots in the code.

(BTW, to all you Smalltalk/Dylan/other-dynamically-typed langauge fans out there - peace, brothers and sisters. Your stuff is good too; my beef is with strong static typing that cripples abstraction.)

No, *you* have a poor grasp of the code

Will you get off your fucking high horse? What the hell is it with all this "BZZZZZZZZZT" and "Nice try kids" bullshit? Grow a fucking brain you asshole.

I'll spell it out for you: If what you said was true, and cam can be set to NULL after the check but before the lock is called, then cam->busy_lock *WOULD CRASH*.

Therefore, the second check, after the lock, *is* redundant and *is* overly cautious, and you *are* an arrogant asshole who should think a little bit more before bashing legitimate research in a very childish way, hopping for that karma bonus from an unearned +5 moderation. Fuck you.

And if you would have even read more closely, you would have noticed that the "novice programmer" comment you got so hot-headed about *WASN'T EVEN SPECIFICALLY DIRECTED AT THAT PIECE OF CODE*. Here it is again: "This includes cases where the programmer checks the same condition multiple times within very short program distances. We believe this could be an indication of a novice programmer..." The actual code example is in the *next paragraph* as an *example* of checking the same condition multiple times. They *NEVER* said that that programmer was a novice. You, however, *are* an asshole as I said above.

The end.

you made this too easy . . .

[IndependentVik]

Would you question other stories a journalist writes, when you find one that has typeos and gramatical mistakes in it?

[Insert obligatory jab at slashdot here]

Re:Eclipse has an excellent sanity checker (for ja

[sir99]

Which, of course, is legal java but does nothing when the accessor is called, and can be difficult to find that the parameter is incorrect case.

Hmm, are you sure? If so, Java must have different scoping rules than C++ ( I don't know any Java), because the following C++ program prints "5 6", since the formal parameter name makes the class variable inaccessible.

#include <iostream>

class foo
{
public:
int a;
foo () : a(5) { }
void setA (int a) { this->a = a; }
};

int main ()
{
foo f;
std::cout << f.a << " ";
f.setA(6);
std::cout << f.a << "\n";
return 0;
}

It's still rather confusing and should be changed, of course, but the meaning is clear if you understand C++'s scope rules.

lint is no substitute for effort

these lint-like tools have always been an irritant. stuff like flagging a non void-casted strcpy or printf call which has been mentioned below, etc. and eventually a stellar C programmer can create code that can be compiled but not actually understood by the compiler itself.

it's been my experience that the best code is written by a fully engaged programmer who actually reads the code as they create it. this sounds blindingly obvious but i know how easy it is to go on autopilot when coding what seems like a trivial (or even complex) piece of code and that's probably the source of 95% of bugs (outside of architectural defects of course).

my own case in point. in the last 3 years i've bootstrapped out of nothingness a series of libraries totaling around 7 megs of source that runs in 6 operating systems. a very complex data transformation product (commercial) has been built using those libraries, the first of many products i hope (sorry i'm not partial to open source). in that time maybe 3 - THREE - bugs have been found in probably 3/4 million lines of code. This is supposed to be alpha code but it's more stable (and fast) than most v5 code bases. The secret? read the damn source code. put your finger on the monitor and read every damn line of it and don't glaze over when you do. Then do it again. i think i've done that 4 times for each module, and they seemingly always come out sterilized. if you truly want bug free code the *original* programmer has to pay the price in time. and simply testing just doesn't cut it.

this is all IMHO of course and your mileage may vary.

Re:Eclipse has an excellent sanity checker (for ja

[talkingcat]

Take another look at the example bug, which is a problem in Java and C++ - you overlooked the buggy variable name change in the assignment("theVal" instead of "theval"), which means the method argument is ignored. You can introduce the bug in your code thusly:

void setA (int A) { this->a = a; }

though of course it's more insidious when the case shift is hidden in an intercap. Hmm. A single character variable is better. Let's not go there.

Re:How to Avoid Mistakes? Practical Advice? Yes!

[sdowney]

Actually, it does offer some very practical advice. Just not the advice you wanted. Nor is it directed to the line programmer.

This is information that's of use to a team lead trying to decide what modules should receive some attention. Ideally before QA, or worse the customer, finds bugs related to that module.

