Tuesday, August 12, 2008
Tuesday, July 15, 2008
Is Microsoft Fun? (Aka View
A question I usually get, is working at Microsoft fun compared to other companies like Google? Or it's just a place for geeks :)?
Will answer this question through the next days, stay tight ;)
Monday, June 04, 2007
Microsoft Surface!
Wednesday, May 09, 2007
Macworld Boston 1997-The Microsoft Deal
It's really weird how years can change people really much, in 1997 Microsoft Saved Apple's ass by buying $150 millions worth of shares (non-voting shares and MS agreed not to sell them for at least 3 years) in Apple to save its ass and save Steve from bankruptcy, and at that time Steve Jobs was very kind, and he said Microsoft is our friends, our partners, bla bla bla.
And after 10 years and when he came back by the help of Microsoft, he doesn't leave any moment without making fun of Microsoft and Windows!!
Really people are so bad, I am just putting this video as a quick reminder:
Wednesday, May 02, 2007
Free Software, How?!
It has been long time since I posted anything which has a lot of debate in the background, any way today I'll talk about the concept of Free Software (I am not talking about Open Source, the title is really obvious, it's about FREE SOFTWARE).
So now here you are what I am thinking, every single profession in the whole world is for money, Doctors earn money from sick people, mechanical engineers earn money from people who owns any mechanical equipments, plumbers earn money from people who need plumping, even Hookers gain money from people seeking pleasure, so as you see every freaken profession on the planet earn money from servicing people who need this profession's services, so why the hell software must be different?!!!
What's the different between someone who spends 8 hours a day writing code and someone else who spends 8 hours a day making sex for money?!!
What?! A hooker makes more efforts?!
How do people measure it here?! How do they think?!! In my opinion, if there's a service which need to be free, it will me medical services because this is something that no one can live without it, but in software it's different, software is luxury, it's either for business or entertainment, so it doesn't make any freaken sense for someone to spend 6 months working day and night for free for someone else to use his efforts to gain money, or for someone to use this software when he gets bored (i.e. computer game), so why a service which is a primary need for any human costs money and a luxury service like software needs to be for free?!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
So now this is my $1,000,000 question for people who believes that software should be free:
How should software developers earn money?!!
I think I've some answers:
1- They should work on this in their spare time->whoever says this is an idiot because if this is the case, we'd return again into Stone Age.
2- They shouldn't seek money, they are doing this for mankind->Whoever say this is even more idiot that saying #1, I could accept this when I get medical services for free (in any time I should go to any doctor and do whatever I want for free), plumping services for free (in any time I should get a plumper to do whatever I want for free), hookers services for free (in any time I should get a hooker to do whatever I want for free), when all these services become free then we can accept that developers should work for mankind only!
You're more than welcome to give me any other reasons because I can't really understand the concept behind this strange wave!!!!
Saturday, February 17, 2007
Why Microsoft 1
This is the first post on a series I had the intent to start long time ago, which is why to work in Microsoft.
The first episode will be about why to work in Microsoft products, the next one will be about how funny the work in Microsoft is.
Video: Why Microsoft
Thursday, February 15, 2007
Thursday, February 08, 2007
No Comment!
