Using Redundancies to Find Errors 338
gsbarnes writes "Two Stanford researchers (Dawson Engler and Yichen Xie) have written a paper (pdf) showing that seemingly harmless redundant code is frequently a sign of not so harmless errors. Examples of redundant code: assigning a variable to itself, or dead code (code that is never reached). Some of their examples are obvious errors, some of them subtle. All are taken from a version of the Linux kernel (presumably they have already reported the bugs they found). Two interesting lessons: Apparently harmless mistakes often indicate serious troubles, so run lint and pay attention to its output. Also, in addition to its obvious practical uses, Linux provides a huge open codebase useful for researchers investigating questions about software engineering."
Here's a text link (Score:4, Informative)
http://216.239.37.100/search?q=cache:yuZKW8CjTqIC
Re:Here's a text link (Score:2)
More details / PostScript version (Score:2, Informative)
Appeared in FSE 2002. Finds funny bugs by looking for redundant operations (dead code, unused assignments, etc.). From empirical measurements, code with such redundant errors is 50-100% more likely to have hard errors. Also describes how to check for redundancies to find holes in specifications.
Link to PostScript file for easy viewing/printing
File [stanford.edu]
Errors like... (Score:3, Funny)
Patience! (Score:5, Funny)
Perhaps it's just shy!
Re:Patience! (Score:2, Insightful)
Re:Patience! (Score:3, Funny)
It's not dead - it is resting. It is pining for the fjords.
html (Score:3, Informative)
New slogan (Score:2)
redundant? (Score:3, Interesting)
a=a; and dead code aren't so much redundant as they are superfluous. It's still a sign of possible errors, for sure.
Re:redundant? (Score:2, Insightful)
if (a==1)
{
[some chunk of code]
}
else
{
[same (or almost exact) chunk of code]
}
where the same code block appears multiple times in a file/class/project. By having the same block of code appear multiple times the chance of a user-generated error increases. Easily fixed by moving the repeated code into a parameterized function.
Re:redundant? (Score:4, Insightful)
It's not, keep the code squeaky clean because cleanliness is next to godliness, it's keep the code clean so it's easy to read. Keep it clean because it's a discipline that will pay off when it's time to spot/fix the real errors in the code.
Re:redundant? (Score:2)
That explains why MS is evil!
Just kidding, just kidding..
Re:redundant? (Score:2)
Is this not Obvious (Score:2, Flamebait)
pardon me, but DUH???
Re:Is this not Obvious (Score:5, Informative)
They used a custom checker that finds these things much more effiectivly than lint.
I actually remember the flood of bug reports and kernel patches that toy of theirs generated the first few months they put it to use on the kernel.
How to Avoid Mistakes? Practical Advice? (Score:5, Insightful)
What are some of the best ways to learn to avoid problems? I know that experience is useful. Trial and error is good, mentoring is good, education is good. What else can you think of? What books are useful?
Also, I wonder about usability problems. In other words, this article mainly hits on the problems of "hidden" code, not the interface. I'd like to see more about how programmers stuff interfaces with more and more useless crap, and how to avoid it. (Part of the answer is usability testing and gathering useful requirements, of course.) What do you think about this? How can we attack errors of omission and commission in interfaces?
Re:How to Avoid Mistakes? Practical Advice? (Score:5, Insightful)
I think the lesson here is basically that the compiler is your friend. Turn on all the error checking you possibly can in your development environment and pay attention to every last warning.
If there is something trivial causing a warning in your code--fix it so it doesn't warn, even though it wasn't a "bug". If your compiler output is always pristine, with no warnings, then when a warning shows up if it's a bug you'll notice.
Kind of common sense if you ask me--but maybe that's just a lesson I learned the hard way.
Re:How to Avoid Mistakes? Practical Advice? (Score:5, Insightful)
I'd put it more strongly than that. Reading between the lines of the paper, don't just fix the warning. Look around the place where the warning happened. You'll most likely find a bug.
