Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#269883 - 16/11/2005 17:58 When all you have is the exe?
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
So I’m supposed to be maintaining an application- only problem is that the source and executable don't match- the source we do have (created over a year ago by a previous developer) doesn't work properly. Even worse than all this is that the documentation is sketchy and there are no regression tests to determine what functionality may have changed between the source code we have and the executable. The developers apparently used version control, but the source I'm using has a lable telling me it's the version in production- it isn't though. Cool hunh?

I already tried decompiling the two executables (the one in production and the one I can generate with the source I have) but there are simply too many differences for me to catch them all in assembler and translate that back into code. I guess the plan is to spend a couple months doing full regression testing (creating the scripts as we go) to figure out how the application is broken. I just hope I’m not the one who’s tapped to do this testing. Any suggestions?
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269884 - 16/11/2005 18:07 Re: When all you have is the exe? [Re: JeffS]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Your project has just become a leg-work and research project.

You cannot continue without the most recent source code. It is critical you track that down. Somewhere in the company, someone has to have it on a hard disk or backup tape.

Even if it involves contacting people who don't work for the company any more.
_________________________
Tony Fabris

Top
#269885 - 16/11/2005 18:14 Re: When all you have is the exe? [Re: JeffS]
peter
carpal tunnel

Registered: 13/07/2000
Posts: 4180
Loc: Cambridge, England
Quote:
the source and executable don't match

Have you made sure your compiler, external libraries, whatever other tools get used, etc., are the same versions as were used the first time?

Peter

Top
#269886 - 16/11/2005 18:18 Re: When all you have is the exe? [Re: tfabris]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Somewhere in the company, someone has to have it on a hard disk or backup tape.
Likely it is all in version control. However, if you can't determine which combination of files to use then it's pretty much useless. Normally you'd look for all the files checked in when the binary was released, but I've already done that. And even worse is, if I managed to stumble across the right version of code, how would I know without doing a full regression test to insure that all the features behave correctly?

Edit- of course if I had it all exactly right then the binaries would match. Don't see that happening, though.


Edited by JeffS (16/11/2005 18:23)
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269887 - 16/11/2005 18:21 Re: When all you have is the exe? [Re: peter]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Have you made sure your compiler, external libraries, whatever other tools get used, etc., are the same versions as were used the first time?
Unfortunatly there's no documentation as to which version of the libraries the previous developers used, so I had to guess. Bad news, of course, but I really don't have any other option that I can see.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269888 - 16/11/2005 19:49 Re: When all you have is the exe? [Re: JeffS]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Well all this just became moot. My manager has said to stop trying to find the code. She's going to go and admit to the business unit that we lost the code and suggest either we rewrite the app (which has been slated to happen for a while anyway- in fact, it's why I was hired) or do full regression testing with the users. If they choose the latter it'll be very interesting because this app is so buggy it never made it out of QA in the first place.

I've been pushing for testing anyway because I hate making changes to apps without being able to ensure that the functionality hasn't changed, so I'm relatively pleased. I feel bad for my manger- even though I don't care for her very much, she wasn't around when this source was written (and lost apparently) but she'll get her head handed to her when she talks to the business unit.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269889 - 16/11/2005 20:14 Re: When all you have is the exe? [Re: JeffS]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Out of curiosity, does the application show other signs of being sloppily written? (E.g., bad comments, no bug tracking, no unit tests, no design documents, etc.) I suspect that it's a given that poor process leads to poor results.

Top
#269890 - 16/11/2005 20:18 Re: When all you have is the exe? [Re: JeffS]
jpt
new poster

Registered: 10/11/2005
Posts: 35
Ugh. Your job sounds like my previous job, which very nearly put me off computers entirely.
_________________________
MkIIa #40104178, 22GB

Top
#269891 - 16/11/2005 21:22 Re: When all you have is the exe? [Re: DWallach]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Out of curiosity, does the application show other signs of being sloppily written?
Oh, it's horrible. No documentation. Several methods over 1,000 lines. Poor comments. No bug tracking. No testing of any kind. Global variables. Inconsistent variable naming, including a SQL call called "stupid2". Inconsistent formatting. No constraints in the database. Repeated data across several tables in the database. And to top it all off, has a nice for-switch loop. I laughed when I saw that post on thedailywtf. I cried when I saw the same construct in the code for real.

The process for this was that the users said what they wanted, the programmer coded it, they deployed it, realized it wasn't quite right and went back to the programmer with a new request. Lather, rinse, repeat. The funny thing is that the business partner proudly proclaimed this as an intelligent way of developing software. I informed him that that was NOT the way I developed software and that the code showed sloppy marks all over it. I actually printed out one of the methods and showed it to him and explained why it was so bad. He seemed convinced by the end of our conversation.

