Communications - February 2010

// First way
foo() {
_ _asm mov eax, eab
mov eax, eab;

} // Second way

#pragma asm _ _asm [ mov eax, eab mov eax, eab ]

#pragma end _ asm

defeat when trying to parse real-world large code bases.c Thus, our next step is for each supported compiler, we write a set of “transformers” that mangle its personal language into something closer to what EDG can parse. The most common transformation simply rips out the offending construct. As one measure of how much C does not exist, the table here counts the lines of transformer code needed to make the languages accepted by 18 widely used compilers look vaguely like C. A line of transformer code was almost always written only when we were burned to a degree that was difficult to work around. Adding each new compiler to our list of “supported” compilers almost always requires writing some kind of transformer. Unfortunately, we sometimes need a deeper view of semantics so are forced to hack EDG directly. This method is a last resort. Still, at last count (as of early 2009) there were more than 406(!) places in the front-end where we had an #ifdef COVERITY to handle a specific, unanticipated construct.

EDG is widely used as a compiler front-end. One might think that for customers using EDG-based compilers we would be in great shape. Unfortunately, this is not necessarily the case. Even ignoring the fact that compilers based on EDG often modify EDG in idiosyncratic ways, there is no single “EDG front-end” but rather many versions and possible configurations that often accept a slightly different language variant than the (often newer) version we use. As a Sisyphean twist, assume we cannot work around and report an incompatibility. If EDG then considers the problem important enough to fix, it will roll it together with other patches into a new version.

So, to get our own fix, we must up-
header file. Here are two ways (out
of many) to issue a mov instruction
The only thing shared in addition to
mov is the lack of common textual keys
that can be used to elide them.

c Coverity won the dubious honor of being the single largest source of EDG bug reports after only three years of use.

Bugs

Do bugs matter? Companies buy bug-
finding tools because they see bugs as
bad. However, not everyone agrees that
bugs matter. The following event has
occurred during numerous trials. The
tool finds a clear, ugly error (memory
corruption or use-after-free) in impor-
tant code, and the interaction with the
customer goes like thus:
“So?”
“Isn’t that bad? What happens if
you hit it?”
“Oh, it’ll crash. We’ll get a call.”
[Shrug.]
If developers don’t feel pain, they
often don’t care. Indifference can arise
from lack of accountability; if QA can-
not reproduce a bug, then there is no
blame. Other times, it’s just odd:
“Is this a bug?”
“I’m just the security guy.”
“That’s not a bug; it’s in third-party
code.”
“A leak? Don’t know. The author left
years ago...”

No, your tool is broken; that is not a bug. Given enough code, any bug-

Lines of code per transformer for 18 common compilers we support.

b Anecdotally, the dynamic memory-checking tool Purify10 had an analogous struggle at the machine-code level, where Purify’s developers expended significant resources reverse engineering the various activation-record layouts used by different compilers.