memcpy_s

May 22nd, 2009

On Friday, an article ran on Slashdot making note that Microsoft is “banning” the C function memcpy in favor of the new memcpy_s. While memcpy_s has in truth been around for a while, the notion that it would now generate compiler warnings has created quite an uproar. Some people seem curious as to why so many people are upset by what seems a pretty innocuous change. The article author asked if was going to affect anyone’s creativity. I can assure you that’s not the concern.

In a nutshell: the problem is you can’t tape a cupholder to a formula one race car and declare it street legal. It still doesn’t have any bumpers, it’s too low to be safe around other cars, and if you aren’t an expert driver you still shouldn’t be driving it. A cupholder doesn’t change that.

So what? A cupholder is still an improvement… right? Who doesn’t want a cupholder? Imagine for a moment that having the cupholder suddenly disqualified you from a number of races. You couldn’t run that race if you have a cupholder. It also slowed down your car–not a lot, but a tiny fraction of a second. Maybe it doesn’t slow it down enough to matter, but in those few races won by hundredths… well, maybe it does. Suddenly that cupholder doesn’t seem so nice.

To be clear, I’m not suggesting giving up on attempts to improve memory management and prevent buffer overruns. I just question if this exact approach was the best one.

Memcpy_s is basically a race car with a cupholder. While memcpy_s will certainly prevent some bugs, the same people who got one parameter wrong are just as likely to get two parameters wrong… and cause all new bugs in the process. Garbage In = Garbage Out. It doesn’t matter what the calling convention is.

On two occasions I have been asked,—”Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?” … I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.”

— Charles Babbage, 1864
discussing the first mechanical computer

The change also comes with a price: it breaks cross-compatibility with other compilers, including older compilers on the same operating system as well as other platforms. This means the same code can’t cross-compile anymore if you use memcpy_s. Someone with Microsoft suggested that GCC should pick up the change as well. Perhaps, but that assumes that GCC is the only other compiler that matters. Certainly, it’s the most popular other compiler that matters, but it’s far from the only one especially if you do embedded systems work or anything running on “exotic” hardware. And let’s be honest–if you’re not writing something that’s fast or exotic, you’re probably not writing it in C. The exception, of course, being legacy code… but surely that’s even less likely to be changed. The whole point of legacy code is that you don’t have the time\budget to update it, otherwise you wouldn’t be running it at all. These are the guys who will wrap memcpy_s in a macro named memcpy, defeating it entirely. Sigh.

As for that speed difference I mentioned? We’re obviously only talking about an extra comparison operator and perhaps a branch or two here. I know an extra comparison operator seems trivial, but if an extra comparison operator didn’t matter ASSERT macros wouldn’t exist. The speed difference is nominal, but it’s very, very real. On a lark I timed it. Copying 32 bytes 100,000 times with memcpy took on average 3952 counts, or about 0.001104 seconds, measured to nanosecond accuracy with QueryPerformanceCounter. Performing the identical operation with memcpy_s took on average 9706 counts, or about 0.002712 seconds. This was in “release mode” using Visual Studio 2008. (For the curious, in debug mode the difference averaged 8028 counts to 11340 counts, but you shouldn’t be shipping your code in debug mode anyway!)

Now hopefully you’ve done everything you can to avoid memcpy in your inner loop in the first place, but we all know there are rare occasions where it’s unavoidable. This all brings me back to my earlier point: if you’re not writing something that’s fast or exotic, you’re probably not writing it in C. Yes, you can write your own memcpy that’s probably faster than the system memcpy if you’re really worried about speed, but now we’re back to the portability issue. In short, I’m certain that to the people where the choice of language matters, those few clock cycles matter too. We’re talking folks writing device drivers here, not business applications.

Nobody is twisting anyone’s arm to use memcpy_s. You can easily disable the compiler warnings and continue to use memcpy all you like. But hopefully you see where I’m going with this: A lot of the reason that people continue to use C for certain projects has to do with performance and portability. This change sacrifices both for dubious return. If the change is not going to have tangible benefits that outweigh the problems, why do it at all?

Sooner or later, you need to trust that the programmer knows what they are doing. If the programmer can’t manage memory responsibly, you’ve got a bigger problem than an extra parameter is going to fix. To be honest, while a lot of people don’t like to admit it programmers sometimes leak or botch memory even in managed languages. There’s certainly a thesis paper or two in “possible alternatives” to the approach taken–perhaps checking the block size by querying the allocator instead of asking the programmer which would be even slower but more reliable, borrowing ideas from double entry accounting, etc, etc.–although the “real” fix surely involves more intelligent ways of thinking about memory, which realistically means a fundamental change in constructs, not a patched function.

