High Resolution CC-0 Licensed Galaxy Brain Images

Here’s the short version: I’ve made a Creative Commons licensed version of the Galaxy Brain meme images. I’m releasing these images under the CC-0 license, which means you can use them in just about anything, including commercial works. I’ve made versions with both a masculine and feminine figure. More notes below!

If you like these, please consider supporting the work we do on Yarn Spinner, the friendly tool for dialogue trees, on Patreon.

If you just want a template you can make memes with, use one of these!

If you want high-resolution PNGs (1920 by 1080, PNG) of each of the images, download this zip!

High Resolution CC-0 Galaxy Brain Images Download

These images are licensed under CC-0. They contain material from the following sources; if you’re using them in your own works, you’ll need to acknowledge the CC-BY elements:

“Brain”, by mahesh (CC-BY): blendswap.com/blend/13180
“Stellar nursery in the arms of NGC 1672” by ESA/Hubble (CC-BY) esahubble.org/images/heic0706a/
“Generic Male Basemesh (rigged)” by lsmft (CC-0) blendswap.com/blend/8395
“Silhouette Photography Of Person Under Starry Sky” by egil sjøholt (Pexels License) pexels.com/photo/silhouette-photography-of-person-under-starry-sky-1906658/
“Starry Night Sky” by Felix Mittermeier (Pexels License) pexels.com/photo/starry-night-sky-1205301/
“Photography of Stars and Galaxy” by Free Nature Stock (CC-0) pexels.com/photo/photography-of-stars-and-galaxy-1376766/
“Realistic Human Basemesh – Male and Female – Free Sample Preview Free low-poly 3D model” by Ozne000 (CGTrader Royalty Free License) cgtrader.com/free-3d-models/character/anatomy/realistic-human-basemesh-male-and-female-free-sample-preview

Notes

We made these because we’re in the middle of writing Head First Swift, to be published by O’Reilly Media. The Head First series of books is intended to be a lighthearted and fun way to teach technical content, and my co-author, Paris, asked if we could add a galaxy brain meme in the book. Unfortunately, the nature of memes means that not only do we not have permission to publish the material in a book, it’s next to impossible to try and track down the rights-holders for those images. So, I made my own.

While I was making them, I made a couple of changes to the commonly-used formula. The initial image in most galaxy brain sequences shows an x-ray image with a picture of a scaled-down brain; I’ve always found this to be pretty ableist, especially since the meme is frequently deployed to make fun of people with bad opinions. Bad opinions are rarely the result of brain physiology. So, I opted to make the first image simply a non-glowing brain.

After posting the images on Twitter, I received several requests for a version of the images that didn’t just use the standard masculine model. Hot takes aren’t the exclusive domain of men, so I put together an additional set. (When I made these, I was glad that I didn’t make the first image use a small brain, because that would have made that image much more likely to be used in isolation as a sexist trope.)

Thanks for reading this far, and I hope these pictures bring you joy!

Analysing Performance Problems with Xcode Performance Tools, Part 1

This is the first post in a two-part series. Stay tuned for the second part.

One of the projects that we’re most excited about is our ongoing work to bring Night in the Woods to iOS. This has been an enormous amount of technical effort, and has led to a bunch of very cool spin-off projects – for example, Yarn Spinner only exists because we built it for Night in the Woods, and the research we’ve been doing in sprite compression to fit the game into a tiny amount of memory has been a blast.

A screenshot of Night in the Woods. — Night in the Woods.

One of the things we’re doing right now is improving the performance of the game on the device. Just like when you’re building a game for PCs or consoles, you want your game to be running at a high, stable frame rate. For mobile devices, this is a little more complex – you also have to consider the impact that the game has on the phone’s battery, because nobody wants to play a game and then find that their phone’s about to die.

Another important element of performance for mobile games is thermal impact. When the phone’s running a game, it’s making the hardware do a lot of work, and this makes it heat up. Modern systems – that is, anything made in the last 40 years – detect when they’re under thermal stress, and reduce their performance to avoid damage. This means that you might be able to achieve a solid 60 frames per second when you start playing, but that might get laggy in a couple minutes (or seconds!) of play. (Thermal stress is also a consideration for PCs and consoles, but it’s more critical for phones due to the reduced amount of space inside the chassis, the lack of active cooling, and the fact that you’re holding it in your hands.)

Spotting the Problem

The first thing that we noticed was that the reported frames per second in the game was low.

(We use an FPS counter called Graphy to visualise FPS. Graphy’s great – it’s easy to set up, reliable, low-impact, and open source. You should use it!)

The FPS counter was reporting an FPS count of about 20 to 40 frames per second on my iPhone X, depending on the scene. The other thing that was spotted was that the frame rate was inconsistent to boot.

Inconsistent frame rates in the Towne Centre East scene. Note the slightly jerky camera movement.

What was going on? Night in the Woods, despite its gorgeous visual style, doesn’t actually have hugely complex scenes. When diagnosing a problem like this, the first thing to do is to figure out where the bottleneck is – on the CPU, or the GPU.

Finding the Bottleneck

Xcode has a very simple tool for checking which part of the system is under the heaviest load. When running the game from Xcode, you can just click on the Debug navigator, which will show you a summary of the app’s performance.

A screenshot of Xcode's debug view. It shows the CPU at 79%, memory usage at 859MB, energy usage as Very High, disk usage at 80 KB/s, network usage at 2.9MB/s, and a frames per second count of 37.

The CPU usage and energy impact here are pretty high. Not enormously high, considering it’s a game, but still high. As the game itself reports, it’s barely achieving 30FPS frame rate. When we select the FPS element, we get some more detail:

A screenshot of the GPU load level. It shows the tiler's load at 7%, renderer at 86%, device utilisation at 100%, and CPU and GPU both taking 28.4 milliseconds to render.

