Linux has fewer bugs than typical commercial software, says testing tools vendor Coverity. The company says the 2.6 Linux kernel has one bug for every 5,787 lines of code, compared to the commercial software norm of one bug per 40 lines.

Coverity markets source code analysis software, including a product called SWAT that “simulates the effects that the operations in the source code might have” in runtime environments. The company says this approach finds more potentially disastrous bugs than competing code analysis tools that simply scan for known, dangerous coding patterns and sloppy coding constructs.

Coverity says its project to analyze Linux source code began in 2000, at the Stanford University Computer Science Research Center, as part of a research initiative to improve software industry engineering processes. The company was founded by five of the lead Stanford researchers involved in that project, it says.

Commercial software typically has 20 to 30 bugs for every thousand lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium, as cited by Coverity. The production 2.6 Linux kernel has 5.7 million lines of code, but only 985 bugs, Coverity says, including 627 bugs in critical parts of the kernel, 568 crash-causing bugs, 25 buffer overruns, 33 resource leaks, and 100 security bugs.

Lead Linux kernel maintainer Andrew Morton said, “We've already addressed the top priority bugs that Coverity has uncovered. It's a very useful system for high quality code. This is a benefit to the Linux development community, and we appreciate Coverity's efforts.”

Coverity CEO Seth Hallem said, “Our findings show that Linux contains 0.17 bugs per thousand lines of code, an extremely low defect rate and evidence of the strong security of Linux. Many security holes in software are the result of software bugs that can be eliminated with good programming processes.”

Coverity says it will periodically publish free summary results of its Linux bug analyses.

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.