It's also a call for compilers to generate more warnings, which can only be a good thing.
Re:How to Avoid Mistakes? Practical Advice? (Score:2, Interesting)
That seems pretty practical to me.
The issue you raise about interfaces is only tangentially related. There, you get in to the problem (a very real problem) of confusing coding. This paper does not deal with the issue of whether the code is written well from the point of view of other programmers who need to work with it.
Re:How to Avoid Mistakes? Practical Advice? (Score:2, Funny)
Re:How to Avoid Mistakes? Practical Advice? (Score:2)
There are many products that do code coverage testing such as PureCoverage [rational.com]. Basically they analyze code as it is running and make note of which parts of your code have been executed and which haven't. This is very useful in making sure all possible code paths are tested, and if a code path isn't hit at all it gives you a good indication that you've got a 'dead' patch of code that you might want to look more closely at. Sadly such tools are generally very expensive.
Re:How to Avoid Mistakes? Practical Advice? (Score:3, Insightful)
Well, identifying it as useless crap is a good first step.
And for managers:
while(economy.isDown())
if(newInterface.isUselessCrap())
{
fireEmployee();
hireNextTelecomRefugee();
}
If you want a serious answer, one reason programs get filled with so much useless crap is because 80% of programmers program so they can collect a paycheck. They don't give a flying fuck if their code is good or not. That was a big eye-opener for me when I first got out of school. I couldn't believe how many people just didn't care.
If you are interested at all in not muddying the interface, you are most of the way there. Give it some thought, consult with your peers, and try to learn from mistakes.
Don't be afraid to refactor code every so often, because, schedule or no schedule, new requirements move the 'ideal' design away from what you drew up last month. That's (to my mind) the second largest contributor. Even good coders crumble to cost and schedule, and band-aid code that just plain needs to be rethought. In some environments, that's a fact of life. In others you will have to fight for it, but you can get code rewritten.
Re:How to Avoid Mistakes? Practical Advice? (Score:5, Insightful)
Don't be afraid to refactor code every so often, because, schedule or no schedule, new requirements move the 'ideal' design away from what you drew up last month. That's (to my mind) the second largest contributor. Even good coders crumble to cost and schedule, and band-aid code that just plain needs to be rethought. In some environments, that's a fact of life. In others you will have to fight for it, but you can get code rewritten.
In my experience, programming for an employer is the process of secretly introducing quality. This usually consists of debugging and refactoring on the sly while your pointy-haired boss thinks you're adding 'features'.
Is it just me, or this the way it's done most places?
Re:How to Avoid Mistakes? Practical Advice? (Score:5, Interesting)
I was working on a 300,000-line Windows application, and I am not exaggerating here, it was about 5/6 redundant code. 100-line functions would be copy-and-pasted a dozen times and two lines changed in each. Plus, there were numerous executables to this project and often the same code (with minor variations of course) would exist in different executables.
It was originally written in Borland C++ and the back-end was ported to Visual C++, but all the utility and support functions still existed in _both_ the Borland code and Microsoft code. Worse, they were not identical. Even worse, there was substantial use of STL, which doesn't work the same in Borland C++ (which is an ancient version... circa 1996) and Visual C++.
That and the fact that using strcpy would have been a step up in maintaining buffer integrity, usually they just copied buffers and if one #define was different from a dozen others in completely different places, memory would be toast and we all know how that manifests.
Worse, there was UI code written by someone who completely confused parent windows and base classes, such that the child window classes had all the data elements for the parent window, because they were derived from the parent window class!
I spent an entire week once reviewing every single memcpy, etc, in the entire codebase (which was spaghetti-code in the extreme) just to eliminate all the buffer overruns I was discovering. THe program used a database with about 100 tables (a nightmare of redundancy in itself) and there was a several thousand-line include file of all the field sizes, maintained by hand (with plenty of typos). Eventually, I wrote a util to generate that include file automatically, which of course wasn't appreciated.