Happy MDC
أنا هحكي قصه حصلت في أخر يوم
at session Mobile client SW factory by Eugenio Pace at Press Center
بعد ما أنتهت المحاضره الراجل بمنتهي الذوق والإحترام ادانا اسطوانات
windows mobile 5.0
وكان معاه كرتونه فحطها أمامه علي الأرض وكل واحد من الحاضرين يطلع يأخذ أسطوانه وطبعا كعادة الشعب المصري بيتقدموا بنظام وكل حاجه وما كانش فيه حد بيزق ولا حاجه ولا حد بيأخد أسطوانتين
المهم أنا كنت واقف جنبه علشان عايز أسأله علي حاجه ففيه واحده طلعتله وبتطلب منه أسطوانه فهو سأل
Edward Jezierski
بيقوله فين الإسطوانات فقعد يدور عليها ثم رد عليه رد
Box is gone
يعني لما واحد يأخد اسطوانتين ماشي يأخذ تلاته ماشي برضه أما يأخد الكرتونه بالإسطوانات ده بقي اللي عيب
ففيه واحد من الناس اللي واقفه بص لي وضحك و قالي جمله
Welcome to Egypt
وأنا بقي مش عارف هما سمعوها ولا لأ؟؟؟؟؟
وفي النهايه
Eugenio Pace
طلع أسطوانه من اللاب توب بتاعه وأدهالها بجد الراجل ده أخلاقه عاليه قوي وقالها
This is the latest one
ياجماعه عيب اللي بيحصل ده أحنا بنهين نفسنا وبنهينا بلدنا وبنهين أخلاقنا أتمني مثل هذا الموقف ما يحصلش تاني
Wednesday, December 27, 2006
Perception vs. Reality
There's a nice picture I was seeing every day in my floor in my building whenever I am going to my office, only last week I though about its meaning, when someone is thinking about a software, and he's designing it, his perception about the size of the software, number of expected bugs, customers' cases, etc, would be something like this:
But when you actually go and begin working in the product, suddenly you found that the reality is something like this:
So usually make sure that you're working in a Chihuahua and not a Boxer.
Tuesday, December 12, 2006
Which RDBMS is very secure: SQL Server vs. Oracle
I found this nice comparison between Oracle and SQL Server in Security:
Let's zoom-in into the graph a little bit:
Now as you see no security flaws have been reported in SQL Server 2005 since it has been released.
Interpretation of results - some Q and A
Do Oracle’s results look so bad because it runs on multiple platforms?
No – pretty much most of the issues are cross-platform. In the 10gR2 graph every flaw affects every platform.
Do the SQL Server 2005 results have no flaws because no-one is looking at it?
No – I know of a number of good researchers are looking at it – SQL Server code is just more secure than Oracle code.
Do you have any predictions on the Oracle January 2007 Critical Patch Update?
Maybe – NGSSoftware are currently waiting for Oracle to fix 49 security flaws – these will be fixed sometime in 2007 and 2008.
Do these results contain unfixed flaws?
No – only those that have been publicly reported and fixed are in the data.
Why have there been so little bugs found in SQL Server since 2002?
Three words: Security Development Lifecycle – SDL. SDL is far and above the most important factor. A key benefit of employing SDL means that knowledge learnt after finding and fixing screw ups is not lost; instead it is ploughed back into to the cycle. This means rather than remaking the same mistakes elsewhere you can guarantee that new code, whilst not necessarily completely secure, is at least more secure than the old code.
Microsoft SQL Server
Security issues and fixes in SQL Server 7, 2000 and 2005 since December 2000 to November 2006. Five MDAC security flaws over this period of time have not been included in these results because MDAC is part of Windows and not SQL Server.
Oracle
Security issues and fixes in Oracle 8, 9 and 10 since December 2000 to November 2006.Only security issues found in the TNS Listener and the RDBMS itself have been includedin the following graph. This means issues found in components such as the IntelligentAgent or the Oracle Application Server have not been included.
Source:
http://www.databasesecurity.com/dbsec/comparison.pdf
More Information:
http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-cerrudo.pdf
Saturday, September 16, 2006
Windows Security VS Linux/Unix Security
I am always believing that media could do anything even the invert of truth, why I am saying this?
Because all the previous time, people were thinking the Linux/Unix is much secure than Windows, which I finally found the proof that it’s not true:
Between January 2005 and December 2005 there were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 multiple operating system vulnerabilities
Source: http://www.us-cert.gov/cas/bulletins/SB2005.html
Friday, July 14, 2006
First Technical Article
As I promised before, here you're my first technical article:
http://blogs.msdn.com/mmeshref/archive/2006/07/14/666241.aspx
Waiting for your comments :)
Monday, July 03, 2006
Technical Articles!
Finally I've taken the step to begin writing many technical articles on SQL Server Manageability on my technical blog.
Stay updated as this blog will be updated with a new article every week at max.
Monday, April 17, 2006
Bug in Google
Hello all,
Few moments ago while I was searching for something using google, I discovered a bug, the bug simply that for a given string, the output is always nothing, I mean by nothing here not zero results found, I mean white page.