I knew the code was bad going into the job- they hired me to rewrite it, and for good reason. We are going to use a full SDLC this time around- I won't do it otherwise, with proper requirements, documentation, code reviews, and unit testing. Of course, the business partner insisted we fix a few bugs in the existing application first, which was not unexpected. I'm a realist and know how these things go. Though if we don't get to the re-write in the next six months I'm moving on.

The events of this week will change things dramatically, however. I will NOT make changes to the wrong source code without some way of verifying what the real behavior is supposed to be before deployment. And that means having regression tests. It'll take months to create those and a significant amount of user time- even then we'll have to modify whatever code we have to make it work right. Tthe business partners will not be plesaed with that timetable so I'm hoping that the they will see the light and greenlight the rewrite instead of spinning our wheels on this awful code.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269892 - 16/11/2005 21:30 Re: When all you have is the exe? [Re: jpt]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Ugh. Your job sounds like my previous job, which very nearly put me off computers entirely.
We'll see. It's a fantastic company, but the software development group is very immature. The developers are much better than average, though management hasn't figured out how to use the team properly yet. I am hopeful they will.

The programmer who wrote the application I'm working on is notorious around the office as the worst in history of man. His code provides pretty good support for that claim, I'm afraid.

I think my fate will be determined in the next 24 hours- if things go poorly (i.e. they decide to just go with what we have, regardless of the fact we don't know what it does) then my resume will be out tomorrow evening.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269893 - 16/11/2005 21:31 Re: When all you have is the exe? [Re: JeffS]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Okay, I'm not a programming imbecile (though I'm no expert), but are these people really using a loop with a conditional inside the loop to do things in sequence instead of just, well, doing them in sequence?

Thank god for DeVry graduates.
_________________________
Bitt Faulk

Top
#269894 - 16/11/2005 21:43 Re: When all you have is the exe? [Re: wfaulk]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Okay, I'm not a programming imbecile (though I'm no expert), but are these people really using a loop with a conditional inside the loop to do things in sequence instead of just, well, doing them in sequence?
Yup, amazing isn't it?

I believe the rational in the program I'm maintaining is that there is common code at the bottom of the loop. This is a dumbed down version (the actual method is 3,000+ lines long):

Code:

for (i=0; i<reports.count; i++)
{
switch (i)
{
case 1:
if (checkboxes[1].checked)
r = BuildReport1();
break;
case 2:
if (checkboxes[2].checked)
r = BuildReport2();
break;
..
}
PrepareReport(r);
...
OutputReport(r);
}



For each of the places I put a method call, there is actual code to build each report, prepare it, and output it.

Even with the common code, it's a very brain dead way of doing things, though.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269895 - 16/11/2005 21:46 Re: When all you have is the exe? [Re: JeffS]
bonzi
pooh-bah

Registered: 13/09/1999
Posts: 2401
Loc: Croatia
Quote:
Oh, it's horrible. No documentation. Several methods over 1,000 lines. Poor comments. No bug tracking. No testing of any kind. Global variables. Inconsistent variable naming, including a SQL call called "stupid2". Inconsistent formatting. No constraints in the database. Repeated data across several tables in the database. And to top it all off, has a nice for-switch loop. I laughed when I saw that post on thedailywtf. I cried when I saw the same construct in the code for real.

Aaaagrh, my eyes!!! Boy, you could write a book on "Top 1000 wrong ways to write software" from this.

Quote:
The process for this was that the users said what they wanted, the programmer coded it, they deployed it, realized it wasn't quite right and went back to the programmer with a new request.

Well, iterative prototyping, as a way to capture and later verify specification, is not bad per se, but requires discipline and is much easier to do with a RAD tool (wich have fallen out of vogue; my favorite is Prolific's Panther, BTW) than essentialy 3G language, OO or not, as Java.

I agree that the only way is to more or less build the beast from the scratch, by the book. I hope your nerves are strong - you will need them. Good luck!
_________________________
Dragi "Bonzi" Raos Q#5196 MkII #080000376, 18GB green MkIIa #040103247, 60GB blue

Top
#269896 - 16/11/2005 21:59 Re: When all you have is the exe? [Re: bonzi]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Well, iterative prototyping, as a way to capture and later verify specification, is not bad per se, but requires discipline and is much easier to do with a RAD tool (wich have fallen out of vogue; my favorite is Prolific's Panther, BTW) than essentialy 3G language, OO or not, as Java.
I'm all for iterative prototyping, but there is a difference between that and code-and-fix, which is clearly what was being described to me by the user. And it's pretty clear that "discipline" was a four letter word to this developer. Oh, and you can add to the list that he'd "fix" the data for the users in the database when the program's calculations messed up and then didn't fix the program. And they wondered why their data was so messed up after he was fired.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269897 - 16/11/2005 22:35 Re: When all you have is the exe? [Re: JeffS]
DWallach
carpal tunnel

Registered: 30/04/2000
Posts: 3810
Quote:
I believe the rational in the program I'm maintaining is that there is common code at the bottom of the loop.

