How to shoot yourself in the foot with PC-Lint

A lot of the software we use at work is provided by a software contractor (who shall remain nameless). Somewhere in their software there’s a piece of code to swap bytes in a byte buffer. It looked something like this:

static void swap(char *buf, int n)
    char tmp;
    for (int i = 0; i < n / 2; i++) {
        tmp = buf[i];
        buf[i] = buf[n - 1 - i];
        buf[n - 1 - i] = tmp;

So, a perfectly ordinary bit of boilerplate code. What it does is, it takes a character buffer <buf>, which contains <n> bytes, and it reverses it: the first and the last bytes are swapped, then the second and the second-to-last bytes, etc. If you sketch the byte buffer on a piece of paper, it soon becomes obvious that the indexes of the bytes to be swapped are "i" and "n - 1 - i". So far, so good.

But our friends, being the conscientious and quality-oriented lot that they are, decided to run PC-Lint (a version of the ancient and venerable lint tool) on it, to see if it had any comments. Well, it did. It took a look at those "n - 1 - i" expressions and said:

error 834: (Info -- Operator '-' followed by operator '-' is confusing.  Use parentheses.)

“Use parentheses?”, our friends said, “Sure, we can use parentheses”. And they did:

static void swap(char *buf, int n)
    char tmp;
    for (int i = 0; i < n / 2; i++) {
        tmp = buf[i];
        buf[i] = buf[n - (1 - i)];
        buf[n - (1 - i)] = tmp;

Four little keystrokes. And with them, a pretty nasty bug.

(In case it's not clear: "n - (1 - i)" is not equal to "n - 1 - i", it is equal to "n - 1 + i". The destination of the swap starts out at the end of the buffer and then goes right as i is increased, immediately walking off the end of the buffer.)

Software development tools like lint are great. They can point out the places where your code is maybe not as good as you think. But you have to use them wisely. Software development tools are not additive. They do not add smartness to a person, so that everyone who uses them gets a little smarter. Instead, they multiply the smartness that is already there. They make smart people smarter, but they make dumb people dumber.

Some notes:

  1. I've not been completely honest. The expression did not change from "n - 1 - i" to "n - (1 - i)", but from "n - i - 1" to "n - (i - 1)". I've changed it to highlight the problem, and to make it clearer what it was supposed to do. And the difference is one of quantity, not quality. The buffer overrun is still there, it's just not quite as bad.
  2. Surprisingly, the bad version of this function didn't trigger any of our copious automated tests, and after fixing it nothing seems to have changed. So I can only assume this function is dead code, unused and unloved.
  3. Also, I cannot claim to have discovered this bug. It was actually flagged by GCC, saying "error: array subscript is above array bounds". It is pretty amazing that it spotted that. I can only assume that, by some magical combination of function call inlining and loop unrolling it managed to reduce that "n - (i - 1)" expression to a constant, and then found that it accessed memory that it shouldn't access. GCC is clearly a pretty nifty bit of kit.

Unintended consequences

When @Casper_Aero and @Caspernl both retweeted a message from @casperflights about the new Casper feed from Zürich, the result was certainly graphically interesting.

Casper retweets

The fact that Kloten is Dutch slang for, well, testicles makes this a double double entendre.

That’s a lot

We were talking at work the other day about the transition (any day now!) from IPv4 to IPv6. One colleague said that at least we would have plenty of addresses, and another said something like “Ha! That’s what they said about IPv4!” Well, yes. But the jump from 32-bit addresses in IPv4 to 128-bit addresses in IPv6 is quite something else. Let me illustrate.

Let’s say you can build computers ridiculously small, like the size of a grain of sugar. This page says that a grain of ordinary granulated sugar is about 0.5 mm in size. Let’s assume it is cubical, so that gives it a volume of 0.5×0.5×0.5 = 0.125 mm3. Now let’s suppose we want to build one of those computers for every IPv6 address. With 128-bit addresses you can have 2128 different addresses in IPv6, which is (deep breath) 340,282,366,920,938,463,463,374,607,431,768,211,456. No, I don’t know how to pronounce that either, but in scientific notation that’s about 3.403×1038. How big a mountain of sugar would that create?

Well, 3.403×1038 computers with a volume of 0.125 mm3 makes the total volume 0.125×3.403×1038 = 4.254×1037 mm3 = 4.254×1028 m3 = 4.254×1019 km3.

This page says that Mount Everest has a volume of “approximately 2413 cubic kilometers”. Not sure how accurate that is, but it’s clearly quite a bit smaller than our sugar/computer mountain.

What about the Earth? That has a volume of 1.08321×1012 km3, according to Wikipedia. Closer, but still a factor of about 4×107 off.

Let’s go truly big then. According to (again) Wikipedia the Sun has a volume of 1.412×1018 km3. So that means even the Sun could fit inside our ball of sugar grain-sized computers 4.254×1019 / 1.412×1018 = 30 times. In short, there isn’t enough matter in the solar system to build that much hardware.

So yes, IPv6 adresses may run out at some point in the future. But it’s going to take a special effort, at the very least.

