Re: how to make code stay invariant

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 25 Jul 2006, Rolf Schumacher wrote:

John, we're living in a real world. I can tell:
you can't say: retest 100000 lines of code
upon a small change. Believe me.

That's why you do Test Driven Development with a test harness to run all
automated tests.

It really really does work in very real world environments with even
larger code bases. It really really does improve design. You really can
rerun all tests on 100000 lines of code.

If you can't rerun all tests, it is quite simply because you designed it
wrong. You didn't design it for testability.

And in a safety critical App that is gravely remiss.

Places to start reading are...
 http://www.objectmentor.com/resources/bookstore/books/welc/
 http://www.agiledata.org/essays/tdd.html

We have to come up with some better idea.

TDD _is_ the better idea.

For now I'd like to focus solely on dynamic errors.
Errors to happen while compiling, linking, loading and running.

You know something, I have been bitten by some compiler bugs in my time.

Pretty rare, but they happen.

I would estimate looking at my current project (200000+ LOC, a man
decade or two of development, real time embedded C) that we have about 3
full orders of magnitude more programmer bugs than compiler bugs. None
of them were sporadic. A correct program simply failed to compile.

We have never been bitten by linker bugs at all. Well, admittedly
writing gnu ld script is actively user hostile, but it either worked or
it didn't.

We have had lots of loader bugs, but then for various strange reasons,
we wrote our own. In all my years programming I have never been bitten
by an OS loader bug. There is a moral there...

An error I'd like to uncover is: I'm linking on a PC/XP
and somehow a bit changes just before the linker
packs the object to be written to the disk. Checksum is ok,
the object is bad.

Wow! That is such a low probability risk compare to Good Old Human stuff
ups, I wouldn't even give it a moments thought unless I had actually
seen it happening once.

If you really having such errors you have a buggy linker, time for a
newer (or older) version fast, or you have buggy hardware. ie. Fix the
tool, don't create a kludgy workaround patch around the broken tool.

If I had a checksum from last linking and made no change
I could point to the failure immediately, e.g. at load time.

Some (targets/versions) of the GCC linker do relaxation passes. ie.
Change long jumps to short jumps, change long references to short
offsets. And since the size of the code has shrunk, they do that again,
and again until it converges.

Basically you want each module to be a DLL/sharable object so the linker
does the absolute minimum of fix ups.

You also need a strict acyclic dependency graph between the sharable
objects and then link each layer with lower layers.

Follow the standard tricks to make a sharable object / DLL.

You still need the objdump tricks I mentioned to pull just the sections
you care about out.

The point that I'm asking is,

Somehow your mailer lost everything you wrote after this point in your post!




John Carter                             Phone : (64)(3) 358 6639
Tait Electronics                        Fax   : (64)(3) 359 4632
PO Box 1645 Christchurch                Email : john.carter@xxxxxxxxxx
New Zealand

Carter's Clarification of Murphy's Law.

"Things only ever go right so that they may go more spectacularly wrong later."

From this principle, all of life and physics may be deduced.

[Index of Archives]     [Linux C Programming]     [Linux Kernel]     [eCos]     [Fedora Development]     [Fedora Announce]     [Autoconf]     [The DWARVES Debugging Tools]     [Yosemite Campsites]     [Yosemite News]     [Linux GCC]

  Powered by Linux