Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mountain Biking Helps Squash Bugs

Posted by timothy on from the so-do-big-grins dept.

Dr.Milius writes "Henning Brauer of the OpenBSD project recently made an interesting post to the openbsd-tech mailing list about how a mountain bike ride helped him relate two baffling bugs in their new BGP and NTP daemons. It turns out they were both off-by-one errors that were easy to fix but notoriously difficult to spot. Always great when the experts show us how it's done."

30 of 82 comments (clear)

  1. RTFB by Anonymous Coward · · Score: 5, Funny

    Ride the fucking bicycle.

  2. works for anything by Anonymous Coward · · Score: 3, Insightful

    if you can't figure it out, stop trying so damn hard and just do something else.

  3. road bike.. by MoOsEb0y · · Score: 5, Funny

    I wonder what effect a road bike would have upon bugs? I mean, one could go faster in the flats where bugs are likely to reside, but at the same time, wider tires would allow one to run over more ants. Oh, the dillemmas!

  4. This is news? by agent+dero · · Score: 4, Informative

    This is something well known to work. It's not the bike riding, it's the act of "taking a break from the problem." Think back to the origins of "Eureka!"

    I, for example, will often go grab a Coke, talk to people, etc, and somewhere along the line, by _not_ focussing so hard on the problem, I come up with the answer.

    --
    Error 407 - No creative sig found
    1. Re:This is news? by Anonymous Coward · · Score: 4, Insightful

      Many of the problems I deal with, I get that Eureka moment while on the toilet.

    2. Re:This is news? by c13v3rm0nk3y · · Score: 4, Funny

      It's not the bike riding, it's the act of "taking a break from the problem."

      I'll second that. I do some of my best coding in the bathtub, sans the dangerous electronics, of course.

      --
      -- clvrmnky
  5. not difficult to spot at all by jeif1k · · Score: 5, Insightful

    It is ironic that people, on the one hand, fool themselves into thinking that these things don't happen to them, and on the other hand, have to go off bug hunting for days to find "baffling bugs". How much more productively could that development time have been spent?

    Face it, memory corruption bugs, off-by-one-errors, and all that, happen to even the most experienced and careful programmers. The way to deal with them is to use programming languages that detect them reliably. In different words, we need to retire C or fix C.

    And, no, "retiring C" doesn't mean switching to Java or C#. Instead, it means switching to a systems programming language that has error checking by default but still gives you all the low-level features you need when you need them. There have been a number of such languages over the years, but, unfortunately, they were all killed by C, not because C was better, but because C shipped with UNIX.

    1. Re:not difficult to spot at all by Homology · · Score: 4, Informative
      The OpenBSD developers does not fool themselves into thinking that they don't make mistakes. Several of the techniques they use, like privilege revocation and privilege separation is to lessen the impact of programming mistakes, including their own. Theo de Raadt recently gave a talk on Exploit Mitigation Techniques

      As for not using C, I've read that Theo de Raadt likes the compiler and language that is used in Plan 9. Can't use it due to license problems, though.

    2. Re:not difficult to spot at all by Homology · · Score: 4, Informative

      Most likely the C-dialect compiler that Plan 9 uses. But the AT&T license is too restrictive for Plan 9 code to be imported into BSD, as far as I know.

    3. Re:not difficult to spot at all by ufnoise · · Score: 3, Informative
      Face it, memory corruption bugs, off-by-one-errors, and all that, happen to even the most experienced and careful programmers. The way to deal with them is to use programming languages that detect them reliably. In different words, we need to retire C or fix C.


      There are debugging tools out there which reliably find these bugs in C/C++ and FORTRAN. For example:
      purify (not free)
      valgrind (free)

      Tools such as these help to find problems, while avoiding the inefficiency of array bounds checking on each access.

    4. Re:not difficult to spot at all by Xenophon+Fenderson, · · Score: 5, Insightful

      How is bounds checking inefficient if it protects you from nasty off-by-one errors and evil buffer overflows? Or are you one of those short-sighted programmers who believes cheap CPU clock time is more important than very expensive human time (i.e. time wasted dealing with crappy programming languages and debugging stupid bounds problems, or worse, money lost because a critical bit of information was destroyed, altered, or disclosed due to a buffer overflow vulnerability)?

      And yes, those were both rhetorical questions. I am sick and tired of crappy, bug-ridden software that doesn't do proper input and bounds checking. As far as I'm concerned, it's the programmers fault, either because she didn't write the bounds checks in manually or because he's not using a modern programming language (where "modern" == "not a glorified assembler"). You all aren't Mel, who can write practically perfect programs while sleepwalking, so don't give me a load of crap about how bloated your program would be if it was actually written properly. As a computer security guy, I am sick and tired of cleaning up after the exploits you all apparently work so hard to code into your software.

      </rant>

      --
      I'm proud of my Northern Tibetian Heritage
    5. Re:not difficult to spot at all by Profound · · Score: 2, Informative

      You can use use C++ STL vectors with at() when you want bounds checking or use a direct index when you don't. Thus you can keep the backwards compatability with C and have the choice of sacrificing safety for speed when you need it.

    6. Re:not difficult to spot at all by setagllib · · Score: 2, Informative

      Mel: http://www.catb.org/jargon/html/story-of-mel.html

      No debugging tools there, if any tools at all.