The FPS report is showing that the device is 100% utilised, and that the CPU and GPU are both taking a full 28 milliseconds to produce the frames. The renderer is under significantly more load than the tiler, which effectively means that most of the work is being done by the fragment shaders, and not by having to deal with a lot of geometry (something that we’d expect, given that the polygon count of Night in the Woods, like most other 2D games, is not terribly high.)

Even though the CPU and GPU times were the same, this doesn’t necessarily mean that they’re under the same degree of load. Switching over to the CPU report showed that the CPU wasn’t really at maximum load (though this can be deceiving, since it may have been the case that a single core was at max load.)

The analysis that we’d seen so far seemed to suggest that the GPU might be the best place to look at, so we pulled out one of the two biggest and baddest tools in the chest: Instruments.

The application icon for Instruments. — .

Instruments can show a huge amount of data about the performance of an app. Happily, recent versions of the app come with the Game Performance template, which sets up a number of recorders that relate to how a game performs.

The instruments template selector. The "game performance" template is selected.

So, we ran our scene while recording data, and got back a simply enormous amount of data. It’s actually rather pretty.

There’s a lot of charts here, but the key thing to look at is at the bottom of the window, where the GPU state and display information is shown. Let’s zoom in on that.

A close-up view showing performance data from Instruments.

The purple bar at the top shows when the GPU was busy doing something. The bar is entirely filled, which means that there was no point in the run when the GPU was allowed to be idle. That’s bad, because when the GPU is active, it’s pulling energy out of the battery, and heating up the phone. We already knew this, because Xcode’s report was showing us that the device utilisation was 100%, but it’s nice to see this in a little more detail.

Where we start to see more useful information is in the ‘Display’ instrument. The Display instrument shows four charts:

The current frame shown on the screen
When a new frame was delivered to the screen, ready to be shown
When the screen vsync’ed (that is, when it attempted to swap to the next available frame)
Any frame stutters that Instruments found. There aren’t any in this screenshot, but that doesn’t mean that the display isn’t stuttering.

Take a close look at the top row of the Displays instrument. It’s showing the duration of each frame on screen, and they’re not all the same. Some are 33 milliseconds, some are 16. That’s what’s causing the janky appearance.

What’s interesting about this is that the frames are taking the same amount of time to be produced! We know this because the second row, labelled ‘scaler’, shows that each frame is being submitted to the GPU after about the same amount of time. The reason why some frames list for 33 milliseconds and some last for 16 is due to the fixed rate at which the display is swapping to the next available frame.

Understanding Frame Judder

To figure this out, let’s look at the timing information for four frames.

A close-in screenshot of Instruments, showing the timing of four frames, coloured blue, green, orange and blue again.

Here’s what’s happening at each of these four steps.

The blue frame is on screen. The next frame, shown in green, is submitted to the display.
The display hits its next vsync point. The green frame is ready, so it’s shown to the user.
The orange frame is submitted to the screen, but it’s just too late for vsync. The screen therefore has no new frame to show, so it keeps showing the green frame for another sync interval. The orange frame is eventually shown at the next vsync.
Meanwhile, the blue frame was being drawn, and it’s ready to go right away. It’s submitted to the display, and drawn right after that. The orange frame was only on screen for a single sync interval.

The problem here is not that the frames aren’t taking too long to draw. The problem is that the game is trying to send them to the screen at too high a rate. Ironically, in order to make the game smoother, we need to reduce the frame rate.

This was a one line change:

Application.targetFrameRate = 30;

The result was this:

A screenshot of Instruments, showing frame timing data. The timing of the frames is more consistent.

There are two things to note here.

First, the purple area now has gaps in it, indicating periods of time when the GPU was not active. This is a good thing! Less energy being drawn from the battery, and less heat.

Secondly, all of the frames are on screen for a consistent amount of time. They’re never missing a vsync, because the game isn’t trying to get them onto the screen as fast as it can. The game can now focus on operating at a consistent 30 frames per second.

The result is lower power consumption, and a smoother gameplay experience.

We’re Not Done Yet

But this was only part of the problem. As I mentioned earlier, the scenes in Night in the Woods are not incredibly complex; why was it taking so long to produce the frames? To solve that question, we needed to take a much closer look at the internals of how the GPU was drawing each frame.

We’ll look at how we achieved even better results in the next post. In the meantime, I’ll tease you with this:

A screenshot of Instruments, showing significantly less GPU usage.

📊 Replacing Your Gearbox at 100 MPH: How live games monitor and change with millions playing

At Velocity Berlin 2019, we were asked to give a talk to a crowd of largely non-game developers, on how games make gather and analyse telemetry in order to improve the experience of players. In this post, we’ll recap what we talked about, and provide links for further reading!

Jon and Paris on stage at Velocity Berlin 2019. Photo: Tim Nugent

This talk was largely a literature review of advice and techniques from game developers, and we’re tremendously grateful for their generous sharing of knowledge. In particular, three stand-out talks from GDC were hugely useful:

Making “Big Data” work for ‘Halo’: A Case Study, by Tom Mathews (GDC 2016)
Rapid MMO Content Iteration and Validation with Spatial Analysis in Star Wars: The Old Republic, by Georg Zoeller (GDC Online 2011)
Did You Have Fun? Analytics in ‘Call of Duty’, by Dylan Rogerson (GDC 2019; paywalled as of November 2019, but GDC typically makes them free after two years)

We’d also like to thank Tony Albrecht from Riot Games, whose advice helped us put this talk together.

In order to talk about how games use data, we’ll break the discussion down into four main topics: what data is gathered, how that data is gathered, how the data is analysed, and how the changes are deployed.

What Data is Gathered

Much of the data that games gather is not unique to games. Just about every product out there collects data on when it’s launched, how long the session lasts for, and how much interaction the user has with it; by gathering this data, it becomes possible to understand patterns of usage in terms of sessions.

There are three critical metrics that need to be gathered in order to gain a rough understanding of how a game is used:

Session duration: how much time elapses between the user starting and finishing a stretch of interaction.
Session interval: how long the user waits before starting another session.
Session depth: how many interactions the user has in each session.