I was trying to overcome these difficulties while being barraged with support calls, sometimes critical because this was software to manage access control systems for buildings, meaning I spent 80% of my time fighting fires. You know, situations like: "Our system is down... you need to fix this bug because we've had to hire guards for each door until we can get it back up again."
There was only one other person working with me, and he quit in disgust and was not replaced for about 3 months.
Finally, after stuggling mightily (in time, effort and at the expense of emotional well-being) to overcome the sheer incompetence put into this project (parts of which were 10 years old), I finally gave notice after it looked like my unscrupulous boss (who wrote a lot of this code) was doing everything he could to make it look like my fault to the client (even though they knew better and really liked working with me, precisely because I was not a BS-artist)... and after 15 years over never needing more than two weeks to find good work, I have been unemployed since May 2002.
There's a moral here, but it escapes me.
Re:How to Avoid Mistakes? Practical Advice? (Score:2, Insightful)
Just use this mechanism and you can find thousands of errors in an already tested system.
What impressed me most was something like this.
if( complex statement );
do=that;
Notice the semicolon! This kind of errors are very hard to spot and they can stay in the code forever.
I will propose to use a code-checker like this in our software to improve the quality.
Re:How to Avoid Mistakes? Practical Advice? (Score:2, Interesting)
We spent almost two years with software that was live and on about three occasions during that time we observed a problem that was moderately serious (critical but for the redundancy of the architecture). Now eventually we found the problem, design flaw/bug, but the evidence for the problem was there for all to see a year before the system went live, even in testing. An apparently benign difference in counters between different instances of the same component, that none of us could adequately explain, since they should all have been the same, But all the other counters were identical (these other counters were of a coarser grain and counting different things). If we had found the cause of the difference at the time we would have found the flaw at the time (guaranteed, since it was obvious once one knew the source of the deviation).
That one is the best example that I can think of to demonstrate the "If you can't explain it, it's broken" aspect of software behaviour
Re:How to Avoid Mistakes? Practical Advice? (Score:3, Insightful)
It looks like it's intended for the people who program GCC, perl, kaffe, etc., as they can use this information to build better checking into their respective compilers, rather than for programmers.
Good Design = Tight Code (Score:5, Insightful)
Re:Good Design = Tight Code (Score:2, Insightful)
I'm an old school procedural programmer that is making the rocky transition to OOP programming
I agree whole-heartedly with what you say about code re-use. However I wouldn't see this as being a feature solely of OOP. Get the design right, and you can have some equally tight, highly-reusable procedural code.
Re:Good Design = Tight Code (Score:4, Insightful)
You'll have more functions and the code might be a little harder to follow for the unfamiliar, but it will be much easier to debug if there is only one function that does a particular task.
Ben
And their other findings ... (Score:5, Funny)
Russian errors cause code
Incorrect code causes errors
Missing code causes errors
Untested code causes errors
Redundant codec causes redundancies
Driver code causes headaches
C code causes buffer overflows
Java code causes exceptions
Perl code causes illiteracy
Solaris code causes rashes
Novell code causes panic attacks
Slashdot code causes multiple reposts
Slashdot articles cause poor-quality posts
Microsoft code causes exploits
Apple code causes user cults
Uncommented code causes code rage
RIAA code causes computers to stop functioning
(Poor idea causes long, desperate post)
Re:And their other findings ... (Score:2)
lint is horrible (Score:3, Insightful)
It really is. It's a redundant holdover from ye old BSD versions. Granted, there are one or two times i've used it when -Wall -pedantic -Werror -Wfor-fuck's-sake-find-my-bug-already doesn't work, but a lot of the time it comes up with a LOT of complaints that are really unnecessary. Am i really going to have to step through tens of thousands of lines of code castind the return of every void function to (void)? Come on.
Re:lint is horrible (Score:2)
Re:lint is horrible (Score:2)
Re:lint is horrible (Score:2)
Re:lint is horrible (Score:4, Insightful)
Lint? Lint compains if you call a function that returns an int and you ignore the int. This is particularly irritating in the case of strcpy() and similar functions where you would normally do:
except you're supposed to do:
or...
