Hard coding

Last updated

Hard coding (also hard-coding or hardcoding) is the software development practice of embedding data directly into the source code of a program or other executable object, as opposed to obtaining the data from external sources or generating it at runtime.

Contents

Hard-coded data typically can be modified only by editing the source code and recompiling the executable, although it can be changed in memory or on disk using a debugger or hex editor.

Data that is hard-coded is best suited for unchanging pieces of information, such as physical constants, version numbers, and static text elements.

Softcoded data, on the other hand, encodes arbitrary information through user input, text files, INI files, HTTP server responses, configuration files, preprocessor macros, external constants, databases, command-line arguments, and is determined at runtime.

Overview

Hard coding requires the program's source code to be changed any time the input data or desired format changes, when it might be more convenient to the end user to change the detail by some means outside the program. [1]

Hard coding is often required, but can also be considered an anti-pattern. [2] Programmers may not have a dynamic user interface solution for the end user worked out but must still deliver the feature or release the program. This is usually temporary but does resolve, in a short term sense, the pressure to deliver the code. Later, softcoding is done to allow a user to pass on parameters that give the end user a way to modify the results or outcome.

The term "hard-coded" was initially used as an analogy to hardwiring circuits - and was meant to convey the inflexibility that results from its usage within software design and implementation. In the context of run-time extensible collaborative development environments such as MUDs, hardcoding also refers to developing the core engine of the system responsible for low-level tasks and executing scripts, as opposed to softcoding which is developing the high-level scripts that get interpreted by the system at runtime, with values from external sources, such as text files, INI files, preprocessor macros, external constants, databases, command-line arguments, HTTP server responses, configuration files, and user input. In this case, the term is not pejorative and refers to general development, rather than specifically embedding output data.

Hardcoding and backdoors

Hardcoding credentials is a popular way of creating a backdoor. Hardcoded credentials are usually not visible in configuration files or the output of account-enumeration commands and cannot be easily changed or bypassed by users. If discovered, a user might be able to disable such a backdoor by modifying and rebuilding the program from its source code (if source is publicly available), decompiling, or reverse-engineering software, directly editing the program's binary code, or instituting an integrity check (such as digital signatures, anti-tamper, and anti-cheat) to prevent the unexpected access, but such actions are often prohibited by an end-user license agreement.

Hardcoding and DRM

As a digital rights management measure, software developers may hardcode a unique serial number directly into a program. Or it is common to hardcode a public key, creating the DRM for which it is infeasible to create a keygen.

On the opposite case, a software cracker may hard-code a valid serial number to the program or even prevent the executable from asking the user for it, allowing unauthorized copies to be redistributed without the need of entering a valid number, thus sharing the same key for every copy, if one has been hard-coded.

Fixed installation path

If a Windows program is programmed to assume it is always installed to C:\Program Files\Appname and someone tries to install it to a different drive for space or organizational reasons, it may fail to install or to run after installation. This problem might not be identified in the testing process, since the average user installs to the default drive and directory and testing might not include the option of changing the installation directory. However, it is advisable for programmers and developers not to fix the installation path of a program, since the default installation path depends on the operating system, OS version, and sysadmin decisions. For example, many installations of Microsoft Windows use drive C: as their primary hard disk, but this is not guaranteed.

There was a similar issue with microprocessors in early computers, which started execution at a fixed address in memory.

Startup disk

Some "copy-protected" programs look for a particular file on a floppy disk or flash drive on startup to verify that they are not unauthorized copies. If the computer is replaced by a newer machine, which doesn't have a floppy drive, the program that requires it now can't be run since the floppy disk can't be inserted.

This last example shows why hard coding may turn out to be impractical even when it seems at the time that it would work completely. In the 1980s and 1990s, the great majority of PCs were fitted with at least one floppy drive, but floppy drives later fell out of use. A program hard-coded in that manner 15 years ago could face problems if not updated.