It’s important to note that you can’t analyse these individually. If the average session interval is decreasing, that may indicate that people are coming back to play more and more, but it could also mean that players are opening the game, checking to see if there’s anything new, and then immediately leaving.

By gathering this data, it becomes possible to get a picture of the number of daily, weekly and monthly active users for the game. These figures represent how many unique users had a session in the game over the specified period; generally, you want this to be going up over time, though players tend to drop off a game over time. Daily active users counts tend to be quite spiky, because of players who hear about new content and updates and jump into the game, but don’t stick around for long. As a result, monthly active users tends to be the main reported figure, because it effectively smoothes out trends in player population; in the 2018 annual report for Activision Blizzard, one of the key figures that they highlighted was MAU across Activision, Blizzard and King.

The quarterly MAU figures for Activision Blizzard, from September 30 2017 to December 31 2018.

In addition to these standard metrics, there are also data points that are unique to games. These tend to vary based on the type of game, but generally include things like score, death, level number, and position. Position is a particularly interesting one, because it’s very easy to visualise and plot against other key events – we’ll come back to this in a moment.

However, these concrete measurements of player behaviour aren’t good at getting an understanding of whether the player enjoyed themselves in the game. To fix this gap, Call of Duty: World War II directly asks their players if they had fun, using a single yes/no question that’s designed to minimise the burden of answering. Interestingly, the development team reports an average non-skip rate of between 60-80%, even when the answer order randomisation places the option to skip as the default. This is significantly higher than they expect.

Finally, games typically record performance data on how smoothly the game is running. Games typically aim to play at 60 frames per second, which means that each frame has only 16.6 milliseconds to render. When you have only about a dozen milliseconds to render, every one of them counts.

As a result, League of Legends records two kinds of performance data: first, regular telemetry reports are sent during a game, giving an idea of the impact that the most recent patch has had on performance. Additionally, the game records performance data for each frame as it’s played, and then compresses and uploads the data at the end of a round.

Most games perform some kind of internal time profiling; a common tool that we’ve seen multiple game developers use is the Chromium tracing system. This system was originally built to profile the performance of the Chrome web browser, but it’s able to load arbitrary timing data for analysis. For example, Aras Pranckevičius has written about how Unity Technologies uses it to profile the performance of their build system, and Colt McAnlis has written about why using Chrome’s profiler is a better idea than building your own.

How the Data is Gathered

Data collection is the process of delivering the data to the developer for analysis. There are a few ways to do it, and a great talk from Tom Mathews from 343 on how they built their telemetry systems for Halo 5 is a great place to look at. Some highlights of his talk include the fact that they converted their logging system away from unstructured logging strings to a formal, schema-based format based on Microsoft’s Bond format.

Among a few other benefits, this logging system allowed for sub-second response to telemetry, which meant that the game itself is able to respond to the data. As a result, in-game elements like end-of-game reports and leaderboards are driven by the telemetry system, rather than having to build a separate system for this purpose.

How the Data is Analysed

The data received from games can be divided into two main categories: spatial, and non-spatial. Spatial game data is anything that’s related to the player’s position in the game, whereas non-spatial data is everything else, and includes data like in-game performance, skill, and time spent in the game.

Non-spatial data is generally used to get a picture of how players are enjoying the game, and to generate a predictive understanding of whether players are coming back to play more. The fun survey from Call of Duty: World War II is particularly interesting, because they gather data on whether the player enjoyed the game or not – the developers don’t have to infer this data from simpler things like the fact that players are coming back.

This allows them to link player fun to other variables, with some surprising results. As might be expected, in-game performance – that is, how many kills a player got versus how many deaths they had – is a strong predictor of how much fun the player had in the game, but it’s not the only important variable. Player tenure (the total duration of time spent in game, across all sessions) and player skill (total kills versus total deaths, across all sessions) were found to be strong predictors of players reporting that they didn’t have fun. The Call of Duty development team’s theory for this is that the longer a person plays a game, the more critical of it they become; additionally, they found that player fun reports drop off once a player’s skill level becomes greater than that of the median player.

A particularly interesting note made by the development team was that the margin by which a team won was less impactful on fun score than the margin by which the team lost by. That is, a player whose team won by 50 points was just as likely to say that they had fun as a player who won by 5 points. This wasn’t the case for the losing team, however – a player whose team lost by a large margin was much more likely to report that they didn’t have fun than a player who only lost by a few points. This is good empirical evidence for the widely held belief that games that end in close ties are better for everyone.

In the area of spatial data, an excellent paper by Anders Drachen and Matthias Schubert, “Spatial game analytics and visualization” (PDF) proposes four primary types of spatial data analysis: univariate/bivariate, multivariate, trajectory, and behavioural analysis.

Univariate/bivariate analysis focuses on either one or two variables, in which one of those variables is player position. This is usually seen in the form of heat maps for levels, which allow developers to get a good understanding of where players die in levels. For example, consider this heat map for the level de_dust2, from Counter-Strike. Red areas indicate places where lots of players die.

A heatmap showing player deaths in de_dust2, from Counter-Strike 1.6. Source: gameME

Some interesting observations from this heat map:

Corridors and doorways are hotspots for player death
Doorways exhibit diagonal lines of player death, indicating where players lie in wait
Certain long lines of player death indicate places where players have long sight lines
A grid pattern can be seen at the bottom and top areas; these are the player spawn locations, and represent players starting the game there, deciding they don’t like their team, and quitting.

An excellent discussion on using heat maps to analyse level flow and gameplay balance is Sean Houghton’s post Balance and Flow Maps, which discusses an analysis of gameplay balance in maps used in Transformers: War for Cybertron.

Multivariate analysis allows for some more complex and sophisticated analysis of level content. Georg Zoeller’s excellent 2011 talk at GDC about the analysis tools used in Star Wars: The Old Republic shows how they combine information about player death with the locations and levels of monsters in the level, which were used to figure out balance problems with the level progression curve.