And as every software developer knows, and as we got from ACM contests, a valid function is that have a valid output for every input, so we all know that entering non-valid input for any program is not an excuse to crash or make nothing, the input string is to search simply for "\\." (without the quotations), and any way, I've tried the same input on MSN, Yahoo, and Altavista, and everyone of them handled it by its way, Yahoo seems to me that it has removed the "." and just searched for the "\\" part, both MSN and Altavista returned zero results.
A very weird thing one of my friends (yasser) discovered after that, that whenever you enter any special characters compination in Google (like "$%%^!"), you'll receive the same output, weird right?!!
Even if it's not a bug, it will be worst, because it's really weird to output a white paper for the user in which he doesn't know what's happening, for me as example, the first time I pressed search and I got this white result, I thought something is wrong in my connection and tried it several times (you know sometimes you may have some http errors which prevent some parts from any page from appearing), so when anyone got the same output, is it from Google or internet connection error, or something else?!
Cool, it's the first time for me to encounter white page in google :D
Wednesday, October 12, 2005
Microsoft Visual Studios 2005 Team System, Episode IV (Microsoft Visual C# 2.0 new Features Part A)
Now I'll resume the Visual Studio 2005 Articles, but I'll put one or two new features in each new article to stop it from being to large. Figure 1. Message box shown when you make a change that is not allowed
Let's begin.
One of the most amazing features which come with C# 2.0, is the enabling of edit and continue in debugging mode, in this article, we'll talk about what's edit and continue, how it's working, and its limitations inside C# 2.0, for the full article, visit: http://msdn.microsoft.com/vcsharp/default.aspx?pull=/library/en-us/dnvs05/html/edit_continue.asp
What is edit and continue?
Edit and Continue (hereafter referred to as E&C) is a new debugging feature introduced in Visual C# 2005, it was used by VC++ developers since early VC++ editors.
It allows you to make changes to the code while an application is being debugged and to apply the code changes without having to end execution, rebuild, and run the application again.
But how it could make your life easier?!
Imagine you're making something like a complete Game Engine, or a huge 3D game, and as you know debugging such applications is like hell, now imagine after 20 pr 30 min of full debugging, you discovered that you need to change something in your code, but Ohh my god, I must stop the debugging and restart it again, so all the time I passed in the debugging (the 30 min) is over now, and furthermore, I may lost the exception which I had already caught if I tried to restart it again, so what shall I do?!!
Now this is why you should use edit and continue, because now you're not forced to stop and restart the debugger again, it'll just get the edits you made, inject it to the code inside memory and here you're debugging the application after being changed without restarting it, isn't it amazing ;)
How does edit and continue work?!
Though E&C is simple to use, the CLR and the compiler have to work together to do some heavy lifting in the background. When a file is edited in the IDE during a debugging session, the compiler first checks whether the change is allowed or not. If it is not possible to perform that change, you'll see a dialog box like the one in Figure 1.
Clicking the Edit Code button takes you back to the debugging session to allow you to fix the errors that won't allow the debugging session to continue. You might choose this option if the errors that didn't allow E&C to continue were build errors. . Clicking the Stop Debugging button ends the current debugging session and reverts back to design mode. You would choose this option if the errors detected are changes that you need to make. The compiler supplies delta-IL and delta-metadata, which is used to replace parts of the existing IL and metadata in memory. Delta-IL and delta-metadata simply refers to the gap used to insert the edited code. If the edited methods have been JIT-ed into native x86 code, they are replaced with new x86 code.
Limitations of Edit and Continue:
The rule of thumb for making E&C changes is that you can change virtually anything within a method body, so larger scope changes affecting public or method level code are not supported. Some examples of such unsupported changes are:
· Changing the name of a class.
· Adding or removing method parameters.
· Adding public fields to a class.
· Adding or removing methods.
That's all for today, next time we'll talk about Generics the new feature in C# 2.0 which mimics C++ templates but in different way.
Catch you later.....