It's a bit of a truism that sloppy code is buggy code. This paper is showing some solid evidence of that. It's not surprising. If there are simple mistakes in the code that could have been fixed with just a small amount of attention, that indicates that the probability of deeper errors is also greater. It's a Bayesian filter for code, instead of spam.

One of my favorite metrics for finding buggy modules is rather simple. Number of commits on the module. In most of the projects I've worked on, I've found high correlation with number of commits and number of outstanding bugs related to a module. It indicates that the whole module needs to be reworked, rather than the small, incremental, patches that have been applied to it so far. Or that the requirements have drifted from what the code was originally spec'd against, and the code is no longer a good fit.

I've had some programmers argue that it's OK to leave dead code in a system, or unused variables, since the compiler will take care of them. The problem is that the compiler is not the most important audience for the code. The code needs to speak to other programmers. And if it's harder to understand than it needs to be, then the code doesn't do its job.

I saw the light :)

[ochinko]

My bad. This code could never be optimized the way I suggested.

If cam==0, cam->ops is meaningless. In user space it would result in a SIGSEGV. I don't know what would happen in the kernel (oops, panic?)

The way C works the second test is done only when the first gives 'true'. That allows writing the two tests in one 'if' statement.

Re:I saw the light :)

[ethereal]

Oh yeah, and for that reason too. I feel stupid that I didn't notice that first off :)

Re:Eclipse has an excellent sanity checker (for ja

[sir99]

Arrgh, you're right, of course. No excuse for me, I suppose I missed the point then ;-)

Personally, I tend to use either no name, or a descriptive name in function declarations, depending on how obvious the purposes of the arguments are. Then I use single-letter names in function definitions.

It's much harder to get a clash then, since the names in the declaration don't matter at all, and the names used in the code are hard-to-confuse single letters. But then, I've mostly been writing math code lately, where each function doesn't have many arguments, and single letters make sense anyway.

This is serious stuff

[master_p]

This piece of paper shows why coding is not be considered as an easy job!!! and why experience coders should be paid much more...

It also shows why C is a difficult programming language, no matter what others say.

It would also be quite interesting to apply this paper to MS Windows and then compare it to Linux. Then, the power of the open source will be revealed.

Maybe the authors of the paper apply it on MFC...

MACRO expansions ignored?

[numbsafari]

On about page 3 of the article the author is discussing idempotent errors (like assigning a variable to itself). The author points out macros as being a particularly rich source of "false positives" because the expansion and be reduced to an idempotent statement.

As an example he refers to the following line:

"x = ntofs(x)"

which on some machines will reduce down to x=x. The author states that such things were ignored.

It would seem to me that this is still an error, and that the way to resolve it would be to redesign the macro to be something like:

ntofs(x,x)

or

ntofs(x)

that would expand to nothing on machines where x is already in network order. At the very least, this would improve performance on those machines (provided the compiler doesn't make a similar check and remove such lines on its own). Regardless, I would think that would be a better way to resolve the "bug" than to just ignore it.

Just my USD $0.02

Re: macro expansions ignored?

[boots@work]

The changes you suggest would enormously reduce clarity. ntofs(x) or ntofs(x, x) does not indicate that x is updated.

If the macro produces

x = x;

then the compiler can optimize it out.

Obfuscating the code to work around a checker bug (not understanding the conditionality of the macro) is stupid.

Re:and in case there is any doubt

[hobo2k]

Okay, I'm bored, so WTF. Here is the C code in question:

struct waste
{
char* of;
} *time;
time = (struct waste*)rand();
if (!time || !time->of)
{
return 0;
}
time = (struct waste*)rand();
if (!(time && time->of))
{
return 0;
}
return 1;

And here is the resulting assembly generated by VisualC++ with max optimizations (sorry not bored enough to reboot to linux and use gcc):

00406EA0 call _rand (004090b4)
00406EA5 test eax,eax
00406EA7 je WinMain+24h (00406ec4)
00406EA9 cmp dword ptr [eax],0
00406EAC je WinMain+24h (00406ec4)
00406EAE call _rand (004090b4)
00406EB3 test eax,eax
00406EB5 je WinMain+24h (00406ec4)
00406EB7 cmp dword ptr [eax],0
00406EBA je WinMain+24h (00406ec4)
00406EBC mov eax,1
00406EC1 ret 10h
00406EC4 xor eax,eax
00406EC6 ret 10h

Note both if statements are interpreted exactly the same (calling rand was required to keep the compiler from deleting the entire block).