Back up

We’re back up again, after some heavy-duty hardware updates (of which more in the near future). It appears I’ve forgotten to copy one or two directories from the old server to the new one, so some things don’t yet work as they should. But I’ll get it sorted out shortly.


Here’s something I made earlier: a sudoku puzzle solver.


It’s a tarred and gzipped archive of the source code in glorious C. Should compile on all of your finer Linux distros.

UPC, bedankt!

Ik ga binnenkort overstappen op een nieuwe internet provider: XMS. Dus ik belde vanmorgen naar UPC, mijn oude provider, om mijn abonnement op te zeggen. Dit is ongeveer wat er gebeurde.

UPC: Goedemorgen, waarmee kan ik u van dienst zijn?
Ik: Goedemorgen, ik wil graag mijn internet abonnenment opzeggen.
UPC: Het spijt mij om dat te horen. Mag ik vragen waarom?
Ik: Ik ga naar een nieuwe provider.
UPC: Mag ik vragen wat u bij die nieuwe provider gaat betalen?
Ik: Ik ga €42,50 betalen voor 50 Mbps down, 50 Mbps up, en bij jullie betaal ik €51,- voor 25 Mbps down, 2 Mbps up. Ik krijg straks dus meer voor minder geld.
UPC (in volste verwarring): Maar dat klopt helemaal niet! 25 Mbps kost bij ons maar €25,-!
Ik: Nou, op mijn rekening staat iedere maand anders €51,-. Vandaar mijn overstap.
UPC: Nou, goed dan. Maar zal ik u straks even doorverbinden met mijn collega om het teveel betaalde bedrag recht te zetten?
Ik: Prima.

Even later was het opzeggen geregeld, en werd ik doorverbonden. Het eerste wat ik hoorde:

UPC: Welkom bij UPC. Er is op dit moment een wachttijd van ongeveer 10 minuten.
Ik: Grrrr!
UPC (na 10 minuten muzak): Goedemorgen, waarmee kan ik u van dienst zijn?
Ik: Goedemorgen. Ik had zojuist een collega van u aan de lijn om mijn internet abonnenment op te zeggen, en toen bleek dat ik al een hele tijd teveel heb betaald.
UPC: Da’s niet zo mooi. Wat heeft u betaald?
Ik: Op mijn factuur staat €42,86 ex. BTW, dat is €51,- incl. BTW, en het zou €25,- incl. BTW moeten zijn.
UPC: Hoe lang heeft u dat abonnement al?
Ik: Sinds maart vorig jaar, toen heb ik mijn UPC Classic omgezet naar dit abonnement.
UPC: Aha, dan heeft u het oude 25 Mbps abonnement. Dat was inderdaad €50,-. Later hebben we het nieuwe 25 Mbps abonnement geïntroduceerd, dat is €25,-. Heeft u de reclame niet gezien?
Ik: <sprakeloos>.
UPC: Ik zal uw vraag doorgeven aan de afdeling crediteuren, maar ik geef u weinig kans.

De moraal van dit verhaal: Zo lang je een abonnement hebt bij UPC vinden ze het geen probleem om je het dubbele te laten betalen van wat de eigenlijke prijs is. En als je dan wilt overstappen naar een andere provider is het jouw schuld dat je niet op een lager tarief bent overgestapt.

Juist ja.

Experiments in Flex

So I’ve been messing with Flex for a while, and here’s the first result.

Click here to see it in a browser tab of its own, and right-click/save-as here to download the source code.


Xmarks is feeling a little under the weather, it seems.
Apparently this was a bug in Google Chrome. Updating to the latest development build solved the problem.

Please don’t.

I just stumbled upon this “10 things we didn’t know last week” post, and point number 8 was “The two most common pronunciations of Van Gogh are wrong”. As a native Dutch speaker I can only say “well, duh”. English speakers rarely, if ever, get the pronunciation of Dutch words or names right.

The thing is, we don’t mind. Really. We’d rather you just stopped trying and got on with it. We’re fine with that. Dutch is a strange language with lots of funny noises and you’ll only do yourself an injury when you try to emulate them. It’s just not worth it.

But at the same time (and this really follows directly from the first point) we’d appreciate it if you didn’t try to teach other people how to pronounce Dutch words. Because you’ll only perpetuate the wrong pronunciation, and worse, you’ll imbue those other people with a confidence that isn’t justified. Just say “this is how I pronounce it”, or “this is how it’s pronounced in English” but don’t pretend it’s how the Dutch pronounce it.

I once read a piece (on a NASA website I think) by someone who claimed with great confidence that the name Huygens (the famous Dutch scientist after whom the probe that landed on Titan was named) was pronounced “Hoygens”. Well it isn’t. The “uy” is pronounced with a vowel sound that, as far as I know, doesn’t exist anywhere in the English language, so we don’t mind if an English speaker doesn’t get it right. Calling the man (and the probe) “Hoygens” is fine by us. But please don’t claim that it is the “correct” pronunciation. Okay?

If you’re interested, you can hear the proper pronunciation of Huygens’ name (and that of another Dutch scientist, Antoni van Leeuwenhoek) from this page.


So this is what I’m keeping busy with these days:

Be sure to check out the “full” Casper (with lots of neat features) at

Next »