X-Git-Url: https://jxself.org/git/?p=open-adventure.git;a=blobdiff_plain;f=notes.adoc;h=1baf354d694a667a9c81a3049765ad15048d1587;hp=e92d9407914844e1bc2e9852e00419befc8c51a9;hb=236abc8cab5a6f8d0b1d1921800a8645dcda98a2;hpb=7018354e228c7a25cc77257edb20305c79973ae4 diff --git a/notes.adoc b/notes.adoc index e92d940..1baf354 100644 --- a/notes.adoc +++ b/notes.adoc @@ -10,8 +10,8 @@ separate link:history.html[history] describing how it came to us. The principal maintainers of this code are Eric S. Raymond and Jason Ninneman. Eric received Don Woods's encouragement to update and ship the game; Jason signed on early in the process to help. The assistance -of Peje Nilson in restructuring some particularly grotty gotos is -gratefully acknowledged. +of Peje Nilsson in restructuring some particularly grotty gotos is +gratefully acknowledged. Petr Voropaev contributed fuzz testing. == Nomenclature == @@ -62,7 +62,9 @@ a "seed" command) will replay reliably, including random events. The adventure.text file is no longer required at runtime. Instead, it is compiled at build time to a source module containing C structures, -which is then linked to the advent binary. +which is then linked to the advent binary. There is an adventure.yaml file +as well; this is also compiled to C code, and will eventually replace +adventure.text altogether. The game-save format has changed. This was done to simplify the FORTRAN-derived code that formerly implemented the save/restore @@ -71,6 +73,9 @@ necessarily pretty ugly by modern standards. Encryption and checksumming have been discarded - it's pointless to try tamper-proofing saves when everyone has the source code. +A -r command-line been added. When it is given (with a file path +argument) it is functionally equivalent to a RESTORE command. + == Translation == The 2.5 code was a mechanical C translation of a FORTRAN original. @@ -79,13 +84,15 @@ ugly and quite unreadable. Jason Ninneman and I have moved it to what is almost, but not quite, idiomatic modern C. We refactored the right way, checking correctness -against a comprehesive test suite that we built first and verified with -coverage tools. This is what you are running when you do "make check". +against a comprehensive test suite that we built first and verified +with coverage tools (we now have over 90% coverage, with the remaining +confined to exception cases that are very difficult to reach). This is +what you are running when you do "make check". -This move entailed some structural changes. The most important was -the refactoring of over 350 gotos into if/loop/break structures. We -also abolished almost all shared globals; the main one left is a -struct holding the game's saveable/restorable state. +The move to modern C entailed some structural changes. The most +important was the refactoring of over 350 gotos into if/loop/break +structures. We also abolished almost all shared globals; the main one +left is a struct holding the game's saveable/restorable state. The original code was greatly complicated by a kind of bit-packing that was performed because the FORTRAN it was written in had no string @@ -101,6 +108,11 @@ in favor of proper C strings. C strings may be a weak and leaky abstraction, but this is one of the rare cases in which they are an obvious improvement over what they're displacing... +We have also conducted extensive fuzz testing on the game using +afl (American Fuzzy Lop). We've found and fixed some crashers in +our new code (which occasionally uses malloc(3)) but none as yet +in Don's old code (which didn't). + The code falls short of being fully modern C in the following ways: @@ -110,9 +122,9 @@ ways: and the choice to refrain will make forward translation into future languages easier. -* There are a few gotos left that resist restructuring; all of these - are in the principal command interpreter function implementing its - state machine. +* There are a few gotos left that resist restructuring; all are in the + principal command interpreter function implementing its state + machine. * Linked lists (for objects at a location) are implemented using an array of link indices. This is a surviving FORTRANism that is quite unlike @@ -120,11 +132,11 @@ ways: to fix it because doing so would (a) be quite difficult, and (b) compromise forward-portability to other languages. -* The code still has an unfortunately high density of magic numbers - in - particular, numeric object and room IDs. There are plans to fix this. - * Much of the code still uses FORTRAN-style uppercase names. +* The code still assumes one-origin array indexing. Thus, arrays are + a cell larger than they strictly need to be and cell 0 is unused. + * The code is still mostly typeless, slinging around machine longs like a FORTRAN or BCPL program. Some (incomplete) effort has been made to introduce semantic types.