As a bonus the OR form does look more like the assembly output as well as being more readable, imo.

Re:and in case there is any doubt

[John+Harrison]

Kudos to you! You must be seriously bored though. Perhaps a hobby (or a job?) is in order. :)

Dawson Engler

I took a class he was teaching last spring. The girls in the class were all drooling over him.

Dead code is compilation error for Java

[tungwaiyip]

Java actually make some dead code a compilation error (The Java Language Specification 14.20). The author claim redundant assignment signal most bug. Interestly I think some of them can be classified as dead code as well. Fig.3 is obviously contain dead code. For Fig.2, if the example were a more stright forward link list traversal instead of deleting, it would become a dead code case. E.g. for (entry = xxx; entry != NULL entry = entry->next) { /* next = entry->next the redundant assigment is not needed for simple traversal */ ... return 0; } The entry=entry->next would be a dead code. No redundant assignment in this case. Wai Yip Tung

This is called "common sense"

[jabber01]

Am I missing something?

Did these guys just find out that people who write redundant and unreachable code also write generally crappy code, which is likely to comtain logic bugs?

Isn't this just plain obvious? Isn't it like saying that people who don't brush their hair, probably don't brush their teeth either, and don't wash their hands after using the bathroom?

Where do I sign up for some of this research grant money?

Dead code is compilation error in Java

[tungwaiyip]

Java detect some dead code and treat it as compiler error (Java Language Specification 14.20 - Unreachable Statements).

In the paper, some cases classified as redundant assignment are also dead code cases. Fig 3 is a dead code case. Fig 2 is would be a dead code case instead if it is a more straight forward link list traversal case. E.g.

for (entry=priv->lec_arp_tables[i];
entry != NULL;
entry = entry->next)
{
/* next = entry->next; */
....
return 0;
}

the expression entry = entry->next would become dead code.

Wai Yip Tung

How to fix found problems.

[maysonl]

When you find more than one or two of these redundancies (or other errors) per screen of code, the way to fix these and other problems is to throw the bit-rotten code away and rewrite it from scratch (or from specifications).

The grammar and logic redundancy checking system

[spinnster2001]

The grammar and logic redundancy checking system is designed to check for errors caused by overly ambitious or inexperienced paper writers. Our relatively uncontroversial hypothesis is that confused or incompetent writers in English tend to make mistakes. Worse yet, they repeat themselves. We experimentally test this hypothesis by taking a large sample of words written by two programmers and subjecting them to redundancy analysis. In our tests, each page of the academic paper was found to be 45% to 100% more likely to suffer from mistakes in logic and grammar than papers written by graduates in the Humanities. This difference holds across different types of programmers.

With the exception of a few stylized cases, programmers are generally attempting to perform useful work. /* BUG - This statement always evaluates to true. (Or does it?) */ (p.1)
If they perform an action, it was because they believed it served some purpose. /* BUG -- missing ELSE case */ (p.1)
Both statements say the same thing.

This difference holds across different types of redundancies. (p.2)
Of course differences have the distinct quality of being different. This is the sign of an overly cautious academic writer, possibly attempting to make his prose seem non-volatile.

Redundancy correlates with confused programmers who will probably make a series of mistakes. (p.7).
It strongly suggests that redundancies often signal confused programmers. (p.7)
Redundancies seemed to flag confused or poor programmers. (p.9)
Should we conclude that redundancies, confusion, and programmers are highly correlated?

Assuming programmers do not do redundant permission checks... (p.9).
Wasn't it the thesis of this paper that programmers make redundancy errors, and those errors are significant?

In To appear in IEEE Symposium ... (p.10)
Redundancy: in to appear in ?

2) switch conditions with impossible case's (p.5)
The plural of case is cases. True in all cases.

It is hard to believe that this code was ever tested. (p.4)
Or the paper proof-read. Try eliminating that. It's superfluous.

Xie and Engler cite themselves three times in their endnotes.

One final thought: did Xie and Engler run their redundancy checking code on their own redundancy checking code?

Found one...

[jwdb]

Was browsing through the source code of init today and stumbled across this:

<code src="/usr/src/linux/init/main.c">
unsigned long loops_per_jiffy = (1<<12);
#define LPS_PREC 8
void __init calibrate_delay(void)
{
...
loops_per_jiffy = (1<<12);
</code>

Any reason for the duplication?

Jw