Thursday, October 06, 2005
Microsoft Visual Studios 2005 Team System, Episode III (Microsoft Visual C++ 2005 new Features Part B)
Now it's time for Visual C++ 2005 new features part B, so what else?! return x; } Now to pass through these 3 stages: Figure 5. A control flow graph, where the purple nodes get inlined, while the blue node does not class Base // This is the Func function call after PGO has optimized it. 4- Changes in compiler switches:
3- Additions for optimizing the generated applications:
Another huge part is the optimization inside Visual C++ 2005, you'll know all now about PGO (profile guided optimization) in this part.
We all know about aggressive optimization offered before in Visual C++ 2003 and 2002, I don't know whether they have any modifications inside it or not, but I'd like to talk about PGO now because it's really a very nice features.
My source in this article is MSDN in addition to a private seminar held by one of the VC++ team members in my old company Sakhr, you can find the whole article source at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/profileguidedoptimization.asp
Now let's jump into details, to know about how PGO works, you need a quick idea about how normal optimization in compilers are working, to know this, look at this sample:
int setArray(int a, int * array)
{
for (int x = 0; x
From this file the compiler knows nothing about the potential values for "a" (besides they must be of type int), nor does it know anything about the typical alignment of array.
This compiler/linker model is not particularly bad, but it misses two major opportunities for optimization: First, it doesn't exploit information that it could gain from analyzing all source files together; secondly it does not make any optimizations based upon expected/profiled behavior of the application. That's what WPO (Whole Program Optimization) and PGO (Profile Guided Optimization) are doing.
Before knowing PGO, let's know at first how traditional WPO in Visual C++ is working.
With Visual C++ 7.0 and beyond, including all recent versions of the Itanium® compiler, Visual C++ has supported a mechanism known as link-time code generation (LTCG).
LTCG is a technology that allows the compiler to effectively compile all the source files as a single translation unit. This is done in a two-step process:
1- The compiler compiles the source file and emits the result as an intermediate language (IL) into the generated .obj file rather than a standard object file. It's worth noting that this IL is not the same thing as MSIL (which is used by the Microsoft® .NET Framework).
2- When the linker is invoked with /LTCG switch, the linker actually invokes the backend to compile all the code compiled with WPO. All of the IL from the WPO .obj files are aggregated and a call graph of the complete program can be generated. From this the compiler backend and linker compiles the whole-program and links it into an executable image.
Now with WPO, the compiler knew all about the structure of the whole program, and so will be more effective certain types of optimizations.
For example, when doing traditional compilation/linking, the compiler could not inline a function from source file foo.cpp to source file bar.cpp. When compiling bar.cpp, the compiler does not have any info about foo.cpp. With WPO the compiler now has both bar.cpp and foo.cpp (in IL form) available to it, and can make optimizations that ordinarily would not be possible (like cross translation unit inlining).
To compile your program using LTCG, first you compile your program using whole program optimization switch: /GL
After that link it using /LTCG switch.
Now your generated executable is always faster, although it needs more memory and time to compile using this switch, but the final output deserves these.
But what if you want more optimization?!
It's now PGO turn.
Now you gained a bit performance using WPO through /LTCG switch, but you can gain additional performance which will be very significant using PGO in addition to LTCG.
The idea of how PGO is working is simple, you just run your application several times, and every time a profile for your application is created which is containing all the info about how many times each function is executed, and about the most used parts of your code, and then you use it after that to re-build your application based on this profiles.
The whole process is done in 3 main stages:
1- Compile into instrumented code (first compilation phase).
2- Train instrumented code (profiles generation phase).
3- Re-compile into optimized code (based on generated profiles).
And here you're a graphic representation for how the whole process looks like:
1- Compiling instrumented code:
The first phase is to instrument the code, to do this, you first compile the source files with WPO (/GL). After this take all of the source files from the application and link them with the /LTCG:PGINSTRUMENT switch (this can abbreviated as /LTCG:PGI). Note that not all files need to be compiled as /GL for PGO to work on the application as a whole. PGO will instrument those files compiled with /GL and won't instrument those that aren't.
The instrument of you code means putting several probes inside your code, there're two main types of probes, those for collecting flow information and those for collecting value information.
The result of linking /LTCG:PGI will be an executable or DLL and a PGO database file (.PGD). By default the PGD file takes the name of the generated executable, but the user can specify the name of the PGD file when linking with the /PGD:filename linker option.