As always, XKCD sums it up best (panel #2):

XKCD

Ah, I wait for the day… 🙂

Sculpted Prim Wine Glass

April 2nd, 2009

A wine glass is one of the first things most people make when they learn to use a 3D program. It’s fun and it’s easy.

Making a sculpted prim wine glass for Second Life is equally fun. In fact, it’s almost exactly the same except you need to UV map it before you upload it. A simple cylindrical map will do. Here’s a video to show you how using AC3D.

Wineglass Video
Click to download video

The step-by-step:

  1. Draw a polyline that will form the outer edge of your wineglass.
  2. (Optional) Use the spline tool to make your polyline into a smooth curve.
  3. Revolve the polyline around the Y axis 360 degrees. The more segments you use the smoother it will be, but the more polygons. You don’t need very many polygons, so don’t overdo it.
  4. Using the UV map tool, apply a cylindrical wrap around the Y axis.
  5. Export!


Here are the UV map settings I used.

When you import it into SL, be sure to set your mapping mode to cylindrical. If you don’t, the top and bottom of the glass will be solid instead of hollow.


Set the Stitching Type to Cylinder.

Download the model here.

AC3D Plugin: Poser Export

March 30th, 2009

This plugin exports AC3D models to Smith Micro’s Poser PZ3 format. It also generates a WaveFront OBJ file that Poser will recognize as “grouped” surfaces. This allows you to create custom characters and props for use in your Poser scenes with AC3D, and reduces the amount of time spent in the Setup Room in Poser grouping your surfaces.

Either the PZ3 or the OBJ can be used for importing a model into Poser.

The PZ3 is “pre-rigged” using the AC3D hierarchy as the skeleton and the AC3D object centres as the joint pivots. The PZ3 allows you to see working joints right away, but obviously the joints won’t be weighted as nicely as if you did it by hand. For this reason, I’d recommend starting with the OBJ file and building your skeleton in the Poser setup room instead unless your final output is a game engine or something else where Poser’s blend weights don’t matter. Like the Milkshape plugin, the Poser plugin supports null pivots. Any mesh in AC3D named “NULL_[whatever]” is treated as a null pivot so you can do “fancy” rigs if you need to. There are additional instructions in the readme.txt included with the plugin.

Download the plugin. (Requires Windows XP, AC3D 6.2 or above, Poser 6.0 or above.)

I’ve also built a sample file in case you need a working example of how to build your model.

Download the sample model.

In the sample, I’ve taken the perfume atomizer that comes in the AC3D stock model library. (You can load the original by clicking File > Library inside of AC3D and loading it from the samples folder.) I’ve re-rigged the atomizer so it can animate, then exported it using the Poser plugin. After import into Poser, I applied my materials, set the lights and tweaked the skeleton. All of the files are included so you can see each step.

  • atomizer-rigged.ac – the rigged version of the atomizer from the AC3D library.
  • antomizer-rigged.pz3 – the unedited poser file exported by the plugin (yes, I realized belatedly I spelled it wrong, but I didn’t want to fix all the file links, doh)
  • atomizer-final.pz3 – the final file in poser, with materials applied and joint limits, etc., set

If you’re into building Poser models in AC3D, I would also recommend Dennis’s Poser Morph Target Assistant. The morph target assistant, as the name implies, will allow you to add morph targets to your Poser figures.

Enjoy!

How to Send Me a Newsletter

March 30th, 2009

Like most people, I get waaaaaay too much e-mail. Between some crazy deadlines, out-of-town conferences and wiping out my primary desktop machine, I’ve been offline for a couple of weeks and boy-oh-boy have the messages piled up. [If you’re waiting for a reply from me on something, I promise I haven’t forgotten you. 🙂 I’m still re-installing and it’s going to take me a few more days to dig my way out.]

While I don’t subscribe to nearly as many newsletters as I used to — most of my news-ish stuff comes in the form of RSS feeds these days — I still subscribe to a few. Here are some tips if you’re writing a newsletter that will decrease the odds that I’ll delete it without reading it:

  • Don’t change your “from” address. I white-list only those newsletters I want. If you change your address without telling me first, your newsletter will be deleted as spam and I won’t even know it.
  • If you must change your e-mail address, tell me before you change it. Sending me a “we’ve changed our address” message from your new address is an instant FAIL. I’ll miss it because your new address isn’t white-listed. I can’t believe how many people don’t think about this one.
  • A unique per-user ID in the subject line helps me tell your newsletter apart from phishes that look just like it. If I get too many phishes impersonating your newsletter, I’ll probably just unsubscribe it. I know it’s not your fault, but I don’t have the time to spend sorting out the fakes. A unique per-user ID in the subject is a very fast, easy way to make it obvious which messages are probably real and which are almost certainly fake.