And that's just the beginning...
Re:lint is horrible (Score:2)
Re:lint is horrible (Score:4, Insightful)
Re:lint is horrible (Score:3, Informative)
Re:lint is horrible (Score:4, Insightful)
No, it isn't. I took a legacy application that I began maintaining and used lint to eliminate hundreds of lines of code and several real never-before-detected bugs. It also encouraged me to remove dozens of implicit declarations and redundant "extern" statements in favor of real header files. The application really is better for it, and to do this work without lint would have been very very tedious. Granted, my experience is with Sun's compiler's lint, so I can't say whether other implementations are as good.
Actually, all of lint's complaints are about a potential problem. You just have to decide what is worth the time to fix.
Using lint is a deliberate process that should take several days or weeks for a large application (on the first time through). After that initial investment, using lint is still an important part of the ongoing health of the program, but it should become less and less of an effort each time.
Re:lint is horrible (Score:2, Insightful)
Re:lint is horrible (Score:2)
And mods, give this guy a few plus points on me.
DARPA? (Score:2)
Must be for that new lean, mean killing machine they've been asking for.
Well, duh! (Score:2)
Most prevalent source of redundant code.... (Score:2, Funny)
Now, if you'll excuse me, I've got to get back to my text editor project.
Finding errors in your code (Score:3, Funny)
Well, at least that's how I finish all my projects.
Intentional redundant code (Score:5, Funny)
x += 0;
x += 0;
x += 0;
x += 0;
x += 0;
x += 0;
It actually caused a bug 'cuz they accidentally left the '+' off one of the lines. What an idiot.
Re:Intentional redundant code (Score:5, Insightful)
Was the manager asking for lines of code/day fired too?
Re:Intentional redundant code (Score:2)
Re:Intentional redundant code (Score:5, Insightful)
Re:Intentional redundant code (Score:2)
Ahh...so your boss pays you per removed line
Sorry, couldn't resist this lame joke.
Redundancy? (Score:3, Funny)
Saw his talk at FSE (Score:5, Interesting)
By making assumptions about the program and checking the consistency of the program, his tool finds lots of problems. For instance, assume there is a function named foo that takes a pointer argument. His tool will notice how many of the callers of foo treat the parameter as freed versus how many treat the parameter as unfreed. The bigger the ratio, the more likely the 'bad' callers are to represent a bug. It doesn't really matter which view is correct. If the programmer is treating the parameter inconsistently, it is very likely a bug.
He also mentioned that counter to his expectations, the most useful part of his tool was to find 'local' bugs. By local, I mean bugs that are local to a single procedure. They are both easier for the tool to find, more likely to actually be bugs, and much easier for the programmer to verify if they are in fact bugs.
He analyzed a couple of the 2.2.x and 2.4.x versions of the kernel and found hundreds of bugs. Some of them were fixed promptly. Others were fixed slowly. Some were fixed by removing the code (almost always a device driver) from the kernel. Others he couldn't find anyone that cared about the bug enough to fix it. He was surprised at the amount of abandonware in the Linux kernel.
It is extremely frustrating that Dawson won't release his tool to other researchers (or even better to the open source community at large). Without letting other people run his tool (or even better modify it), his research ultimately does little good other than finding bugs in linux device drivers. *heavy sigh* Oh well, eventually someone WILL reimplement this stuff and release it to the world.
On a snide comment, if he was a company he would no doubt have been bought by Microsoft already. Intrinsa was doing some interesting stuff with static analysis and now after they were bought a couple of years ago, their tool is only available inside of Microsoft. *sigh*
Re:Saw his talk at FSE (Score:2, Interesting)
There's probably a bunch of reasons why he hasn't done this. The most likely one is that he's using it as a research tool, and he doesn't want someone else to beat him to the punch in his research. A second is that it's probably not really in a fit state for sharing as yet (the tool is not the goal of the research, after all).
