Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Redundancies to Find Errors

Posted by timothy on from the the-error-is-right-around-here dept.

gsbarnes writes "Two Stanford researchers (Dawson Engler and Yichen Xie) have written a paper (pdf) showing that seemingly harmless redundant code is frequently a sign of not so harmless errors. Examples of redundant code: assigning a variable to itself, or dead code (code that is never reached). Some of their examples are obvious errors, some of them subtle. All are taken from a version of the Linux kernel (presumably they have already reported the bugs they found). Two interesting lessons: Apparently harmless mistakes often indicate serious troubles, so run lint and pay attention to its output. Also, in addition to its obvious practical uses, Linux provides a huge open codebase useful for researchers investigating questions about software engineering."

8 of 326 comments (clear)

  1. Patience! by houseofmore · · Score: 5, Funny

    "...dead code (code that is never reached)"

    Perhaps it's just shy!

  2. Good Design = Tight Code by chewtoy-11 · · Score: 5, Insightful

    Writing repetitive code only once offers the same benefits as using Cascading Style Sheets for your webpages. If there is a serious error, you only have to track it down in the one place where it exists versus every single place you re-wrote the code. Also, it makes adding features much simpler as well. I'm an old school procedural programmer that is making the rocky transition to OOP programming. THIS is where it starts coming together...

    --
    C. Griffin
    "Can I keep his head for a souvenir?" --Max from Sam 'N Max Freelance Police
  3. And their other findings ... by kruetz · · Score: 5, Funny

    They also found that:

    Russian errors cause code
    Incorrect code causes errors
    Missing code causes errors
    Untested code causes errors
    Redundant codec causes redundancies
    Driver code causes headaches
    C code causes buffer overflows
    Java code causes exceptions
    Perl code causes illiteracy
    Solaris code causes rashes
    Novell code causes panic attacks
    Slashdot code causes multiple reposts
    Slashdot articles cause poor-quality posts
    Microsoft code causes exploits
    Apple code causes user cults
    Uncommented code causes code rage
    RIAA code causes computers to stop functioning
    (Poor idea causes long, desperate post)

    --

    This sig intentionally left bla... dammit!
    Who's got the whiteout?
  4. Intentional redundant code by 1nv4d3r · · Score: 5, Funny
    I've seen this (they were fired the next month):

    // and now to boost my LOC/Day performance...
    x += 0;
    x += 0;
    x += 0;
    x += 0;
    x += 0;
    x += 0;

    It actually caused a bug 'cuz they accidentally left the '+' off one of the lines. What an idiot.

  5. Saw his talk at FSE by owenomalley · · Score: 5, Interesting

    I saw Dawson's talk at FSE (Foundations of Software Engineering). He uses static flow analysis to find problems in the code (like an advanced form of pclint). The most interesting part of his tool is in the ranking of the problem reports. He has developed a couple of heuristics that sort the problems by order of importance and they supposedly do a very good job. Static analysis tools find most of their problems in rarely run code, such as error handlers. Such problems are problematic and sometimes lead to non-deterministic problems, which are extremely hard to find with standard testing and debugging. (This is especially true, when the program under consideration is a kernel.) Dawson also verifies configurations of the kernel that no one would compile, because he tries to get as many possible drivers at the same time as he can. The more code, the better the consistency checks do at finding problems.

    By making assumptions about the program and checking the consistency of the program, his tool finds lots of problems. For instance, assume there is a function named foo that takes a pointer argument. His tool will notice how many of the callers of foo treat the parameter as freed versus how many treat the parameter as unfreed. The bigger the ratio, the more likely the 'bad' callers are to represent a bug. It doesn't really matter which view is correct. If the programmer is treating the parameter inconsistently, it is very likely a bug.

    He also mentioned that counter to his expectations, the most useful part of his tool was to find 'local' bugs. By local, I mean bugs that are local to a single procedure. They are both easier for the tool to find, more likely to actually be bugs, and much easier for the programmer to verify if they are in fact bugs.

    He analyzed a couple of the 2.2.x and 2.4.x versions of the kernel and found hundreds of bugs. Some of them were fixed promptly. Others were fixed slowly. Some were fixed by removing the code (almost always a device driver) from the kernel. Others he couldn't find anyone that cared about the bug enough to fix it. He was surprised at the amount of abandonware in the Linux kernel.
    It is extremely frustrating that Dawson won't release his tool to other researchers (or even better to the open source community at large). Without letting other people run his tool (or even better modify it), his research ultimately does little good other than finding bugs in linux device drivers. *heavy sigh* Oh well, eventually someone WILL reimplement this stuff and release it to the world.

    On a snide comment, if he was a company he would no doubt have been bought by Microsoft already. Intrinsa was doing some interesting stuff with static analysis and now after they were bought a couple of years ago, their tool is only available inside of Microsoft. *sigh*

  6. Re:Is this not Obvious by gmack · · Score: 5, Informative

    If only the story poster had actually read the paper.

    They used a custom checker that finds these things much more effiectivly than lint.

    I actually remember the flood of bug reports and kernel patches that toy of theirs generated the first few months they put it to use on the kernel.

  7. Re:How to Avoid Mistakes? Practical Advice? by sbszine · · Score: 5, Insightful

    Don't be afraid to refactor code every so often, because, schedule or no schedule, new requirements move the 'ideal' design away from what you drew up last month. That's (to my mind) the second largest contributor. Even good coders crumble to cost and schedule, and band-aid code that just plain needs to be rethought. In some environments, that's a fact of life. In others you will have to fight for it, but you can get code rewritten.

    In my experience, programming for an employer is the process of secretly introducing quality. This usually consists of debugging and refactoring on the sly while your pointy-haired boss thinks you're adding 'features'.

    Is it just me, or this the way it's done most places?

    --

    Vino, gyno, and techno -Bruce Sterling

  8. Re:I Hope They Didn't Get Paid by Temporal · · Score: 5, Insightful
    Read the paper, will you? Of course good programmers don't write redundant code... at least, not intentionally. So, when you do see redundant code in a program, it is more likely a typo, and if it's a typo, it is likely a bug. So, if you have a program which detects redundant code, it will likely find bugs for you. They wrote such a program. It found hundreds of bugs in the Linux kernel.

    Here's an example they cite from the Linux kernel:
    /* 2.4.1/net/appletalk/aarp.c:aarp_rcv */
    else { /* We need to make a copy of the entry. */
    da.s_node = sa.s_node;
    da.s_net = da.s_net;
    That last line assigns a variable to itself. Do you think that's what the programmer intended? Of course not. It's a bug. But no one caught it. If not for their program, maybe it would never have been caught.

    You think this research is useless? Do you always write bug-free code? Maybe you should run this program on your own code and see what happens.