Wow. If this C code, then you could always do this with a macro and avoid the loop. Still, if you've got a long list of things to do, I'd be sorely tempted to have an array of function pointers (or Java objects or whatever) or even an external scripting language. I think I'd go nuts if I was asked to debug that steaming pile. It's almost certainly easier for you to just start over. You'll finish sooner and have a better product. The only question is how you can convince your management of that fact.

For what it's worth, next semester I'm teaching my sophore-level algorithms and software engineering course. The traditional textbook has always been Cormen, Leiserson and Rivest's algorithms bible. I taught all the software engineering bits without any particular textbook, but with references to web sites on things like pair programming and such. This year, I'm adding The Pragmatic Programmer, which gets high reviews on Amazon and is an enjoyable, light read. They don't bring up this particular topic, but they'd probably either recommend writing a program to write your program for you, or to use a scripting language. They certainly pound the podium about don't repeat yourself, which your predecessor seems to have not exactly taken to heart.

Top
#269898 - 16/11/2005 23:28 Re: When all you have is the exe? [Re: DWallach]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Quote:
Wow. If this C code, then you could always do this with a macro and avoid the loop.
Not quite, since I simplified for the sake of being able to post here and have it be readable. The loop is completely unecessary, as all he's doing is going right down the list- you just have to move the common code at the bottom into a method that you call after building each report. The reason a macro wouldn't work is that for each place I have "BuildReportX" there are about 100 lines of code that actually build the report (You know, build a query in line so it's open for SQL injection attack, execute the query, format the results). It is very difficult to read since there are actually 4 of these loops in the same function- 1 to view the report, 1 to print it, 1 to fax it, and 1 for email.

And, I might add, the array is completely unnecessary, as the checkboxes in the array are available to the code. I guess he was worried that the names of the controls (checkbox1, checkbox2, . . .) weren't very clear- "checkboxes[1]" is much better.

The thing is, if I get to rewrite this (which once again, is what I was hired to do) I'll be able to knock this out of the park with my eyes closed.


Edited by JeffS (16/11/2005 23:32)
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top
#269899 - 17/11/2005 00:06 Re: When all you have is the exe? [Re: JeffS]
g_attrill
old hand

Registered: 14/04/2002
Posts: 1172
Loc: Hants, UK
I am continually amazed at some projects I've been working with over the past few years. I meet some other company who is doing some programming work and think "damn, they must be really good, my code is going to look really amateur when they see it". And then I see while they may talk the talk, what comes out is not that good.

An example is a project where 99% of the code was to be written in India. Now they may be cheap, but the coding must take four times longer, and the project manager admitted he had wished he had paid up for UK developers because they are really slow. Also the entire project was supposed to be localised in a second phase (already priced up), but much of the coding wasn't written with this in mind, eg. pieces of text called "Label12" which will make no sense in the resource files. Also the project managers are given bonuses according to the project's profit, so they have an incentive to have the spec altered so it can be charged for, and an incentive to have defects accepted when they should be fixed.

A much more recent example is a project I am working on right now. I am doing a new website for a long-term customer in another area. They have just bought an expensive membership management system from a large general purpose software company. The software has a web-module which allows users to alter their addresses, pay their subs etc. Anyway, I was looking through the cookies that it drops when you log in, and yes, it seems that the UserID is set as a cookie and is the only thing used to subsequently authenticate the user..... now this will be a delight to report, because during the planning stages I was advising against certain things because I believe them to be an excessive amount of work and not in the client's interests - it was then suggested that it was because we weren't able to do it, I will certainly get great delight in reporting this flaw! (obviously I will do it carefully, I know this sort of thing can backfire easily)

Gareth

Top
#269900 - 17/11/2005 14:30 Re: When all you have is the exe? [Re: JeffS]
JeffS
carpal tunnel

Registered: 14/01/2002
Posts: 2858
Loc: Atlanta, GA
Well, the plot thickens. Apparently my manager and I miscommunicated, because she is not meeting with the business partner. Rather she and I are going to meet with the company’s CIO and CTO to determine a course of action. Wheeee!

So I looked into version control some more and this is what I found:

The binary that was released into production was first checked in BEFORE the source code was labeled. Other changes were checked in AFTER the binary was initially checked in, changes that are not in the release. The question is whether we can assume that everything in version control as of the point the binary was checked in is correct. Sounds like a dangerous assumption to me.

I thought version control was a relatively simple concept. Apparently I was wrong.
_________________________
-Jeff
Rome did not create a great empire by having meetings; they did it by killing all those who opposed them.

Top