He's got a bunch of papers up describing how the tool works, so it can be reimplemented. Also, if he's like most academics, he'll probably talk your ear off if you ask him how it works.
Re:Saw his talk at FSE (Score:2, Insightful)
This is not a valid reason, I know a lot of people (including me) that would be happy to improve his research code into something useful for the community at large. I remember a paper describing a gcc extension to write semantic checks (for instance, reenable interrupts after disabling them). This program found an amazing number of bugs in the linux kernel. I really wish I could have something like that at hand!
Re:Saw his talk at FSE (Score:2)
If unnecessary code is "redundant" (Score:2, Interesting)
That didn't make any sense at all! (Score:2)
Interestingly enough, 163% zoom doesn't cause the problem, nor does 165%. After a bit of experimenting i couldn't find any other isolated case that had the same results. There's a sudden transition to illegibility at 131%, but everything below that is also illegible. 164% is just odd, strange that that happened to be picked as the default when i opened it.
Double posting (Score:2)
"redundancies ... correlate with ... errors" (Score:2, Interesting)
Hopefully, we can expect much more of such valuable breakthroughs from the academic community in the future, complete with papers full of badly formatted C code!
Rates a 10 on the DUH scale... (Score:2)
Linux for research (Score:2, Informative)
An example of such is http://plg.uwaterloo.ca/~migod/papers/evolution.p
heed all warnings (Score:3, Insightful)
Second, use standard idioms. For some, that may mean learning the standard idioms. These should become second nature. Programmers should express their creativity in the logic, structure, and simplicity of the code, not the non standard grammar. Standard forms allow more accurate coding and easier maintenance.
[OT] Speaking of redundant fault tolerances... (Score:2)
Re:[OT] Speaking of redundant fault tolerances... (Score:2)
Smatch (Score:4, Interesting)
The poster mentions Lint, but I did not have any success using Lint on the kernel sources. The source is too unusual.
Also Lint does not look for application specific bugs. For example, in the Linux kernel you are not supposed to call copy_to_user() with spinlocks held. It took me about 10 minutes to modify one my existing scripts [sourceforge.net] to check for that in the Linux kernel last Monday. It found 16 errors. (It should have found more but I was being lazy.)
A lot of the time, you can't tell what will be a common error until you try looking for it. One funny thing was that there were many places where people had code after a return statement. On the other hand, I didn't find even one place where '=' and '==' were backwards.
It's fascinating stuff playing around with this stuff. I have been learning a lot about the kernel through playing around with Smatch.
Re:Smatch (Score:4, Interesting)
It wasn't clear if you submitted it.
Btw, I'm mulling with the idea of writing a write-time checker that would do a lot of this sort of stuff but as you are coding. That way your favourite editor can underline errors (like a spell checker does).
One of the things I was most interested in doing was number-ranges. Basically if you have a for-loop that loops x between 0 and say 10, then inside that for-loop you know x=[0-10]. Then you can check if you access an array outside of those bounds.
Do you have any idea how useful this would be? Or any ideas if it has been done, or anything?
It is an area that really interests me, but that I have no knowledge about
JohnFlux
Comparison to Redundant and Unused DNA Code? (Score:3, Interesting)
DNA code also has high redundancy, which allows error-correcting transcription and other hacks ( see Parity Code And DNA [slashdot.org] or DNA's Error Detecting Code [slashdot.org])
In both cases factors yielding robust DNA code are found to indicate bad digital computer code.
flip
(background: Ars Technica's Computational DNA primer [arstechnica.com]
Where there's smoke, there's fire (Score:4, Insightful)
The paper is not about obvious code redundancy bugs, it is about subtle errors which are not as simple as just duplicate code. It is about code that *appears* to be executed but actually is not.
Go take a look at the examples and see how long it takes you to notice the different errors...now imagine have a thousand pages of code to peruse..would you catch it? Many of them probably not.
