Posts

Showing posts from December, 2010

C modules unit-testing in Linux

Image
In spite of its age, C programming language is still very popular, especially for developing system or low-level software like drivers, compilers, virtual machines etc. And as any software, it have to be tested. Let me show brief introduction in unit-testing for C modules. There are many unit-testing frameworks for C, and one of the most well-known is cmockery . But I'll show the usage of much more simpler "framework" - FCTX . The main advantage of it is that it consists of just one header file, so it can be easily used for test tasks, small projects and examples. For calculating code coverage I use gcov / lcov tools. Gcov is included in GCC, so you don't have to install it. Lcov is a graphical front-end for Gcov and should be installed from the repository: $ sudo apt-get install lcov As a sample code for testing I'll use a simple hash function from Robert Sedgwicks Algorithms in C book: #include "hash.h" unsigned int RSHash(char* str, uns...

Is Python appropriate language for the developing high-load systems?

The short answer - yes . The reasons are below: There are well-knows systems (like YouTube) that shows Python suitability: YouTube Architecture The most performance problems are related with not a language speed, but with communication and databases speed. Let me show the example from my own experience: I've worked on project that process a huge amount of data (about inserting 100-200k records a day, and selecting from about 100-200 million records 10-20 times per second). The bottleneck was a database, not the language speed. All indexes were pretty complex, and selecting can take up to 30-90 seconds which was inappropriate. We had to change architecture: use data pool, caches, AMQP (with RabbitMQ server), and after that we don't know any problems at all with performance. Right tools means everything. For example, if you have to serve enormous web-requests, just use the suitable webserver like Tornado . Especially it is useful for serving Comet -based web applications. A...

Explaination of JavaScript "The Da Vinci Code"

Novice security researchers can reach an impasse analyzing the such-like JS-code (it generates an alert): (É=[Å=[],µ=!Å+Å][µ[È=-~-~++Å]+({}+Å) [Ç=!!Å+µ,ª=Ç[Å]+Ç[+!Å],Å]+ª])() [µ[Å]+µ[Å+Å]+Ç[È]+ª](Å)  I would like to remove the veil of secrecy, and explain how it works. It uses several JS-rules: implicit type conversion; arrays indexing; string and arithmetic operations (unary and binary); JSON-based object creation; referencing the global object ( window ) using some functions with invalid or empty parameters; accessing properties by bracket notation. Let me show it in action via JavaScript Shell : [] //explicit empty array declaration ![] //implicit conversion to the Boolean value false []+![] //implicit conversion to the String value false ([]+![])[3] //get a char by index 3 s a=[],++a //implicit conversion to the Integer value 1 ([]+![])[a=[],++a] //use several implicit conversion, get a char by index 1 a {} //explicit empty object creatio...