Curl Cyclomatic Complexity

I was at the OWASP Sweden meeting last night and spoke about Open source and security. One of the other speakers present was Simon Josefsson who in his talk showed a nice table listing functions in his project sorted by “complexity“. Functions above a certain score are then considered “high risk” as they are hard to read and follow and thus may be subject to security problems.

The kind man he is, Simon already shows a page with a Curl Cyclomatic Complexity Report nicely identifying a bunch of functions we should really consider poking at to decrease complexity of. The top-10 “bad” functions are:

Function Score Statements Lines Code
ssh_statemach_act 254 880 1582 lib/ssh.c
Curl_http 204 395 886 lib/http.c
readwrite_headers 129 269 709 lib/transfer.c
Curl_cookie_add 118 247 502 lib/cookie.c
FormAdd 105 210 421 lib/formdata.c
dprintf_formatf 92 233 395 lib/mprintf.c
multi_runsingle 94 251 606 lib/multi.c
Curl_proxyCONNECT 74 212 443 lib/http.c
readwrite_data 73 127 319 lib/transfer.c
ftp_state_use_port 60 195 387 lib/ftp.c

I intend to use this as an indication on what functions within libcurl to work on. My plan is to primarily break down each of these functions to smaller ones to make them easier to read and follow. It would be cool to get every single function below 50. But I’m not sure that’s feasible or even really a good idea.

Rockbox displays stuff on Sansa v2

The small team of Rockbox hackers working on the Sandisk Sansa v2 architecture have been doing some great progress recently and I think it’s fair to say that we all enjoy Rafaël Carré’s photo on the left here (showing a Sansa Clip) that shows the state of where things are right now.

There is code running. There’s a start on a LCD driver and there’s a working concept to put our own bootloader code onto the device that can load and start rockbox in a future.

Nice work on this guys!

Rockbox on FLOSS Weekly #43

Randal Schwartz and Leo Laporte interviewed our own Paul “Llorean” Louden about the Rockbox project on FLOSS Weekly and we were a bunch of Rockboxers hanging out on the IRC channel #rockbox while it was streamed live. This will be in the FLOSS Weekly episode #43 that’s supposedly going to become available on friday the 3rd of October.

I think Paul did a great job explaining a lot of things, big and small, around the project and how it works and runs.