http://lwn.net/Articles/22623/ This is a special feed containing comments posted to the individual LWN article titled "Comparing free and proprietary software defect rates". hourly 2 http://lwn.net/Articles/23503/rss 2003-02-23T08:36:12+00:00 ncm Linux also has many more people looking for race conditions in it than any of the proprietary systems that they compared it to. Therefore, we can reasonably expect it to compare favorably in that area vs. the other systems. <p> This is not to say Linux would show well, on an absolute scale, in its number of remaining race conditions. It probably stinks. The proprietary stacks, though, probably stink far, far worse, for exactly the same reasons that they leak worse. http://lwn.net/Articles/23327/rss 2003-02-20T19:44:23+00:00 wh True, but the story's author interprets the results of Reasoning's findings differently. Just because Linux has less memory leaks (found by the Stanford Checker) than other operating systems doesn't mean that Linux has less race conditions (not found by the Stanford Checker) than other operating systems.<br> http://lwn.net/Articles/23321/rss 2003-02-20T18:45:19+00:00 ncm Exactly: Linux came out better because it attracts public and academic scrutiny, and improves as a direct result of that scrutiny. It's not because the coders are more competent, or motivated. Sometimes they are, sometimes they aren't. The difference is in how it improves. http://lwn.net/Articles/23285/rss 2003-02-20T14:33:37+00:00 haraldt Still, if the Linux kernel is one of the few to have been tested this way, what does this tell us? http://lwn.net/Articles/23273/rss 2003-02-20T13:48:45+00:00 wh I believe that the only reason why Linux has so few of these <br>computer-findable bugs is that the people from the Standford &quot;Checker&quot; <br>project already ran their program on the Linux source and all the bugs <br>found by it got fixed afterwards.<p> http://lwn.net/Articles/22855/rss 2003-02-15T22:00:47+00:00 error27 Thanks for the Smatch plug. :) The website is <a href="http://smatch.sf.net" >smatch.sf.net</a> and since the article mentions null pointer dereferences the results for the dereference testing of 2.5.60 are <a href="http://66.127.101.73/cgi-bin/index.py?page=bug_list&script=Dereference&kernel=2.5.60" ">here</a>. <p> Smatch is too new to have had much influence yet. The Stanford Checker has made a measurable difference on the number of kernel errors. Unfortunately, their bug database only goes up to 2.4.1. They have released newer lists of bugs to lkml but when I released bug lists it was not as effective as a database (especially for long lists). <p> I am excited about the possibilities for Smatch to improve the kernel. The <a href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/smatch/smatch/deference_check.pl?rev=HEAD&content-type=text/vnd.viewcvs-markup" >code</a> for the Smatch derefence check about 130 lines long. A lot of that was cut and paste. Any of the other four checks should be possible with Smatch as well. http://lwn.net/Articles/22737/rss 2003-02-13T19:53:14+00:00 giraffedata I think the results will be similar everywhere.<p>Around 1992, there was a research paper on the same topic, with the same results. In that case, a team of programmers fed random input to a whole bunch of Unix programs and noted when the programs crashed. Where they had source code, they debugged the crash and sent the information to the maintainer of the code.<p>Actually, the paper's main point was the source of the bugs (buffer overrun, etc.) but there was an unmistakeable difference in bug rates between free software and commercial software. At the time, this surprised many of us because the common wisdom in the industry said commercial software was bound to have fewer bugs because of all the investment in testing and because commercial publishers had more to lose from bugs.<p>But there was another result in that paper which I found much more interesting, which I think explained the phenomenon. The study was a followup on a study done the same way years earlier, which had found the same difference. In the followup, the programmers looked for the same bugs that had been reported in the original study. In commercial software, nearly all of the bugs were still present. In free software, nearly all of the bugs had been removed.<p>As a software developer for a major software publisher at the time, this didn't surprise me one bit. The software development machine of IBM is not capable of fixing a product just because it learns it's broken. But an individual free software developer not only is capable of releasing a fix, but insists on it as a matter of pride.<p>--<br>Bryan Henderson bryanh@giraffe-data.com<br>San Jose, California http://lwn.net/Articles/22708/rss 2003-02-13T16:15:21+00:00 rakoch In a commercial setting all kind of &quot;under the hood&quot; work is not very <br>rewarding. It's much more interesting for a programmer or a team to <br>implement features that are visible. On the other hand the Linux TCP/IP <br>stack is probably one of the most scrutinized pieces of software in the <br>free software world. <br> <br>There are plenty of worthy free software projects on sf.net. Most of them <br>simply cannot compare to their commercial competitors. Why? Because they <br>have a problem the Linux kernel has not: They lack developers. <br> <br>A TCP stack simply isn't the focus of most commercial OSes. An exception <br>might be routers which was probably the &quot;embedded device&quot; in the test. You <br>bet for Cisco the TCP/IP stack is important. But for Sun/IBM/HP it's much <br>more important to have their Unix scale to dozens of CPUs. And for MS the <br>IE was probably the most important part of the OS until DRM and Palladium <br>came along. <br> <br>So concluding from the quality of the TCP/IP stack to the quality of the <br>rest is pretty misleading. I'd be curious about a comparison of compilers, <br>though.