Special folders

Some Windows operating systems have so called Special Folders which organize files logically on the hard disk. There are problems that can arise involving hard coding:

Profile path

Some Windows programs hard code the profile path to developer-defined locations such as C:\Documents and Settings\Username. This is the path for the vast majority of Windows 2000 or above, but this would cause an error if the profile is stored on a network or otherwise relocated. The proper way to get it is to call the GetUserProfileDirectory function or to resolve the %userprofile% environment variable. Another assumption that developers often make is assuming that the profile is located on a local hard disk.

My Documents folder path

Some Windows programs hardcode the path to My Documents as ProfilePath\My Documents. These programs would work on machines running the English version, but on localized versions of Windows this folder normally has a different name. For example, in Italian versions the My Documents folder is named Documenti. My Documents may also have been relocated using Folder Redirection in Group Policy in Windows 2000 or above. The proper way to get it is to call the SHGetFolderPath function.

Solution

An indirect reference, such as a variable inside the program called "FileName", could be expanded by accessing a "browse for file" dialogue window, and the program code would not have to be changed if the file moved.

Hard coding is especially problematic in preparing the software for translation to other languages.

In many cases, a single hard-coded value, such as an array size, may appear several times within the source code of a program. This would be a magic number. This may commonly cause a program bug if some of the appearances of the value are modified, but not all of them. Such a bug is hard to find and may remain in the program for a long time. A similar problem may occur if the same hard-coded value is used for more than one parameter value, e.g. an array of 6 elements and a minimum input string length of 6. A programmer may mistakenly change all instances of the value (often using an editor's search-and-replace facility) without checking the code to see how each instance is used. Both situations are avoided by defining constants, which associate names with the values, and using the names of the constants for each appearance within the code.

One important case of hard coding is when strings are placed directly into the file, which forces translators to edit the source code to translate a program. (There is a tool called gettext that permits strings to be left in files, but lets translators translate them without changing the source code; it effectively de-hard codes the strings.)

Hard coding in competitions

In computing competitions such as the International Olympiad in Informatics, contestants are required to write a program with specific input-output pattern according to the requirement of the questions.

In rare cases where the possible number of inputs is small enough, a contestant might consider using an approach that maps all possible inputs to their correct outputs. This program would be considered a hard-coded solution as opposed to an algorithmic one (even though the hard-coded program might be the output of an algorithmic program).

Softcoding

Softcoding is a computer coding term that refers to obtaining a value or function from some external resource, such as text files, INI files, preprocessor macros, external constants, configuration files, command-line arguments, databases, user input, HTTP server responses. It is the opposite of hardcoding, which refers to coding values and functions in the source code.

Programming practice

Avoiding hard coding of commonly altered values is good programming practice. Users of the software should be able to customize it to their needs, within reason, without having to edit the program's source code. Similarly, careful programmers avoid magic numbers in their code, to improve its readability, and assist maintenance. These practices are generally not referred to as softcoding.

The term is generally used where softcoding becomes an anti-pattern. Abstracting too many values and features can introduce more complexity and maintenance issues than would be experienced with changing the code when required. Softcoding, in this sense, was featured in an article on The Daily WTF. [3]

Potential problems

At the extreme end, soft-coded programs develop their own poorly designed and implemented scripting languages, and configuration files that require advanced programming skills to edit. This can lead to the production of utilities to assist in configuring the original program, and these utilities often end up being 'softcoded' themselves.

The boundary between proper configurability and problematic soft-coding changes with the style and nature of a program. Closed-source programs must be very configurable, as the end user does not have access to the source to make any changes. In-house software and software with limited distribution can be less configurable, as distributing altered copies is simpler. Custom-built web applications are often best with limited configurability, as altering the scripts is seldom any harder than altering a configuration file.

To avoid softcoding, consider the value to the end user of any additional flexibility you provide, and compare it with the increased complexity and related ongoing maintenance costs the added configurability involves.

Achieving flexibility

Several legitimate design patterns exist for achieving the flexibility that softcoding attempts to provide. An application requiring more flexibility than is appropriate for a configuration file may benefit from the incorporation of a scripting language. In many cases, the appropriate design is a domain-specific language integrated into an established scripting language. Another approach is to move most of an application's functionality into a library, providing an API for writing-related applications quickly.