Trajectory information can be used to plot the movement of individual players through the game’s space, and is useful for detecting outliers and unintended paths through the environment. Jonathan Dankoff’s post on using trajectory analysis in Assassin’s Creed Brotherhood highlights how players could bypass tutorial content by not following the expected path through the environment.

Player trajectory data in Assassin’s Creed: Brotherhood. Players are intended to jump off a tower and parachute towards the destination (green lines at top), but some players were instead finding a way down the walls (red and green lines in the lower right), bypassing tutorial content. Source: Jonathan Dankoff

Finally, spatial information can be used to derive data about player behaviour in the game. Mahlmann et al’s paper, “Predicting player behavior in Tomb Raider: Underworld” (PDF) was able to use information like how long players spent in the early parts of the game to predict how far through the game they’d get before they gave up – something that’s extremely useful in balancing game difficulty and production investment in the game’s content.

How Changes are Deployed

When a game has made changes, it’s time to get the updated version out to players. There are a variety of ways to do this, with varying levels of disruption to players.

The most straightforward way of doing it is to release a new version of the game via digital distribution – that is, via Steam, itch, and the various App Stores. This is conceptually simple, but has a few downsides: players may not be aware of the update, or may choose not to update, which fragments the installed player base. Additionally, the size of the updates may be large, which reduces the chance of all players updating.

The local patching model adopted by the Nintendo Switch is quite interesting: players who want to form a local network and play a game are able to compare their installed version, figure out who has the most recent update, and then distribute the patch locally, without relying on internet access. This feature is especially important when you consider that one of the main marketing points of the Switch is the ability pick it up and take it outside; the Switch has no cellular internet connectivity, so local wireless communication is all it has.

If a game is designed to be competitive, opt-in beta streams can be used. In this model, players choose to receive beta versions of patches, and play the game in a testing mode. Because game changes frequently change the balance of play, players who want to maintain a competitive edge have an incentive to play the beta stream, and accept the risk of bugs and data loss.

Game changes don’t necessarily require updates to the code or assets, and small hot fixes can be applied. Some notable games that do this include Borderlands and Fortnite, which download a small patch on every game load that tunes gameplay content. These patches are typically only kept in memory, and are lost when the game exits; hot fixes are generally rolled up into a permanent patch after some time.

In order to minimise downtime, a blue-green deployment model for server updates is frequently common. When a new patch becomes available, existing servers are kept online for as long as there are players connected. All new players connect to servers running the latest version, and older servers are shut down as players disconnect from them. This means that players aren’t required to leave the game when a new patch lands; however, this model only works in games where players are separated into discrete sessions, and doesn’t work in single, shared-world environments like massively multiplayer games. For example, Star Wars: The Old Republic shuts down every Tuesday night for a few hours for patch deployment, and all players are kicked from the server.

Wrapping Up

We had a great time presenting this to a room full of operations and deployment experts, and we feel that there’s a lot that games can bring to the wider world of operations management. The video recording of our session will be available soon, and we’ll add it to this post when it arrives.

Symbolic Analysis with Python and Z3

This is a text version of a talk that I gave at PyCon AU 2019.

Let’s say you’ve got this program:

pie_price = 3.14

num_pies = int(input("How many pies?"))

pie_owing = pie_price * num_pies

if pie_owing > 10:
    print("You're over the pie budget")

How do you test that the line that prints “you’re over the pie budget” can run? One way is to just run the program, type in a large number, and verify that you see it.

But what if you couldn’t ask for input? For example, maybe this part of the code is buried deep within a larger process, and reaching it is tricky; maybe the code under test is operating in a continuous integration environment, and no user input is available. What do you do then to ensure that this line is reachable?

Why, producing a formal proof, of course. It’s the only sensible way.

In this post, we’ll walk through the theory and practice of using symbolic execution, a static analysis technique, for bug discovery. In particular, we’ll focus on a specific type of bug: how can we prove that a line of code is, or is not, reachable?

How to solve it

Let’s start by reframing the question into something more formal:

For any given line of code, is there a set of inputs for the program that causes that code to be reached?

Or, to put it another way:

What are the constraints on the input that cause a line of code to run?

Let’s work the problem by doing it by hand. Here’s the code again:

pie_price = 3.14

num_pies = int(input("How many pies?"))

pie_owing = pie_price * num_pies

if pie_owing > 10:
    print("You're over the pie budget")

We know from the first line that pie_price is 3.14. However, we don’t know the value of num_pies, because it depends upon user input. In order for any of the rest of the code to work, though, we need to have a label for the value stored in num_pies.

This is where the symbol in symbolic execution comes in: we’ll introduce a symbolic value – let’s call it 🥧 – and declare that the variable num_pies contains 🥧. We don’t know anything about what’s stored in 🥧, but we do know some facts about it.

Specifically, we know a single fact about it right now: 🥧 is an integer, which means that it supports any operation that other integers support: addition, multiplication, comparison, and so on.

Our next line, pie_owing = pie_price * num_pies, has a similar problem: we can’t know the value of pie_owing, because it’s the result of a multiplication between a known (or concrete) value and the symbolic value 🥧. So, what do we store in pie_owing? We’ll store the entire expression pie_price * 🥧 in there.

The final line of code before the print statement is a conditional: if pie_owing > 10. If we proceed on to the next line, then it follows that the value of pie_owing – whatever it is – is greater than 10.

We now have enough information to put together a collection of logical assertions that must be true in order to reach the print statement. They are:

pie_price = 3.14
num_pies = 🥧
pie_owing = pie_price × num_pies
pie_owing > 10

Great. Our next question is: can we demonstrate that these equations can all be true at the same time?

Could we even do it… with a computer?

Proving it with Z3

The Z3 Theorem Prover is a library from Microsoft that’s capable of, among many other things, answering this problem. It also has bindings to lots of popular languages, including Python.