Programming is Like a Dream

March 17th, 2009

Have you ever noticed that computer programmers are very easy to startle? Walk up behind an accountant or a web designer sketching out banner ads, and nine times out of ten they’ll know you’re coming from a mile away. But computer programmers aren’t like that. You can stand right behind a programmer for ten minutes and quite often they will not even know you are there–especially when they are working on a difficult section. The larger the system, the deeper the trance.

I just read two fantastic essays describing programming as a dream-like state. I’d never thought of it this way before, but I’d have to say that’s the most dead-on accurate description I’ve ever heard.

Now, imagine you were in deep sleep, dreaming away about apples at 3am, and I came bashing into your room and said “Sorry, but we need you to dream about bananas now.” Do you think you could go straight back to sleep in a few seconds, dream about bananas for a bit, and then jump back to your original dream about apples? No, of course not, but this is what managers expect when they throw new tasks at us while we’re busy coding the first one. When this happens we’ve lost the hours we’ve spent on the first dream, we’re completely lost for half an hour, and then we eventually manage to get into the new dream.

This is very true. It takes a little while to “shift gears”. For small programs, it’s not so bad, because you can conceptualize the whole thing in a few minutes or seconds. For large systems it takes longer to get yourself back into the right frame of mind. You have to think about all the things you were thinking about when you put it down last, and this is often a lot harder than it sounds. There’s a small time penalty that’s paid every time a programmer sits down to work, but it’s only paid once per session. This is why a lot of programmers prefer to work in one long stretch instead of several short ones. In six 30 minute stretches, zero code will get written–zero good code, anyway–because you spend the entire time just getting started. In one three hour stretch, however, you might just compose a masterpiece.

I can sit down and start coding right away, but I don’t really “hit my groove” for an hour or two. Sometimes I try to accelerate that by leaving myself a thread the day before. I’ll intentionally not finish a block of code I was working on, but I’ll leave myself copious notes on how to write it so that when I sit down in the morning I can start right away on that block. In the morning I don’t really have to think about the block too much because the answer is right there, but by-and-by as I code it up the thoughts start rushing back to me. By the time I’ve finished writing the block, my head is where it needs to be and I can pick it up from there. Sometimes if the code is very complex I just keep thinking about the code until morning. Most programmers can and will do this, too. Some perhaps can’t hold onto the code for days or weeks, but virtually all can for a few minutes or even a couple of hours.

I know it sounds strange, but think of it this way: Have you ever had a dream that lingered? You know, when you have a nightmare or other intense dream, and it keeps coming back to you while your doing other things throughout the day? Your mind is still dreaming the dream even though you are awake, and you can feel it back there drifting around. Keeping code in your head feels very much the same way.

There’s a right and a wrong way to interrupt a programmer. The best answer is “don’t”. But if you must… If you think about programming like dreaming, you’ll realize that programmers remember more if you interrupt them gently than if you barrage them. If someone wakes you out of bed and starts shouting a long list of things at you to remember, you’ll almost certainly forget what you were dreaming. However, if someone shakes you gently and gives you a few seconds to open your eyes and look around before they start talking, it’s a lot easier to remember the dream for later. The same works for programmers. If you just walk into their office and start talking, one of two things will happen: they’ll completely forget what they were coding, or they won’t really be paying attention to you. However, if you quietly walk up to them and let them know you are there but say nothing until they are ready, the programmer can come to the end of the thought they are on. Once they’ve finished their thought, it will be easier for them to pick up next time and still pay attention to what you have to say.

Let’s take a maze for example. There is a task for the programmer to come up with an algorithm of finding the way out of the maze. When a programmer is working on this task he isn’t just a God’s Finger showing the directions to a little girl lost in a great maze. He isn’t that girl or the walls of a labyrinth either. He is actually all of that in a same time. In order to solve the task he must BECOME the labyrinth, the walls, the lost little girl and whatever else may just came along with it. It is not a figure of the speech – the programmer is literally SLEEPING and DREAMING that all in his mind.

My brother contends that it is this same phenomena that makes programmers so bad at estimates. The problem is, as he says, that the programmer already knows everything that needs to be written. When you have it all in your mind, it seems like it should be easy to write it all down. But it’s not. The physical act of writing the code takes a long time. But more importantly, your mind never thinks about all the “meaningless” details. It knows how to code them so well it doesn’t even need consider their existence anymore. Unfortunately, the computer still needs them. It can’t infer. All those loose ends, niggling details and corner cases end up eating a great deal of time… sometimes more than the rest of the program.

How does programming feel to you? What is your experience like?