See also

Related Research Articles

<span class="mw-page-title-main">BIOS</span> Firmware for hardware initialization and OS runtime services

In computing, BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The firmware comes pre-installed on the computer's motherboard.

<span class="mw-page-title-main">COMMAND.COM</span> Default command line for MS-DOS and Windows 9x

COMMAND.COM is the default command-line interpreter for MS-DOS, Windows 95, Windows 98 and Windows Me. In the case of DOS, it is the default user interface as well. It has an additional role as the usual first program run after boot. As a shell, COMMAND.COM has two distinct modes of operation: interactive mode and batch mode. Internal commands are commands stored directly inside the COMMAND.COM binary; thus, they are always available, but can only be executed directly from the command interpreter.

In computer science, a preprocessor is a program that processes its input data to produce output that is used as input in another program. The output is said to be a preprocessed form of the input data, which is often used by some subsequent programs like compilers. The amount and kind of processing done depends on the nature of the preprocessor; some preprocessors are only capable of performing relatively simple textual substitutions and macro expansions, while others have the power of full-fledged programming languages.

AmigaDOS is the disk operating system of the AmigaOS, which includes file systems, file and directory manipulation, the command-line interface, and file redirection.

NTLDR is the boot loader for all releases of Windows NT operating system from 1993 with the release of Windows NT 3.1 up until Windows XP and Windows Server 2003. From Windows Vista onwards it was replaced by the BOOTMGR bootloader. NTLDR is typically run from the primary storage device, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. NTLDR can also load a non NT-based operating system given the appropriate boot sector in a file.

<span class="mw-page-title-main">Live CD</span> Complete, bootable computer installation that runs directly from a CD-ROM

A live CD is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading from a hard disk drive. A live CD allows users to run an operating system for any purpose without installing it or making any changes to the computer's configuration. Live CDs can run on a computer without secondary storage, such as a hard disk drive, or with a corrupted hard disk drive or file system, allowing data recovery.

dd is a command-line utility for Unix, Plan 9, Inferno, and Unix-like operating systems and beyond, the primary purpose of which is to convert and copy files. On Unix, device drivers for hardware and special device files appear in the file system just like normal files; dd can also read and/or write from/to these files, provided that function is implemented in their respective driver. As a result, dd can be used for tasks such as backing up the boot sector of a hard drive, and obtaining a fixed amount of random data. The dd program can also perform conversions on the data as it is copied, including byte order swapping and conversion to and from the ASCII and EBCDIC text encodings.

Installation of a computer program, is the act of making the program ready for execution. Installation refers to the particular configuration of software or hardware with a view to making it usable with the computer. A soft or digital copy of the piece of software (program) is needed to install it. There are different processes of installing a piece of software (program). Because the process varies for each program and each computer, programs often come with an installer, a specialised program responsible for doing whatever is needed for the installation. Installation may be part of a larger software deployment process.

Utility software is a program specifically designed to help manage and tune system or application software. It is used to support the computer infrastructure - in contrast to application software, which is aimed at directly performing tasks that benefit ordinary users. However, utilities often form part of the application systems. For example, a batch job may run user-written code to update a database and may then include a step that runs a utility to back up the database, or a job may run a utility to compress a disk before copying files.

<span class="mw-page-title-main">Windows Registry</span> Database for Microsoft Windows

The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and user interfaces can all use the registry. The registry also allows access to counters for profiling system performance.

<span class="mw-page-title-main">System Restore</span> System recovery feature in Microsoft Windows

System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows Me, it has been included in all following desktop versions of Windows released since, excluding Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.

<span class="mw-page-title-main">Eagle Computer</span> Early personal computer manufacturer

Eagle Computer, Inc., was an early American computer company based in Los Gatos, California. Spun off from Audio-Visual Laboratories (AVL), it first sold a line of popular CP/M computers which were highly praised in the computer magazines of the day. After the IBM PC was launched, Eagle produced the Eagle 1600 series, which ran MS-DOS but were not true clones. When it became evident that the buying public wanted actual clones of the IBM PC, even if a non-clone had better features, Eagle responded with a line of clones, including a portable. The Eagle PCs were always rated highly in computer magazines.