To answer our question, we’ll construct several equations that represent the constraints on the input that are in place when the print line is reached, and feed them into a solver; we can then ask the solver to check to see if they can be true at the same time.

from z3 import *

# Create the solver
s = Solver()

# Declare our variables: "pie_price", which we know the 
# value of, "num_pies", which we don't, and "pies_owing", which depends upon the values of the other two
pie_price = Real('pie_price')
num_pies = Int('num_pies')
pies_owing = pie_price * num_pies

# Assert that pie_price is equal to 3.14
s.add(pie_price == 3.14)

# Assert that pies_owing is greater than 10
s.add(pies_owing > 10)

# Ask if these these can be true at the same time
s.check() # returns "sat" - they can be!!

We’ve now demonstrated that in order to reach the line, print("You're over the pie budget"), a set of equations must be true at the same time; additionally, Z3 indicates that they can indeed be. Therefore, we’ve proved that the line is reachable, and we never needed to ask the user for input.

Incidentally, we can ask Z3 to produce a model of its solution, which means it will produce a value for all of the variable in question, including num_pies – the value we’d ordinarily get from the user. That is, Z3 can produce a value for num_pies that would result in the print statement to run.

s.model()[num_pies] # 4

Generating the Equations Automatically

In the previous example, we had to read through the code and manually produced the equations that are in place. Wouldn’t it be nicer, though, if we could have a system do this for us?

To do this, we’ll take advantage of the fact that Python is very easy to decompile into byte code. Using the dis module, we can take any Python function, and produce the byte code that represents it. Converting the code to byte code is important, because byte code is significantly simpler, and easier to analyse.

Once we have the byte code, we need to find a way to determine the possible paths through the code that execution can take, depending on the inputs given the program. We then need to determine the constraints on the variables that affect the path; if at any point the constraints are not compatible with each other, the path is impossible. If all paths that reach a line of code are impossible, then the line of code is unreachable under any circumstance.

For example, consider this snippet of code:

i = 1

if i == 0:
    print("Whoa!")

There is theoretically a path of execution that goes from line 1, through line 2, and ends at line 3, but if you think about it, it would require the variable i to be equal to 0 and also to 1. This is impossible, and as a result, the path is impossible; because this is the only path that reaches line 3, that line is unreachable.

This means that our next problem is: given a block of code, how do we calculate the possible paths through that code?

Basic Blocks and Control Flow Graphs

As before, let’s start with a chunk of code, which we’ll use as our example.

def test(a):
    x = 0

    if a > 0 and a < 5:
        x = 1

    b = a + 1

    if x == 1 and b > 6:
        print("Hello!")

Our question for this code is: can the final line of code, print("Hello"), ever be reached? And can the process of discovering this be automated?

Let’s start by asking dis for the byte code.

import dis
dis.dis(test)

This produces something like this (I’ve truncated it to the first few lines):

  2           0 LOAD_CONST               1 (0)
              2 STORE_FAST               1 (x)

  3           4 LOAD_FAST                0 (a)
              6 LOAD_CONST               1 (0)
              8 COMPARE_OP               4 (>)
             10 POP_JUMP_IF_FALSE       24
             12 LOAD_FAST                0 (a)
             14 LOAD_CONST               2 (5)
             16 COMPARE_OP               0 (<)
             18 POP_JUMP_IF_FALSE       24

  4          20 LOAD_CONST               3 (1)
             22 STORE_FAST               1 (x)

  5     >>   24 LOAD_FAST                0 (a)
             26 LOAD_CONST               3 (1)

Each one of these lines is a low-level instruction to the Python virtual machine. The Python VM is a stack machine, which means that the instructions work by pushing and popping values on a stack. For example, the LOAD_CONST and LOAD_FAST operations push values onto the stack (either a constant value or a value stored in a variable), while the COMPARE_OP operation pops two values off the stack, compares them, and pushes the result back onto the stack. Additionally, certain instructions are responsible for controlling the flow of execution: the POP_JUMP_IF_FALSE instruction pops a value off the stack, and if it evaluates to False, jumps to a numbered instruction; if it evaluates to True, it proceeds to the next instruction instead.

How, then, can we find the possible paths through the code? One popular approach is to decompose the stream of instructions into basic blocks: runs of instructions that are only ever entered at the start, and only ever exit at the end (that is, it is impossible for the program to jump to a point that’s in the middle of a basic block).

To determine these basic blocks, the instructions are scanned, and certain instructions are marked as leaders:

The first instruction is a leader.
Instructions that are the destination of a jump are leaders.
Instructions following a conditional jump are leaders.
Instructions following a ‘stop’ instruction are leaders.

Once you know the leaders, you can then group up the instructions according to the most recent leader.

Next up, you form the connections between the blocks. Blocks have successors (blocks they lead to), and predecessors (blocks that lead to them.)

Blocks that end in an unconditional jump have one successor – the target of the jump.
Blocks that end in a conditional jump have two successors – the target of the jump, and the next instruction.
Blocks that end in a ‘stop’ instruction have no successors.
All other blocks have a single successor: the following instruction’s block.

With these rules in mind, we can take the byte code for our example function, and figure out the blocks.

Given these blocks and the way they link together, we can generate the control flow graph of the program. This graph shows how the blocks connect, and allows us to find the paths that execution can take through the program.

We’re now ready to start testing the paths that lead to the print("Hello") function call, which is the second-to-last basic block (it’s the blue block, second from the right of the above image.) For the purposes of this article, we’ll select one of them arbitrarily, and prove that the path is valid or not; the same steps apply for testing any path.

A specific path through the control flow graph.

Finding impossible paths

In order to perform normal execution of the code, Python steps through each instruction, and performs them as normal – loading data into memory, requesting that the system get input, and so on. However, this only works when we’re running the entire program, which includes all of the work done to decide what parameters to use when calling the function test. When we perform symbolic execution, and are examining only portions of the program, we no longer have the ability to know concrete values for every variable.