The conclusion of the paper is basically, errors cluster around errors; finding a trivial unoptimal syntactical constructions tends to point to real bugs.
Where there's smoke, there's fire.
Even the smallest program... (Score:2, Funny)
- Every programs contains bugs.
- Every program contains redundancies and so can be made smaller without changing behavior.
Therefore the empty program is redundant but still buggy.Related research at Berkeley: CQual (Score:2, Informative)
It's been used to find security holes.
Parallel programming 101 (Score:4, Interesting)
if (!cam || !cam->ops)
return -ENODEV;
if (down_interruptible(&cam->busy_lock))
return -EINTR;
if (!cam || !cam->ops)
return -ENODEV;
Their comment: 'We believe this could be indication of a novice programmer...blabla...shows poor grasp of the code'.
BZZZZZZZZZT
Nice try kids, but unlike you, this piece of code was probably written by an experienced guy that has actually written code for parallel systems before. Since it's tricky, you would be excused if not for the 'novice programmer' comment above and the fact that the code itself says it's there for SMP safety.
Here's a hint: UNTIL you acquire the lock on 'cam', any other process can change the value, including at the point BETWEEN the first check and the acquisation of the lock.
--
GCP
Re:Parallel programming 101 (Score:2, Informative)
Gee, reread yourself... Sorry but they're 100% right. If they could acquire the lock, cam and cam->ops cannot be NULL due to the first check.
BTW, in 2.4.18, the code now looks like this for this same function:
struct cam_data *cam = dev->priv; int retval; if (!cam || !cam->ops) return -ENODEV; DBG("cpia_mmap: %ld\n", size); if (size > FRAME_NUM*CPIA_MAX_FRAME_SIZE) return -EINVAL; /* REDUNDANT! */
if (!cam || !cam->ops)
return -ENODEV; /* make this _really_ smp-safe */
if (down_interruptible(&cam->busy_lock))
return -EINTR;
Re:Parallel programming 101 (Score:3, Insightful)
I suggest you check out Dawson Engler's resume; he has almost certainly done 10x more parallel-systems development than you have. This particular code example might be a bad one, because the analysis that supports the author's conclusion [slashdot.org] is omitted from the article, but the basic point is still valid: code that contains duplicate condition checks like those in the example is more likely to contain real bugs than less duplicative code, and the "low-hanging fruit" can be identified automatically. It's not hard at all to see how deeper analysis, different rules, or annotation could do a better job of weeding out false duplicates without compromising the tool's ability to flag legitimate areas of concern.
You're arguing about low-level implementation, when the author was trying to make a point about a high-level principle. That's the hallmark of an insecure junior programmer.
What papers have you published? (Score:4, Interesting)
These researchers obviously have a good hold on compiler technology, since they implemented their checkers with xgcc. They also seem to understand logic quite well, since their code uses and extends on gcc's control-flow analysis algorithms. And they do, actually, understand what's going on here.
As for your particular example, the check really is redundant, but it was almost definitely intentional. It's true that another processor could change the cam variable between the first check and the lock -- but taking the first check out would have no impact on the functionality or correctness of the code. It's just a performance enhancement so that the routine can exit early in the error case, without the overhead of locking the lock. Removing the bit of redundant code would just add a little overhead to the error case.
In short, their checker found a true redundancy. They may have not realized its purpose since they don't have specific experience with this kind of parallel programming, but it's a redundancy. If you had actually read the paper instead of merely glancing over it, you would have seen that their checker respects the volatile nature of variables declared as such -- the checker is fully aware that a second thread can change the value between one operation and the other -- and it still figures out that the check is redundant.
Here's a hint: don't go around claiming people are fools unless you've got some evidence. These guys had hundreds and hundreds of bugs to go through, and expecting them to perfectly analyze every last one of them is unfair.
Oh, and -10 points for using "BZZZZZZT".