2- Training of instrumented code:
Now to train your code and generate well profiles that really reflect the usage of your application, you run your application several times with scenarios that reflect their usage in real life, after every scenario a PGO count file (.PGC) is generated and takes the name of the .PGD file with numbers reflecting the scenario number.
3- Re-Compile the Optimized code:
The last step is to re-compile your application using the generated profiles through the different scenarios you made, this time when you link you application you use the switch: /LTCG:PGOPTIMIZE or /LTCG:PGO which will use the generated profiles to create the optimized application.
Now we knew in brief how to use PGO, but the most important thing is to know how PGO could help optimizing applications?
And this is the next section.
There are several things PGO can help in the applications optimization, which are:
1- Inlining:
As described earlier, WPO gives the application the ability to find more inlining opportunities. With PGO this is supplemented with additional information to help make this determination. For example, examine the call graph in Figures 2, 3, and 4 below.
In Figure 2. we see that a, foo, and bat all call bar, which in turn calls baz.
2- Partial Inlining:
Next is an optimization that is at least partially familiar to most programmers. In many hot functions, there exist paths of code within the function that are not so hot; some are downright cold. In Figure 5 below, we will inline the purple sections of code, but not the blue.
3- Cold Code Separation:
Code blocks that are not called during profiling, cold code, are moved to the end of the set of sections. Thus pages in the working set usually consist of instructions that will be executed, according to the profile information.
4- Size/Speed Optimization:
Functions that are called more often can be optimized for speed while those that are called less frequently get optimized for size. This tends to be the right tradeoff.
5- Block Layout:
In this optimization, we form the hottest paths through a function, and lay them out such that hot paths are spatially located closer together. This can increase the utilization of the instruction cache and decrease the working set size and number of pages used.
6- Virtual Call Speculation:
Virtual calls can be expensive due to the jumping through the vtable to invoke method. With PGO, the compiler can speculate at the call site of a virtual call and inline the method of the speculated object into the virtual call site; the data to make this decision is gathered with the instrumented application. In the optimized code, the guard around the inlined function is a check to ensure that the type of the speculated object matches the derived object.
The following pseudocode shows a base class, two derived classes, and a function invoking a virtual function:
The code below shows the result of optimizing the above code, given that the dynamic type of "A" is almost always Foo.
void Func(Base *A){
...
while(true) {
...
if(type(A) == Foo:Base) {
// inline of A->call();
}
else
A->call();
...
}
}
Catch you later.....
Wednesday, October 05, 2005
Microsoft Visual Studios 2005 Team System, Episode II (Microsoft Visual C++ 2005 new Features Part A)
Now it's the time for the first technical article, it'll be about the new features added inside Microsoft Visual C++ Whidbey, of course it won't be a complete guide for those searching for every thing new (they can refer to C++ language specification), but Iam only listing here the new amazing features which are added to Microsoft Visual C++.
The new additions for Visual C++ are categorized into 3 main categories:
1- Additions to the core language compiler.
2- Additions for giving the applications more security.
3- Additions for optimizing the generated applications.
4- Changes in compiler switches.
We'll talk about each of these sections in more detail now.
1- Additions to the core language compiler:
During last several years, C++ compiler wasn't following the pure standard rules, in other words, Microsoft Visual C++ compiler till version 2003, was not following the standard C++ language and it wasn't conformant, it was accepting things that mustn't be accepted and was refusing things that mustn't be refused, and so when some body is trying to compiler some code from Unix or Linux on MS VC++ compiler, he'll usually get tons of compilation errors.
This problem had been solved completely, now VC++ compiler is more standard than any compiler (it's about 98% following standard rules), it's more standard than Intel's compiler and gcc, and so, now you can easily import Unix and Linux code and libraries and build them easily without any problems or errors, but you are supposed to get some errors if you compile your old code, and this will be the case only if your old code is not following the standard rules.