Let’s take a closer look at the first basic block:

  2           0 LOAD_CONST               1 (0)
              2 STORE_FAST               1 (x)

  3           4 LOAD_FAST                0 (a)
              6 LOAD_CONST               1 (0)
              8 COMPARE_OP               4 (>)
             10 POP_JUMP_IF_FALSE       24

The third instruction in this disassembly loads the contents of the variable a, and pushes it onto the stack. However, a is a parameter to the function, which means it’s not possible to get a concrete value for the variable when considering the code in isolation.

This means that when we encounter the instruction LOAD_FAST a, we need to introduce a new symbolic value. That’s not the only symbolic value we need to track, though: on lines 1 and 2, we load the number 0, and store it in the variable x. This means that we need to declare to Z3 that the variable x exists, and assert that it is equal to 0.

Additionally, if we’re testing a specific path through the code, we already know whether the POP_JUMP_IF_FALSE will jump or not. In the case of our selected path, if we’re proceeding from the first block to the second, it means that we’re taking the path in which the value on the stack is True. This mean that we also assert that the result of comparing if a is greater than 1 is True.

In effect, setting a variable now means creating and recording an assertion that the variable contains a certain value, and when encountering a conditional jump, we assert that its condition is true (if we’re taking the true path), or false (if we’re not).

We continue this execution, creating additional constraints on the values as we encounter instructions that interact with them, and at the end of each block, we feed them into Z3 and ask if the assertions are compatible with each other. If they’re not, then the path is impossible, and we try again with a different path. If all of the paths that reach a block are impossible, then that block is unreachable under any circumstances.

In the specific case of our example, the line print("Hello") is unreachable. For it to be reached, it would require either the value of a to be both greater than 5 and less than 5 at the same time.

Conclusions

Symbolic execution is really fun and useful, but it isn’t without its drawbacks. In particular:

It’s vulnerable to an explosions in the number of paths, especially when looping (and especially if the code can potentially loop infinitely)
If the same region of memory is referred to by two variables, it can be challenging for the analyser to detect this condition
Elements in a collection require special handling; do you treat the collection itself as a value, or the values in the collection as individual values?
It’s a lot more challenging in dynamically typed situations, where you don’t necessarily know the operations that can be performed on the values that you receive.

Nonetheless, it’s a fascinating field to play in, and can be tremendously rewarding. The video of the talk that I gave at PyCon AU 2019 is embedded below.

🎬 Let’s Build a Symbolic Analyser And Automatically Find Bugs

Let’s Build a Symbolic Analyser And Automatically Find Bugs from PyCon Australia 2019, in Sydney.

Coding in Public

Recently, I’ve been live-streaming development sessions of Night in the Woods. I’m really enjoying it, and I thought I’d write up some notes on how I’ve done it, and give some tips I’ve picked up on how to get the most out of it.

Why Should You Code In Public?

There’s a few reasons why I’ve been streaming my code. The field that I work in, independent game development, can be a pretty personality-oriented area. Because of this, it’s often important to develop the 😎 personal brand 😎. Videos are great at this, because it’s an opportunity to have your face and voice attached to the cool things you’re working on.

Streaming your code is also an excellent way to stay very, very focused on a single task. If you’re coding as part of a performance – and live streaming is very much a performance – you’re a lot less likely to get distracted and look at the internet for four hours.

Finally, having an audience of people looking at your code means you can do something I like to think of as multicore pair programming: you often get great feedback and advice from people watching you code. I’ve solved a number of bugs thanks to input from people who are watching me work.

Where Should You Stream?

There’s a number of different options for streaming sites. The best-known sites for the kind of streaming that I do are:

Twitch: Very games focused, and a very large population. (I do my streams here.)
Mixer: Microsoft’s streaming site. Also games focused, but a smaller population; designed for very low latency.
YouTube Live: General video focused, and seems to be more designed for ‘event’-style broadcasts.

I use Twitch, largely because I work in games, so I piggy-back on the existing topic interest. It’s also very well supported by the various streaming tools and services, and brand recognition is high – if someone describes themselves as a streamer, it’s likely that they stream on Twitch.

How Do You Stream?

You don’t need a huge amount of software to stream; at minimum, you just need something that can upload a stream to your platform. The software that I use is OBS, which is a very nice (and very free) package that:

Captures your display and webcam
Composes it into a scene
Compresses and uploads the stream to your platform.

As far as gear goes, you also don’t need much. It’s very tempting to assume that you need lots of expensive equipment in order to be professional, but you really don’t – at minimum, all you need is your computer, and an internet connection.

If you have a webcam, that’s great! If you have a good microphone, that’s also great! But you don’t need it, and I want to be clear that you should pointedly ignore anyone trying to convince you that you do.

When I stream from my office, I happen to use a decent headset mic, so that I don’t have to think about it as much, plus a USB audio interface that lets me connect it to my computer. When I’m feeling ~fancy~, I connect a camera via an HDMI-USB interface, so that I can show my phone. That’s really it!

Because the content that I stream doesn’t have its own soundtrack, I play music while I work. This is for two reason: it shows off my frankly exquisite taste, and also means that there’s no dead air when I’m not speaking.

However, when you’re doing broadcast work, you can’t just stream your music library – you don’t have the license for it, your videos will get muted, and you run the risk of your account being banned.

Instead, stream music that is licensed for broadcast. I happen to play music that I’ve received direct permission from the composer to play (such as Alec Holowka’s superb soundtrack to Night in the Woods), or Pretzel, a streaming service that plays rather good licensed-for-broadcast music.

Where To Learn More

This post doesn’t exist without Suz Hinton’s write-up of her live coding setup. It’s got specific advice on setup, performance, and management of live coding, and was instrumental in getting me started. Go read it!

I hope this has gotten you interested in this, and if you start streaming yourself, I’d be delighted if you let me know!

Power-Saving in Unity

Learn how to reduce the power consumption of a non-game Unity application, for mobile.

Recently, we were asked to build some software using Unity. That is, we weren’t asked to build a game, but instead, the client wanted an app.