NTFS links are the abstraction used in the NTFS file system—the default file system for all Microsoft Windows versions belonging to the Windows NT family—to associate pathnames and certain kinds of metadata, with entries in the NTFS Master File Table (MFT). NTFS broadly adopts a pattern akin to typical Unix file systems in the way it stores and references file data and metadata; the most significant difference is that in NTFS, the MFT "takes the place of" inodes, fulfilling most of the functions which inodes fulfill in a typical Unix filesystem.

Windows Vista contains a range of new technologies and features that are intended to help network administrators and power users better manage their systems. Notable changes include a complete replacement of both the Windows Setup and the Windows startup processes, completely rewritten deployment mechanisms, new diagnostic and health monitoring tools such as random access memory diagnostic program, support for per-application Remote Desktop sessions, a completely new Task Scheduler, and a range of new Group Policy settings covering many of the features new to Windows Vista. Subsystem for UNIX Applications, which provides a POSIX-compatible environment is also introduced.

<span class="mw-page-title-main">Trash (computing)</span> Temporary storage for deleted files

In computing, the trash, also known by other names such as dustbin, wastebasket, and others, is a graphical user interface desktop metaphor for temporary storage for files set aside by the user for deletion, but not yet permanently erased. The concept and name is part of Mac operating systems, a similar implementation is called the Recycle Bin in Microsoft Windows, and other operating systems use other names.

VHD and its successor VHDX are file formats representing a virtual hard disk drive (HDD). They may contain what is found on a physical HDD, such as disk partitions and a file system, which in turn can contain files and folders. They are typically used as the hard disk of a virtual machine, are built into modern versions of Windows, and are the native file format for Microsoft's hypervisor, Hyper-V.

In Unix-like operating systems, a device file, device node, or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These special files allow an application program to interact with a device by using its device driver via standard input/output system calls. Using standard system calls simplifies many programming tasks, and leads to consistent user-space I/O mechanisms regardless of device features and functions.

<span class="mw-page-title-main">HP 64000</span> Software development system

The HP 64000 Logic Development System, introduced 17 September 1979, is a tool for developing hardware and software for products based on commercial microprocessors from a variety of manufacturers. The systems assisted software development with assemblers and compilers for Pascal and C, provided hardware for in-circuit emulation of processors and memory, had debugging tools including logic analysis hardware, and a programmable read-only memory (PROM) chip programmer. A wide variety of optional cards and software were available tailored to particular microprocessors. When introduced the HP 64000 had two distinguishing characteristics. First, unlike most microprocessor development systems of the day, such as the Intel Intellec and Motorola EXORciser, it was not dedicated to a particular manufacturer's microprocessors, and second, it was designed such that up to six workstations could be connected via the HP-IB (IEEE-488) instrumentation bus to a common hard drive and printer to form a tightly integrated network.

<span class="mw-page-title-main">AmigaOS</span> Operating system for Amiga computers

AmigaOS is a family of proprietary native operating systems of the Amiga and AmigaOne personal computers. It was developed first by Commodore International and introduced with the launch of the first Amiga, the Amiga 1000, in 1985. Early versions of AmigaOS required the Motorola 68000 series of 16-bit and 32-bit microprocessors. Later versions, after Commodore's demise, were developed by Haage & Partner and then Hyperion Entertainment. A PowerPC microprocessor is required for the most recent release, AmigaOS 4.

References

  1. Elfriede Dustin (2002). Effective Software Testing: 50 Specific Ways to Improve Your Testing. Addison-Wesley Professional. pp. 188–. ISBN   978-0-201-79429-8.
  2. Tanya Janca (14 October 2020). Alice and Bob Learn Application Security. Wiley. pp. 15–. ISBN   978-1-119-68740-5.
  3. Softcoding from The Daily WTF