2- Additions for giving the applications more security:
Visual C++ 2005 adds a lot of options to make you sure that you're shipping a secure application and makes it passes through many levels of checks, I'll take the example of buffer overrun through this article to make it clear for every body, the first addition to support this, or to say the first level, is making a lot of changes in C and C++ libraries, every function which is dealing with strings or character pointers or any function which may lead to buffer overrun and such security vulnerabilities, is having a new version from it to secure your application, as example, imagine this simple application which will show you the buffer overrun vulnerability through stack overrun from writing secure code great book:#include "stdio.h"
#include "string.h"
void foo(const char * input)
{
char buf[10];
//What? No extra arguments supplied to printf?
//It's a cheap trick to view the stack 8-)
//We'll see the trick again when we look at format strings.
printf("My stack looks like:\n%p\n%p\n%p\n%p\n%p\n% p\n\n");
//Pass the user input straight to secure code public enemy #1
strcpy(buf,input);
printf("%s\n",buf);
printf("Now the stack looks like: \n%p\n%p\n%p\n%p\n%p\n% p\n\n");
}
void bar(void)
{
printf("Augh! I've been hacked!\n");
}
int main(int argc, char * argv[])
{
//Blatant cheating to make life easier on myself
printf("Address of foo = %p\n",foo);
printf("Address of bat = %p\n",bar);
if(argc != 2)
{
printf("Please supply a string as an argument!\n");
return -1;
}
foo(argv[1]);
return 0;
}
Now let's try to show how we could make the overrun happens, first let's try to run it in normal mode:
D:\Secureco2\Chapter05>StackOverrun.exe Hello
Address of foo = 00401000
Address of bar = 00401045
My stack looks like:
00000000
00000000
7FFDF000
0012FF80
0040108A <-- We want to overwrite the return address for foo. 00410EDE
Hello
Now the stack looks like:
6C6C6548 <-- You can see where "Hello" was copied in.
0000006F
7FFDF000
0012FF80
0040108A
00410EDE
Now let's try another input:
D:\Secureco2\Chapter05>StackOverrun.exe ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Address of foo = 00401000
Address of bar = 00401045
My stack looks like:
00000000
00000000
7FFDF000
0012FF80
0040108A
00410EBE
ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Now the stack looks like:
44434241
48474645
4C4B4A49
504F4E4D
54535251 <-- Return address has changed to this number.
58575655
We'll get now an error message telling us that we're trying to execute instruction at 0x54535251.
And as we see 0x54 is the code for the letter T, so if we tried this time:
D:\Secureco2\Chapter05>StackOverrun.exe ABCDEFGHIJKLMNOPQRS
Address of foo = 00401000
Address of bar = 00401045
My stack looks like:
00000000
00000000
7FFDF000
0012FF80
0040108A
00410ECE
ABCDEFGHIJKLMNOPQRS
Now the stack looks like:
44434241
48474645
4C4B4A49
504F4E4D
00535251 <-- Return address has changed to this number.
00410ECE
Now we got it, by changing the user input we're able to manipulate where the next instruction to be executed, so if we could send 0x45, 0x10, 0x40 instead of QRS, we could get bar to execute, but how we could pass these parameters and 0x10 is not even printable? We'll create a perl script (or you could create another program which passes the following input to the buffer overrun exe):
$arg = "ABCDEFGHIJKLMNOP"."\x45\x10\x40";
$cmd = "StackOverrun ".$arg;
system ($cmd);
Then run it:
D:\Secureco2\Chapter05>perl HackOverrun.pl
Address of foo = 00401000
Address of bar = 00401045
My stack looks like:
77FB80DB
77F94E68
7FFDF000
0012FF80
0040108A
00410ECA
ABCDEFGHIJKLMNOPE?@
Now the stack looks like:
44434241
48474645
4C4B4A49
504F4E4D
00401045
00410ECA
Augh! I've been hacked!
Now we knew how it could occur, now how Visual Studio has solved this problem?!
The first level is to provide the strsafe versions for strcpy and such functions, which gives another parameter which is to add the size of the buffer, when the developer is using the normal dangerous versions, the compiler will give him a warning of having the probability of exporting vulnerable code.
That looks cool, but what if the developer had committed a mistake and provided a wrong value for the buffer?!