There are a few reasons why you’d want to use Unity to build non-game software.

Cross-platform support. One of Unity’s biggest selling points is the fact that you can write your code once, and Unity makes it easier to bring that code over to multiple platforms, like iOS and Android, as well as desktop platforms.
Graphics support. Being a game engine, Unity is very good at tasks that involve processing either 2D or 3D graphics. In our case, we were asked to build an app for building comic book pages, and that means working with lots of sprites.
C# coding environment. It’s almost always better to write your code in the native language for your chosen platform, but in cases where that’s not feasible, C# is quite good for most platforms. Unity provides a good, performant, and featureful implementation of the language, as well as the .NET runtime.

However, there are a few things that keep Unity from being a great tool for making non-game apps. In this post, we’ll look at one of them, and how to reduce its impact: power consumption in Unity-based apps

This post is largely written with mobile in mind, and with a particular focus on iOS. However, the technique is pretty broadly applicable.

Reducing Power Consumption

The most pressing issue is that Unity, like all game engines, re-draws its content every frame. That’s not something that you need to do in an app, where most of the frames are going to be identical to the previous one. Most of that work is going to waste, and that means wasted power. Wasted power is particularly bad on mobile devices, since it means a needless drain on the device’s battery.

This is particularly striking when you see that an empty scene – one with nothing more than a camera, rendering the skybox – consumes significant amounts of CPU resources. On my iPhone X, for example, rendering the empty scene at 30 frames per second consumes about 20% of the CPU.

To reduce this issue, you can reduce the rate at which Unity updates, by reducing the target framerate. This can be done in a single line of code:

// Request that Unity only update every 1/10th of a second
Application.targetFrameRate = 10;

This will reduce the amount of work that Unity does, but it has a downside: Unity will only run the Update method on your scripts once per frame, which means it will take up to 100 milliseconds for your code to notice that the user pressed a button. Additionally, setting the framerate to a fixed rate like this means that any moving content on your screen will always visibly lag. On top of this, we still haven’t really solved the original problem: the screen is still updating, many times a second, and each time it does, there’s only a small chance that anything that the user sees will have changed.

The solution, then, is to find a way to make Unity never re-draw the screen unless something happens. What that “something” is depends upon the details of your app, but generally always includes things like user input: you want to re-draw the screen when the user taps the screen, or drags their finger over it, because that’s highly likely to mean they want to press a button or drag an object around.

Hacking the Render Loop

Unity provides a way to control the player loop – the set of things that Unity does every frame. This includes re-rendering the scene, but also covers tasks like clearing the render buffers, collecting input, and – most importantly – running the Update methods on scripts. Using the PlayerLoop class, you can inspect the contents of the player loop, remove certain subsystems, and add some of your own as well.

Or, you could blow the whole thing away.

using UnityEngine.Experimental.LowLevel;
// Get the default loop
var playerLoop = PlayerLoop.GetDefaultPlayerLoop();
            
// Remove _everything_ from it!! There are no rules! Unlimited power!!
playerLoop.subSystemList = null;
// Apply this new "player loop" - the game will immediately stop
PlayerLoop.SetPlayerLoop(playerLoop);

If you remove all subsystems from the player loop, you effectively remove almost all of the work that Unity does each frame. There’s still some overhead that can’t be disabled, like the code that actually invokes the player loop, but by doing this, we’re getting rid of almost all of Unity’s work.

Disabling the Renderer

One of the things that emptying the player loop doesn’t directly control is the fact that Unity will attempt to run parts of the render loop as long as a camera is active in the scene.

To work around this, we can just disable the camera. However, if you do this in an Update function, the screen’s display will have already been cleared at the start of the frame. As a workaround to this, we can disable the camera, and then immediately tell the camera to render the frame. Because we won’t be clearing the display at the start of the next frame (there won’t even be a next frame), the frame will remain on screen.

As a result, the amount of CPU usage is dropped significantly. In the following image, I’ve dropped the CPU down to 3%. It’s not zero, but it’s very close; in fact, at this level of usage, the biggest power drain on the device is the screen.

Putting it All Back

So, we’ve now managed to completely stop the player loop, at a tremendous energy saving. But now we have another problem: how do we wake the app back up again when the user interacts with the screen, if all of the code that checks for input is no longer being run?

The solution is to look for input events that come from the system, and use that to wake up the application. To do this, we’ll need the following things:

A way to run native code when touch events occur
A way to run C# code from that native code, which restores the player loop

Everything up until this point has been entirely cross-platform, and should work on all platforms. However, because we’re now looking at native code, we need to focus on the native code implementation details for a single one. In this post, we’ll look at iOS. If you’re an Android developer and want to contribute how you’d do this in Android, let us know!

To detect any touches, there are two places we could put our code: we could override the view controller that Unity places its view in, or we could go one level lower and detect all touches that the app receives. It’s actually simpler to do that, so let’s get started.

First, we’ll need to create a new subclass of UIApplication. This is different to the similarly-named UIApplicationDelegate; the UIApplicationclass is an object that represents the entire application, while the delegate is simply an object that responds to events that happen to the application.

You typically never need to create your own subclass of UIApplication, and Apple doesn’t recommend that you do it, unless it’s for the single specific purpose that we’re about to do here: intercept and process UI events, before forwarding them to the rest of the application.

So, let’s get started. First, we’ll create a new file in our Unity project, called TouchHandler.mm, and add the following code to it:

@interface TouchDetectingApplication : UIApplication
- (void)sendEvent:(UIEvent *)event;
@end
@implementation TouchDetectingApplication
- (void)sendEvent:(UIEvent *)event {
    
    // Handle touch event here!
    
    [super sendEvent:event];
}
@end

The sendEvent method will be run on every input event. It’s very important that we call the super implementation, since without doing that, no input will ever be delivered to the app. We’ll come back to this method in a bit.

