Ninneman. Eric received Don Woods's encouragement to update and ship
the game; Jason signed on early in the process to help. The assistance
of Peje Nilsson in restructuring some particularly grotty gotos is
-gratefully acknowledged.
+gratefully acknowledged. Petr Voropaev contributed fuzz testing.
== Nomenclature ==
checksumming have been discarded - it's pointless to try
tamper-proofing saves when everyone has the source code.
+A -r command-line been added. When it is given (with a file path
+argument) it is functionally equivalent to a RESTORE command.
+
== Translation ==
The 2.5 code was a mechanical C translation of a FORTRAN original.
Jason Ninneman and I have moved it to what is almost, but not quite,
idiomatic modern C. We refactored the right way, checking correctness
against a comprehensive test suite that we built first and verified
-with coverage tools (we have 88% coverage, with the remaining 12%
-confined to exception cases that are difficult to reach). This is
+with coverage tools (we now have over 90% coverage, with the remaining
+confined to exception cases that are very difficult to reach). This is
what you are running when you do "make check".
-This move entailed some structural changes. The most important was
-the refactoring of over 350 gotos into if/loop/break structures. We
-also abolished almost all shared globals; the main one left is a
-struct holding the game's saveable/restorable state.
+The move to modern C entailed some structural changes. The most
+important was the refactoring of over 350 gotos into if/loop/break
+structures. We also abolished almost all shared globals; the main one
+left is a struct holding the game's saveable/restorable state.
The original code was greatly complicated by a kind of bit-packing
that was performed because the FORTRAN it was written in had no string
abstraction, but this is one of the rare cases in which they are
an obvious improvement over what they're displacing...
+We have also conducted extensive fuzz testing on the game using
+afl (American Fuzzy Lop). We've found and fixed some crashers in
+our new code (which occasionally uses malloc(3)) but none as yet
+in Don's old code (which didn't).
+
The code falls short of being fully modern C in the following
ways:
and the choice to refrain will make forward translation into future
languages easier.
-* There are a few gotos left that resist restructuring; all of these
- are in the principal command interpreter function implementing its
- state machine.
+* There are a few gotos left that resist restructuring; all are in the
+ principal command interpreter function implementing its state
+ machine.
* Linked lists (for objects at a location) are implemented using an array
of link indices. This is a surviving FORTRANism that is quite unlike
to fix it because doing so would (a) be quite difficult, and (b)
compromise forward-portability to other languages.
-* The code still has an unfortunately high density of magic numbers - in
- particular, numeric object IDs. There are plans to fix this.
-
* Much of the code still uses FORTRAN-style uppercase names.
+* The code still assumes one-origin array indexing. Thus, arrays are
+ a cell larger than they strictly need to be and cell 0 is unused.
+
* The code is still mostly typeless, slinging around machine longs
like a FORTRAN or BCPL program. Some (incomplete) effort has been made
to introduce semantic types.