X-Git-Url: https://jxself.org/git/?p=open-adventure.git;a=blobdiff_plain;f=notes.adoc;h=884d1ce7f7d5ff970e2ca331687afe5e17cffe67;hp=c41a5b645c69683b7a54133e32602d629e38d336;hb=f815299a2a97656b0f4ea0793c2207c2437888f6;hpb=9e08cba63e45ed056b2c400435ba210ccb2c091f diff --git a/notes.adoc b/notes.adoc index c41a5b6..884d1ce 100644 --- a/notes.adoc +++ b/notes.adoc @@ -10,8 +10,9 @@ separate link:history.html[history] describing how it came to us. The principal maintainers of this code are Eric S. Raymond and Jason Ninneman. Eric received Don Woods's encouragement to update and ship the game; Jason signed on early in the process to help. The assistance -of Peje Nilson in restructuring some particularly grotty gotos is -gratefully acknowledged. +of Peje Nilsson in restructuring some particularly grotty gotos is +gratefully acknowledged. Petr Voropaev contributed fuzz testing. Aaron +Traas did a lot of painstaking work to improve test coverage. == Nomenclature == @@ -60,16 +61,21 @@ Using "seed" and -l, the distribution now includes a regression-test suite for the game. Any log captured with -l (and thus containing a "seed" command) will replay reliably, including random events. -The adventure.text file is no longer required at runtime. Instead, it -is compiled at build time to a source module containing C structures, -which is then linked to the advent binary. +The adventure.text file is no longer required at runtime. Instead, an +adventure.yaml file is compiled at build time to a source module +containing C structures, which is then linked to the advent +binary. The YAML is drastically easier to read and edit than +the old ad-hoc format of adventure.txt. -The game-save format has changed. This was done to simplify -FORTRAN-derived code that formerly implemented these functions; -without C's fread(3)/fwrite() and structs it was necessarily pretty -ugly by modern standards. Encryption and checksumming have been -discarded - it's pointless to try tamper-proofing saves when everyone -has the source code. +The game-save format has changed. This was done to simplify the +FORTRAN-derived code that formerly implemented the save/restore +functions; without C's fread(3)/fwrite() and structs it was +necessarily pretty ugly by modern standards. Encryption and +checksumming have been discarded - it's pointless to try +tamper-proofing saves when everyone has the source code. + +A -r command-line been added. When it is given (with a file path +argument) it is functionally equivalent to a RESTORE command. == Translation == @@ -79,13 +85,19 @@ ugly and quite unreadable. Jason Ninneman and I have moved it to what is almost, but not quite, idiomatic modern C. We refactored the right way, checking correctness -against a comprehesive test suite that we built first and verified with -coverage tools. This is what you are running when you do "make check". +against a comprehensive test suite that we built first and verified +with coverage tools (we now have over 95% coverage, with the remaining +confined to exception cases that are very difficult to reach). This is +what you are running when you do "make check". + +In the process we found and fixed a few minor bugs. Most notably, reading +the relocated Witt's End sign in the endgame didn't work. Behavior when +saying the giant's magic words outside his room wasn't quite right either. -This move entailed some structural changes. The most important was -the refactoring of over 350 gotos into if/loop/break structures. We -also abolished almost all shared globals; the main one left is a -struct holding the game's saveable/restorable state. +The move to modern C entailed some structural changes. The most +important was the refactoring of over 350 gotos into if/loop/break +structures. We also abolished almost all shared globals; the main one +left is a struct holding the game's saveable/restorable state. The original code was greatly complicated by a kind of bit-packing that was performed because the FORTRAN it was written in had no string @@ -96,12 +108,17 @@ of sixbit code points in a restricted character set, packed 5 to a verb was one of these words, and what would be string operations in a more recent language were all done on sequences of these words. -We are still in the process of removing all this bit-packing cruft -in favor of proper C strings. C strings may be a weak and leaky -abstraction, but this is one of the rare cases in which they are -an obvious improvement over what they're displacing... +We have removed all this bit-packing cruft in favor of proper C +strings. C strings may be a weak and leaky abstraction, but this is +one of the rare cases in which they are an obvious improvement over +what they're displacing... -The code falls a short of being fully modern C in the following +We have also conducted extensive fuzz testing on the game using +afl (American Fuzzy Lop). We've found and fixed some crashers in +our new code (which occasionally uses malloc(3)), but none as yet +in Don's old code (which didn't). + +The code falls short of being fully modern C in the following ways: * We have not attempted to translate the old code to pointer-based @@ -110,10 +127,9 @@ ways: and the choice to refrain will make forward translation into future languages easier. -* There are some gotos left that resist restructuring; all of these - are in the principal command interpreter function implementing its - state machine. One other left in the player-movement code, a two-level - loop breakout, is not reducible even in principle. +* There are a few gotos left that resist restructuring; all are in the + principal command interpreter function implementing its state + machine. * Linked lists (for objects at a location) are implemented using an array of link indices. This is a surviving FORTRANism that is quite unlike @@ -121,11 +137,18 @@ ways: to fix it because doing so would (a) be quite difficult, and (b) compromise forward-portability to other languages. -* The code still has an unfortunately high density of magic numbers - in - particular, numeric object and room IDs. +* Much of the code still assumes one-origin array indexing. Thus, + arrays are a cell larger than they strictly need to be and cell 0 is + unused. * The code is still mostly typeless, slinging around machine longs like a FORTRAN or BCPL program. Some (incomplete) effort has been made to introduce semantic types. +We have made exactly one minor architectural change. In addition to the +old code's per-object state-description messages, we now have a per-object +message series for state *changes*. This makes it possible to pull a fair +amount of test out of the arbitrary-messages list and associate those +mesages with the objects that conceptually own them. + // end