

Examples of errors detected in various open-source projects  - koshatnica
http://www.codeproject.com/KB/cpp/errors-in-open-source.aspx#xx4067556xx

======
dexen
The mandatory Google Cache link:
[http://webcache.googleusercontent.com/search?q=cache%3Ahttp%...](http://webcache.googleusercontent.com/search?q=cache%3Ahttp%3A%2F%2Fwww.codeproject.com%2FKB%2Fcpp%2Ferrors-
in-open-source.aspx%23xx4067556xx&ie=UTF-8&oe=UTF-8)

...cause the article is marked as `deleted' now :-(

~~~
route66
<http://www.viva64.com/en/a/0077/> seems to have been the original article
anyway.

------
mynegation
I worked for static analysis company.

I am happy to see this kind of analyses popping up here and there. As
computers become more powerful, you can do more sophisticated checks.

One of the biggest problems in static analysis is false positives - reports
about potential problems which are not relevant for one reason or another, and
false positive rate has huge impact on ROI.

Unfortunately, aside from an interface element for triage, article does not
mention or link to the article that describes how they are handling false-
positives problem in the analysis.

~~~
dexen
The article does not mention whether the bugs have been reported and rectified
in subsequent releases, either.

Since at least some of the bugs found are segfault/data-corruption/wrong-
query-results level ones[†], one would assume they'd get found out quite soon.

For me, when picking software for a new project, an important metric is how
fast bugs get fixed upstream.

\--

[†] I just love how `ones' is a perfectly reasonable expression in english.
`Would that it were so in our programming languages', with apologies to Alan
Perlis ;-)

------
mbq
...and thanks to the fact those are Open Source projects they can be now
easily fixed.

~~~
pavel_lishin
Yes, but not necessarily easily integrated into the next release. You can fix
it for yourself, but if the project isn't very well maintained, or if the
maintainer rejects your patch, etc., etc...

~~~
dexen
That's why some distros roll packages with bugfix patches applied even before
upstream maintainers include those in official releases.

Even better, if a particular bug is a show-stopper at your organization, you
can build fixed package and deploy it to your local package repository on a
short notice; machines can then obtain the update automagically.

------
mVChr
Also mirrored at: [http://software.intel.com/en-us/articles/90-errors-in-
open-s...](http://software.intel.com/en-us/articles/90-errors-in-open-source-
projects/)

------
kamagmar
Reminds me of this article on how hard it is to convince companies to use
static analysis:

[http://cacm.acm.org/magazines/2010/2/69354-a-few-billion-
lin...](http://cacm.acm.org/magazines/2010/2/69354-a-few-billion-lines-of-
code-later/fulltext)

------
swatkat
Article deleted? Here's the Google cache:
[http://webcache.googleusercontent.com/search?q=cache:www.cod...](http://webcache.googleusercontent.com/search?q=cache:www.codeproject.com/KB/cpp/errors-
in-open-source.aspx)

~~~
AndreyKarpov
Link: <http://www.viva64.com/en/a/0077/>

------
graiz
Article seems to be a rip-off from an Intel article. Original here:
[http://software.intel.com/en-us/articles/90-errors-in-
open-s...](http://software.intel.com/en-us/articles/90-errors-in-open-source-
projects/)

~~~
mattmanser
Nah, it's was the same guy that posted that. It's an infomercial, not a real
article, perhaps codeproject took it down when they realised.

Though kinda interesting anyway if a little blandly written.

------
AndreyKarpov
Article deleted. New link: <http://www.viva64.com/en/a/0077/>

------
danso
Fascinating...on one hand, it's disheartening to see the vast array of errors
that can go undetected and how easy they are missed even in retrospect. On the
other, it's nice to know I'm not the only one :)