Now we come to the second level, at execution time (this is the thing Iam not well remembering now), as you see it's all about overriding some values on the stack, the compiler will make many things, the one I am remembering now is the shadow copy of the stack and when it's trying to return will compare the old with the new and then determine if someone has made any thing over the stack or not, I am really not remembering the exact actions, so no body asks me how it's done exactly :D, but whenever I remember or find any resource on the web which is discussing how they made it, I'll put it here immediately :)
I think it's really enough for today, next time I'll resume the new additions in VC++ as I am tired now from writing all these stuff
Catch you later.....
Tuesday, October 04, 2005
Microsoft Visual Studios 2005 Team System, Episode I (Introduction)
As I mentioned before, I'll switch my blog mode to talk in some technical stuff, I'll start here with Microsoft Visual Studio 2005 Team System, then Microsoft Windows Vista, then finally my beloved product, Microsoft SQL Server Yukon (I hope another series of articles will come after that, but that's all for now).
Before any thing, I'll divide my articles about the new version of visual studio into these parts:
1- New features in Visual C++ compiler.
2- New features in C# compiler and the new features in .Net framework.
3- The new addition over traditional Visual Studio Professional and Enterprise Editions which is the Team System.
Actually there're many new features inside the new Visual Studio version, which in my opinion will make it un-beatable when compared to many other editors, because now it's not intended to support programmers only, but also testers, managers, IT professional, system architects, all in one solution.
That's all what I can say now as a simple introduction for what I'll discuss in the following articles, the next article will talk about the new features and additions in Microsoft Visual C++ compiler,
Catch you later.....
Sunday, August 07, 2005
3D Game Event
Ohhh, it had been very long time since I had written any thing in this blog :), any way, in the last week I got a phone call from IDEAVELOPERS, a firm which is related to commercial funds in IT field, the attendees were the teams them-selves, IDEAVERLOPERS' business associates and consultants and EFG Hermes Private Equity team responsible managing the Technology Development Funds, the event was about Game Development and Production, we had went there in a hope to get some funds in order to get good media team to complete our game, the events had been in this way: That's all till now, and I hope soon we got some good news :)
Thursday, June 16, 2005
Is it a bug in the C# compiler or what?
I don't know whether the up-coming expression evaluation in the C# had revealed a bug inside the C# compiler or not, any way let's discuss it:
Imagine we've a function like this in C#:
void Func(ref int a, ref int b)
{
a ^= b ^= a ^= b;
}
Usually if we used the right to left compiler expression evaluation, we'll walk in this way, at first we know our variables' values are changing in each step, so we can easily determine that the expression must be renamed to be:
a2 ^= b1 ^= a1 ^= b0;
And when we make it as successive steps, it'll be:
a1 = a0 ^ b0;
b1 = b0 ^ a1;
a2 = a1 ^ b1;
In this case:
a-final = a1^b1 = (a0 ^ b0) ^ (b0 ^ a1) = (a0 ^ b0) ^ (b0 ^ (a0 ^ b0))
And after replacing all a0 with a and b0 with b, it'll be:
a-final = (a ^ b) ^ (b ^ (a ^ b)) = (a ^ b) ^ a = b.
The same steps done in b-final:
b-final = b0 ^ a1 = b0 ^ (a0 ^ b0) = b ^ a ^ b = a.
So we can easily determine that this function will do a simple swapping between the two variables, then where's the bug?!!
The bug will be raised when we try to evaluate the expression from right to left without renaming the variables, in this case:
a ^= b ^= a ^= b;
Will be evaluated as Three steps in order: a = a ^ b;
b = b ^ a;
a = a ^ b;
so, a-final = a ^ (b ^ (a ^ b)), and here's the bug, they hadn't put in mind that the left most a in the a-final equation is not equal to the original a, it's equal to a ^ b, so they had omit extra b which will lead the expression of a-final to be evaluated as: a-final = a ^ a = zero, so instead of being a swapping function, this function will just copy the value of a in b and make a = zero.
I don't know if this is a real bug, or they intended to evaluate the expression in C# in this way (knowing that C++ compiler is evaluating it in the true order), really I don't have a clue, but I'll try to know the truth any way :)