      --
      Sam ty sig.
    7. Re:not difficult to spot at all by tedu · · Score: 4, Insightful

      have you used purify/valgrind? as far as "avoiding the inefficiency of array bounds checking on each access" they pretty much suck. performance is nowhere close to what could be considered "production" level.

    8. Re:not difficult to spot at all by tedu · · Score: 4, Insightful

      no amount of "error checking" would have helped. this wasn't a buffer overflow off by one. it was ref count.

      yeah, garbage collection would help, but C with GC is not a "systems programming language with error checking".

    9. Re:not difficult to spot at all by ufnoise · · Score: 2, Informative

      Yes I have. I only use them when I am debugging. Then I don't need to implement array bounds checking on the "production" version of the code.

    10. Re:not difficult to spot at all by jeif1k · · Score: 2, Interesting

      The C dialect in Plan 9 is not very different from ANSI C; it doesn't address safety or security issues. Alef, on the other hand, looks pretty similar to C, but I believe is considerably safer than C.

    11. Re:not difficult to spot at all by jeif1k · · Score: 2

      Yes, if you use C++ with a decent class library and good programmers, you get good runtime safety. The problem with C++ is that if you have a large project with lots of ex-C programmers, they sneak in unsafe code everywhere and usually don't even understand that they are doing so.

      Nevertheless, it would probably be a big step forward if Linux and BSD allowed C++ code in the kernel.

  6. Not new... by HawkingMattress · · Score: 2, Insightful

    Every developper knows that...
    It happened to each of us, no need to be an expert or something: the bug drives you nuts, and you end up saying "fsck that" and go out, totally out of ideas. Then you smoke your cigarette of whatever, or go for a walk. And because you've sort of given up, you start to look at the problem in a different way, probably also because you're not in front of your screen and your brain is more "free", you realize that there are some obvious things that you didn't checked... And 5 minuts later, there is no more bug. That's why i go out to smoke a cig every hour (well not really, but still, it's a nice excuse ;)

    Besides, if you look at the well known "eureka" moments, it seems they all happened when the person was relaxing. Maybe we should be forced to relax each time we're facing an intellectual difficulty, really...

    1. Re:Not new... by bondjamesbond · · Score: 2, Funny

      ...and having sex works well - if you can get it, that is.

  7. taking a crap by endx7 · · Score: 4, Funny

    Hmm. Well, I did figure out how I wanted to implement a portion of my code when I was taking a crap recently.

    1. Re:taking a crap by r_j_howell · · Score: 4, Funny

      I had a good friend at school remark to me that ALL his best programming ideas came to him in the bathroom. Mine generaly don't. But you couldn't tell that from looking at some of the stuff I've churned out.

  8. Bake Cookies! by maskedbishounen · · Score: 4, Interesting

    On the food aspect, whenever I run into coding problems, I go bake cookies. Helps if you have a near by oven and supply of dough, of course, but it gives you a good 30 minutes to stop and focus on something else. I usually end up pacing around while they bake, looking out the windows, looking around the kitchen, and more oft than not have a viable solution in addition to some fresh cookies when I go back to coding.

    --
    "An infinite number of monkeys typing into GNU emacs would never make a good program."
  9. *yawn* by Estanislao+Mart�nez · · Score: 2, Insightful

    Extremely commonplace sort of phenomenon. You work on some problem really hard, then at some point where you're not working on it, the solution comes in a flash. Happened to me last week with a mysterious bug.

    --

    Are you adequate?

  10. hard-to-find bugs are often the easiest to fix by cpeterso · · Score: 2, Interesting


    I often find that the bugs that are most difficult to find are the easiest to fix. They are often some tiny corner case in one line of code that someone never thought of.

    In the last product I worked on, we had a killer crash bug that different developers spent WEEKS investigating it, giving up, and then "hot potatoing" the bug to another developer. About two months later, I finally fixed the bug. A BSTR allocated using SysAllocString() should have been freed using SysFreeString(), but it was being "freed" using COM's CoTaskMemFree(). This would corrupt COM's heap causing random COM crashes in unrelated code much later! :(

    --
    cpeterso
    1. Re:hard-to-find bugs are often the easiest to fix by Detritus · · Score: 2, Interesting

      This class of bug, and some others, can be prevented if the free routine checks the to-be-freed memory chunk for validity. I've done this in some embedded systems by setting a hidden magic number in each memory chunk that is allocated. The free routine checks for the magic number before it touches it. If the magic number isn't there, it generates an alarm message and returns an error code to the caller. Unique magic numbers can be used for each class of buffer, and to indicate whether the buffer is free or in-use.

      --
      Mea navis aericumbens anguillis abundat
  11. Yes! by agentk · · Score: 2, Informative
    First, when maintaining counters for list/queue/... entries, don't fuck with either the counter or the list directly anywhere; use wrapper functions that take care for both (not using a counter/list pair is not an option in many, including these two, cases).

    Yes! This can make tweaking your overall algorithm or approach so much easier as well, if these wrapper functions are there, and well defined in their actions. You can never have *too short* a function!

    --

    VOS/Interreality project: www.interreality.org

  12. Hummm.... by utlemming · · Score: 2, Funny

    I guess that means that there is actually a Bikeshed. Who would have figured? And I thought that it was just proverbial...

    --
    The views expressed are mine own and do not express the views of my employer.
  13. Re:really stupid by sgant · · Score: 2, Funny

    sheesh, lighten up...

    --

    "Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
  14. Re:really stupid by BillyBurrito · · Score: 2, Insightful

    ok