[SystemSafety] Subversive C programs for mockery of static analysis tools ... on a bad day ; -)
Derek M Jones
derek at knosof.co.uk
Thu Nov 29 17:54:52 CET 2018
Thierry,
> Do I understand that you are building a database of "subversive" C pieces of code?
Subversive is probably the wrong word to use, because it implies intent.
This is certainly true for the International Obfuscated C Code Contest,
https://www.ioccc.org/, but not more generally.
Anyway, let's run with it.
> I am one of the authors of the SQALE method for measuring software (non-)quality and technical debt, independently of tool makers. We believe such a database is a great idea and help people like us trying to standardize the measurement of software, like any other technological item.
I take it the aim is to document cases where:
Person A thinks code means x, while person B thinks it means y.
To prevent the database being overly huge, some likelihood and
significance criteria are needed.
For instance, a certain percentage of the population using the language
have to have differing views. Also the difference between x and y will
have to be significant (however that is measured).
Obtaining data on population beliefs will be costly and difficult.
And as for deciding whether the difference between x and y is likely to
be significant, good luck with that.
All in all, a hopeless task.
A more practical approach is to specify what constructs developers can
use. For instance, the 10 most frequent uses of for-loops more than
covers every situation. It's much simpler to specify a list of
constructs that are permitted, rather than the gazillion and one that
are not permitted.
For C, somebody has written a book listing all the most frequent
constructs :-)
www.knosof.co.uk/cbook
--
Derek M. Jones Software analysis
tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
More information about the systemsafety
mailing list