Buggy Security Guidance from Apple

In February 2014 Apple published their Secure Coding Guide. I glanced through it and noticed that their sample code for detecting integer overflow was buggy – it triggered undefined behavior, could be optimized away, and was thus unsafe to use.

I tweeted this, then Jon Kalb blogged it, and then Apple quietly fixed their guide.

But their code is still broken, still triggers undefined behavior, and fails completely on 64-bit builds.

Continue reading

Posted in Programming, Security | Tagged | 39 Comments

Self Inflicted Denial of Service in Visual Studio Search

After upgrading to Visual Studio 2013 I noticed that find-in-files had a problem when searching directories. The VS IDE would repeatedly hang, rendering it completely useless for the duration of the search. I filed a bug, complete with ETW traces and a detailed analysis of what was going on.

This is a success story. Microsoft has now released Visual Studio 2013 Update 2 RC which fixes the problem.

Continue reading

Posted in Investigative Reporting, Performance, Programming, Visual Studio, xperf | Tagged , | 2 Comments

You Got Your Web Browser in my Compiler!

I recently discovered that Microsoft’s VC++ compiler loads mshtml.dll – also known as Internet Explorer. The compiler does this whenever the /analyze option (requesting static code analysis) is used. I’m no compiler architecture expert, but a compiler that loads Internet Explorer seems peculiar.

This isn’t just a theoretical concern either. I discovered this while investigating why too much static-analysis parallelism causes my machine to become unresponsive for many minutes at a time, and the mshtml window appears to be the part of the cause.

Continue reading

Posted in Code analysis, Investigative Reporting, Performance, Visual Studio, xperf | Tagged , , , | 49 Comments

Make VC++ Compiles Fast Through Parallel Compilation

The free lunch is over and our CPUs are not getting any faster so if you want faster builds then you have to do parallel builds. Visual Studio supports parallel compilation but it is poorly understood and often not even enabled.

I want to show how, on a humble four-core laptop, enabling parallel compilation can give an actual four-times build speed improvement. I will also show how to avoid some of the easy mistakes that can significantly reduce VC++ compile parallelism and throughput. And, as a geeky side-effect, I’ll explain some details of how VC++’s parallel compilation works.

Plus, pretty pictures.

Continue reading

Posted in Performance, Visual Studio, xperf | Tagged , , , , | 19 Comments

Making Compiles Slow Through Abuse of Templates

I’m planning a post on how to maximize build parallelism in VC++, but first I needed to create a simple project that was slow to compile. Creating such a program was an interesting exercise in its own right and I decided that it deserved a separate blog post.

I started with a recursive algorithm that ran in exponential time. When I made it a compile-time algorithm I found that it compiled in linear time – too fast to be useful for my peculiar purposes. In order to get a slow-to-compile file I had to understand and then prevent the optimization that was allowing my result to be calculated so efficiently at compile time.

Continue reading

Posted in Performance, Programming, Visual Studio | Tagged , , | 17 Comments

Exercise Regimen for a 94 Year Old

My grandfather is 94 years old. He is sound of mind and body and that is probably because he gets more exercise than most people in their twenties. He spends about forty five minutes each morning doing these exercises – not because he enjoys them but because he believes that they are important. Doing these exercises is no guarantee that you will stay healthy, but I’m sure it improves your odds.

With his permission I have included his exercise plan below, written up four years ago and still followed today.

Aside: my grandfather wrote a book about his adventures, including his escape from a Japanese POW camp through China. Contact me if you’re interested in purchasing a copy.

Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Process Tree from an Xperf Trace

I was looking at an xperf (ETW) trace recently and needed to know who had started a particular process. The parent process ID was stored in the trace so I could find its parent, and its parent’s parent, and so on, but doing this for many generations in WPA is tedious.

Luckily the 8.1 version of the Windows Performance Toolkit has a tool for exporting arbitrary data, so I used that and a bit of Python to write a tool that would create a process tree for an ETW trace.

Continue reading

Posted in xperf | Tagged , , , , | 2 Comments