Eliminate Redundancies with AspectJ (Score:2, Informative)
Error in paper (Score:4, Insightful)
/* 2.1.1/drivers/net/wan/sbni.c:sbni_ioctl */
slave = dev_get_by_name(tmpstr);
if(!slave && slave->flags & IFF_UP && dev->flags & IFF_UP))
{
return -EINVAL;
}
if (slave) {
/* BUG: !slave is impossible */
else {
return -ENOENT;
}
This is characterized in the caption as an example of "overly cautious programming style" for the redundant "else" in the "if (slave)..." statement. The text goes on to mention that these are "different error codes for essentially the same error, indicating a possibly confused programmer."
The mistake the authors make here is that the two error codes are intended to flag rather different conditions, which the caller of this function may well be set up to handle in different ways. I'm not familiar with Linux device drivers, so I'm making some guesses here about the purpose of what various components of this code are doing. dev_get_by_name appears to be looking up the name of a device in a table and returning a pointer to a structure containing information about that device. Clearly, ENOENT is intended to indicate that no device of the name supplied was found in the table, and EINVAL was supposed to indicate that a device was found, but that there was some condition that invalidated the information.
I don't think this programmer was confused, but he *was* sloppy, likely rushed, and trying to add a feature in the fewest lines possible. The probably scenario was as follows: The check for (slave) being non-NULL was in place. Then a programmer comes along to add the checks against the IFF_UP mask. (IFF_UP: I Find Fuck-UPs?) The code that's executed if "slave" is non-NULL *shouldn't* be executed if this check finds a problem, so he puts the check first. But he doesn't want to dereference a NULL pointer, so he does the reflexive C thing and places a check for the nullity of "slave" at the beginning of the logical expression. (The first term in an "&&" operation is evaluated first, and if it's false the rest of the expression is ignored.) He simply failed to notice the effect on the "else" clause following "if (slave)". Or perhaps he didn't see it; the author of the paper cut out all the code there, and the "else" could have been many lines down the page.
What the programmer should have written was:
if (slave) {
if (!(slave->flags & IFF_UP && dev->flags & IFF_UP)) {
return -EINVAL;
}
}
else {
return -ENOENT;
}
Perhaps this makes it clearer that the function was in fact trying to check for two very distinct error conditions here.
Re:Error in paper (Score:3, Informative)
Many Eyes Make Linux Work (Score:3, Interesting)
And confirms the "many eyes make few bugs" feature of Open Source.
A pity these guys won't release their tester for general use. However, according to other posters, there are similar tools which are Open Source. Would it be worthwhile setting up a facility on Sourceforge to run such tools automatically on the compile farm? Obviously, Project owners would have to sign up for the service, but the habit of regularly running checkers is surely to be encouraged.
It would probably only work for people like me who treat all warnings as serious. I believe in the "Quiet, dark cockpit" as Airbus put it - if the normal state is no messages but all messages are enabled, you hear of problems much earlier in the development cycle.
redundancy is the root of all (ok, most) evil (Score:2, Insightful)
If a programmer learns to be extremely picky about redundancy, and structures most of his code with the goal to be non-redundant, he will automatically avoid the great majority of programming problems. He will have highly maintainable code, as his code will be perfectly factored (as the XP folk would say), and he will get a very decent bottom up design without even having to think about it (perfectly factored code often entails good abstraction, and abstraction at the right level).
It isn't a panacea but I sincerely believe it is one of the most important things for any programmer. Most programmers will claim that avoiding redundancy is "obvious", but very few apply this rule consistently and thoroughly.
Copy and Paste (Score:2)
Dead code (Score:2, Insightful)
Is this dead code going to get removed?
No.
Why not?
Because, one, it's only an opinion that it's dead code. There could be some obscure case that no one imagined that could use it. Two, if some programmer removed it and it turned out that it was needed or the programmer screwed up the removal, the programmer would be blamed and take a lot of grief for it. If it ain't broke, don't fix it.
Now, it could be that the dead code doesn't work properly for the obscure case. But how could you tell? Do you want to write a test case for code that no one can figure out how it gets invoked?