Next, we need a way to notify our C# code that a touch has occurred. To do this, we’ll send a pointer to a C# method into the native code at game start; this method will restore the game loop, and resume rendering.

We’ll do all of this in a MonoBehaviour, which you can attach to an object in the scene. The following code also contains an example of how to stop and resume the camera, too.

public class FramerateManager : MonoBehaviour
{
    
    // A singleton instance of this class. Necessary, because the 
    // callback must itself be static; there are other ways to do 
    // this, but this serves fine for this example.
    private static FramerateManager instance;
    // The type of the C# callback method that the native code will 
    // call.
    public delegate void EventDelegate();
    // This method will be called from native code when a touch 
    // input arrives. This method must be static.
    [AOT.MonoPInvokeCallback(typeof(EventDelegate))]
    public static void TouchEventReceivedFromNativeCode()
    {
        // Restore the original player loop.
        instance.LeaveLowPowerMode();
    }
  #if UNITY_IOS && !UNITY_EDITOR
    // This is a native function that we'll call, and pass the 
    // TouchEventReceivedFromNativeCode method to as a parameter.
    [DllImport("__Internal")]
    private static extern void _AttachEventHook(EventDelegate actionDelegate);
  #endif
    // The number of frames remaining before we stop the loop. We 
    // leave a little buffer time after the last touch.
    private const int framesBeforeStopping = 5;
    private int framesRemaining;
    // A cached reference to the main camera. Necessary, because 
    // Camera.main only returns a valid value when there's an 
    // enabled camera in the scene.
    private Camera mainCamera;    
    void Awake()
    {
        // On game start, call the native method, and pass it the 
        // method we want it to call when touches occur. The native
        // code will keep a reference to this method as a function
        // pointer, and call it when it needs to.
#if UNITY_IOS && !UNITY_EDITOR
        _AttachEventHook(TouchEventReceivedFromNativeCode);
#endif
        // Set up our instance method.
        instance = this;
        framesRemaining = framesBeforeStopping;
    }
    private void Update()
    {
        // Count down until we're out of time.
        framesRemaining -= 1;
        // Time to stop.
        if (framesRemaining == 0)
        {
            EnterLowPowerMode();
        }
    }
    private void EnterLowPowerMode()
    {
        // Remove everything from the player loop
        var playerLoop = PlayerLoop.GetDefaultPlayerLoop();
            
        playerLoop.subSystemList = null;
        PlayerLoop.SetPlayerLoop(playerLoop);
    
        // Cache a reference to the camera
        mainCamera = Camera.main;
        if (mainCamera != null)
        {
            // Disable it!
            mainCamera.enabled = false;
            // We just disabled the camera, but if we called this 
            // in an Update function, it cleared the frame buffer 
            // before this frame started. To prevent being left 
            // with a blank screen, we manually re-render the 
            // camera right now; this image will remain on screen 
            // until normal rendering resumes.
            mainCamera.Render();
        }
      // We're done! The game will stop after this frame, and will 
      // wake back up when TouchEventReceivedFromNativeCode is 
      // called.
    }
    private void LeaveLowPowerMode()
    {
        // Restore the number of remaining frames before we stop 
        // again
        framesRemaining = instance.framesBeforeStopping;
        
        // Re-enable the camera so we resume interactive framerates
        if (mainCamera != null)
        {
            mainCamera.enabled = true;
        }
        
        // Restore the default player loop; the game will resume.
        PlayerLoop.SetPlayerLoop(PlayerLoop.GetDefaultPlayerLoop());
    }
}

We now need a way to receive a pointer to the C# method TouchEventReceivedFromNativeCode. This is done in the _AttachEventHook function, which is defined in native code and called from C#.

Add this to your .mm file:

// Declare the C++ type of the function pointer we'll receive from 
// C#.
typedef void (*EventDelegate)();
// Create a variable to store that function pointer.
static EventDelegate _eventDelegate = NULL;
// Declare that this function is a C function, and its name should not be mangled by the C++ compiler.
extern "C" {
  void _AttachEventHook(EventDelegate actionDelegate);    
}
// Finally, write the method that receives and stores the event 
// handling function pointer.
void _AttachEventHook(EventDelegate actionDelegate) {
    // Just keep it around.
    _eventDelegate = actionDelegate;
    
    // Log that it happened, too.
    NSLog(@"Event logging hook attached.");
}

We’re almost done. We now need to call the _eventDelegate function whenever a touch event lands.

Replace the sendEvent method in the TouchDetectingApplication class with this:

- (void)sendEvent:(UIEvent *)event {
    
    // Handle touch event here!
    _eventDelegate();
    
    [super sendEvent:event];
}

Finally, we need to tell the sytem to use the TouchDetectingApplication class, instead of the default UIApplication class.

Important note: While Unity will automatically copy any .mm and .h files into your project when you build the player, it will not do this step for you. Additionally, when you choose to do a build that Replaces the player (as opposed to Appending it), it will blow this change away! Fortunately, it’s a single code change, but you do need to remember to do it.

Open the main.mm file, and find the following line of code:

UIApplicationMain(argc, argv, nil, [NSString stringWithUTF8String: AppControllerClassName]);

Replace it with this:

UIApplicationMain(argc, argv, @"TouchDetectingApplication", [NSString stringWithUTF8String: AppControllerClassName]);

The application will now use that class for its UIApplication, and it will send wake-up prompts when touch events occur!

Wrapping up

This technique is extremely useful for building apps that don’t need to re-draw the screen all the time. If you use it, let us know!

🎬 Small Towns, Small Screens: Porting Night in the Woods to iOS

Small Towns, Small Screens: Porting Night in the Woods to iOS from the GCAP 2017, in Melbourne.

🎬 Procedural Generation by Automating Blender

Procedural Generation by Automating Blender from GCAP 2018, in Melbourne.

The source code for this talk is available on GitHub.

🎬 Making Night in the Woods Better with Open Source

Making Night in the Woods Better with Open Source from the Game Developers Conference 2017, in San Francisco.