Re:Dead code (Score:3, Insightful)
And for the java programmers ... (Score:3, Interesting)
Removing dead code... (Score:5, Insightful)
Like more aphorisms, you can argue this, but my point is this - every line of code in a program is a potential bug. Every line of code requires a bit more grey matter to process, making your code just that much more difficult to understand, debug, and maintain.
So I ruthlessly remove dead code. Often, I'll see big blocks like this:
#ifdef old_way_that_doesnt_work_well
blah;
blah;
blah;
#endif
And I will summarily remove them. "But they were there for archival purposes - to show what was going on" some will say. Bullshit! If you want to say what didn't work, describe it in a comment. As for preserving the code itself - that is what CVS is for!
By stripping the code down to the minimum number of lines, it compiles faster, it checks out of and in to CVS faster, and it is easier to understand and maintain.
I will often see the following in C++ code:
void foo_bar(int unused1, int unused2)
{
unused1 = unused1;
unused2 = unused2;
}
And I will recode it thus:
void foo_bar(int , int )
{
}
That silences the "unused variable" warning, and makes it DAMN clear in the prototype that the function will never use those parameters. (True, you cannot do this in C.)
Code should be a lean, mean state machine - no excess fat. (NOTE - this does NOT me remove error checking, #assert's, good debugging code, or exception handlers).
A good editor... (Score:4, Funny)
vi! (Score:4, Funny)
Re:I have no idea what this article means ! (Score:5, Insightful)
"Dead" or unreachable code is almost always caused by patches or fixes to an existing codebase and it's always good to detect and get rid of it because it may point to other problems in the application (in my experience), or is simply dead wood that should be removed.
Re:I have no idea what this article means ! (Score:3, Insightful)
Re:I have no idea what this article means ! (Score:3, Interesting)
The problem is that if the code can't be tested, it cannot be trusted and if *somehow* that code got executed while operational, the results could be "bad".
Re:I have no idea what this article means ! (Score:3, Informative)
That paper explored the hypothesis that redundancies, like type erros, flag higher-level correctness mistakes. They evaluated the approach using four checkers which they applied to the Linux operating system. These simple analyses found many superising (to them) error types. Further, those errors correlated well with known hard errors: redundancies seemed to flag confused or poor programmers who were prone to other error types. According to them, these indicators could be used to decide where to audit a system.
Re:I have no idea what this article means ! (Score:2)
Daniel
Re:Using redundant code to find errors (Score:3, Funny)
lclint pointer incorrect... (Score:3, Informative)
Larch FTP Site
January 28, 1999
Many files formerly on this site were moved elsewhere after a disk
crash in March, 1998.
The LCLint distribution can be found at
ftp://ftp.sds.lcs.mit.edu/pub/lclint
or http://www.sds.lcs.mit.edu/lclint
Re:Analysis "by file" vs "by function"? (Score:3, Insightful)
They are using analysis techniques to locate bugs at specific points within the parse-tree.Hence, they are locating bugs within specific functions rather than just files. As all of their examples showed. Sure, its a nice point. But it is what they are doing.
Re:Interesting Research (Score:2)
They're not an outside group. If you track their histories - Dawson Engler studied under Frans Kaashoek who studied under Andrew S. Tanenbaum who is the father of Minix which is the precursor to Linux. They're all fairly famous in their line of work and have done massive amounts of work & research that usually ends up in a bsd, unix or linux.
Re:peace in the world (Score:2, Offtopic)
Perhaps you'd have better luck if more of the Americans in Afghanistan were actually looking for Osama and not building an oil pipeline.. or was that the real objective here all along?
Re:I Hope They Didn't Get Paid (Score:5, Insightful)
Here's an example they cite from the Linux kernel:That last line assigns a variable to itself. Do you think that's what the programmer intended? Of course not. It's a bug. But no one caught it. If not for their program, maybe it would never have been caught.
You think this research is useless? Do you always write bug-free code? Maybe you should run this program on your own code and see what happens.