report on OSS (LAMP) - bugs per thousand lines....

Discussion in 'NZ Computing' started by thing2, Mar 6, 2006.

  1. thing2

    thing2 Guest

    1. Advertising

  2. On Mon, 06 Mar 2006 14:11:22 +1300, thing2 wrote:

    > http://www.theregister.co.uk/2006/03/03/open_source_safety_report/
    >
    > regards
    >
    > Thing


    I say! That's an excellent report. And it will lead to those bugs it did
    find being reported and fixed.

    0.32 bugs per thousand lines of code in the LAMP stack. Excellent!

    Thanks for posting that URL, Thing.


    Have A Nice Cup of Tea

    --
    Jono Bacon: "I deal with companies every day that are moving over to Linux,
    and it does all the things that they want."
     
    Have A Nice Cup of Tea, Mar 6, 2006
    #2
    1. Advertising

  3. thing2

    Peter Guest

    Peter, Mar 6, 2006
    #3
  4. thing2

    Steven H Guest

    Hello Have A Nice Cup of Tea,

    > 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!


    lol... i take it you are easealy sucked in with numbers ?

    i have some numbers for you

    one thousand lines of code, even in a managed language like .net where a
    lot is done for you, isnt really that much. one thousand lines in a more
    lower level language like C/++ is even less.

    my BIT third year project had an estimated line count somewhere in the thirty
    five to forty thousand lines, written in .net 1.1 - and not what i would
    call a 'complex application'.

    and my bug count .... **** all, my data / middle / web-service tiers were
    bug free - all my bugs were in UI land.

    just to put that 0.32 bugs per 1000 lines into perspective.

    ----------------
    Steven H

    the madGeek

    > On Mon, 06 Mar 2006 14:11:22 +1300, thing2 wrote:
    >
    >> http://www.theregister.co.uk/2006/03/03/open_source_safety_report/
    >>
    >> regards
    >>
    >> Thing
    >>

    > I say! That's an excellent report. And it will lead to those bugs it
    > did find being reported and fixed.
    >
    > 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!
    >
    > Thanks for posting that URL, Thing.
    >
    > Have A Nice Cup of Tea
    >
     
    Steven H, Mar 6, 2006
    #4
  5. thing2

    Shane Guest

    Steven H wrote:

    > Hello Have A Nice Cup of Tea,
    >
    >> 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!

    >
    > lol... i take it you are easealy sucked in with numbers ?
    >
    > i have some numbers for you
    >
    > one thousand lines of code, even in a managed language like .net where a
    > lot is done for you, isnt really that much. one thousand lines in a more
    > lower level language like C/++ is even less.
    >
    > my BIT third year project had an estimated line count somewhere in the
    > thirty five to forty thousand lines, written in .net 1.1 - and not what i
    > would call a 'complex application'.
    >
    > and my bug count .... **** all, my data / middle / web-service tiers were
    > bug free - all my bugs were in UI land.
    >
    > just to put that 0.32 bugs per 1000 lines into perspective.
    >
    > ----------------
    > Steven H



    er steven, whilst I have no doubt your code had a low bug count, perhaps an
    actual number or three might put more perspective on it?
    so far I see.. 0.32/1000 vs **** all
    which means bugger all (to me) and 0.32/1000 vs ??/1000 would be much
    betterer
    Ta
     
    Shane, Mar 6, 2006
    #5
  6. On Mon, 06 Mar 2006 06:25:35 +0000, Steven H wrote:

    > my BIT third year project had an estimated line count somewhere in the
    > thirty five to forty thousand lines, written in .net 1.1 - and not what i
    > would call a 'complex application'.


    Your project had an "estimated" line count? Don't you even know how many
    lines you wrote??


    Have A Nice Cup of Tea

    --
    Jono Bacon: "I deal with companies every day that are moving over to Linux,
    and it does all the things that they want."
     
    Have A Nice Cup of Tea, Mar 6, 2006
    #6
  7. On Mon, 06 Mar 2006 19:37:32 +1300, Shane wrote:

    > er steven, whilst I have no doubt your code had a low bug count, perhaps
    > an actual number or three might put more perspective on it? so far I see..
    > 0.32/1000 vs **** all
    > which means bugger all (to me) and 0.32/1000 vs ??/1000 would be much
    > betterer
    > Ta


    He doesn't even know how many lines of code he wrote. If he doesn't know
    that, then how is he supposed to know how many bugs he's got in that code.
    And if he actually knows how many bugs he's got, then why hasn't he fixed
    them!


    Have A Nice Cup of Tea

    --
    Jono Bacon: "I deal with companies every day that are moving over to Linux,
    and it does all the things that they want."
     
    Have A Nice Cup of Tea, Mar 6, 2006
    #7
  8. thing2

    Peter Guest

    Have A Nice Cup of Tea wrote:
    > On Mon, 06 Mar 2006 14:11:22 +1300, thing2 wrote:
    >> http://www.theregister.co.uk/2006/03/03/open_source_safety_report/

    >
    > I say! That's an excellent report. And it will lead to those bugs it did
    > find being reported and fixed.
    >
    > 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!


    http://www.wired.com/news/technology/linux/0,66022-0.html

    "According to a four-year analysis of the 5.7 million lines of Linux source
    code conducted by five Stanford University computer science researchers,
    the Linux kernel programming code is better and more secure than the
    programming code of most proprietary software.

    Commercial software typically has 20 to 30 bugs for every 1,000 lines of
    code, according to Carnegie Mellon University's CyLab Sustainable Computing
    Consortium. The study identified 0.17 bugs per 1,000 lines of code in the
    Linux kernel."

    --------------------

    I guess studies by university groups should be more objective than people or
    companies counting bugs in their own code.


    Peter
     
    Peter, Mar 6, 2006
    #8
  9. On Mon, 06 Mar 2006 21:35:03 +1300, Peter wrote:

    > Commercial software typically has 20 to 30 bugs for every 1,000 lines of
    > code, according to Carnegie Mellon University's CyLab Sustainable
    > Computing Consortium. The study identified 0.17 bugs per 1,000 lines of
    > code in the Linux kernel."
    >
    > --------------------
    >
    > I guess studies by university groups should be more objective than people
    > or companies counting bugs in their own code.


    Agreed.

    I suppose the reason why some people say that the idea of producing bug
    free code cannot be done is that they don't aim at producing completely
    bug gree code - they only aim at producing "good enough" code.


    Have A Nice Cup of Tea

    --
    Jono Bacon: "I deal with companies every day that are moving over to Linux,
    and it does all the things that they want."
     
    Have A Nice Cup of Tea, Mar 6, 2006
    #9
  10. thing2

    Don Hills Guest

    In article <>,
    Have A Nice Cup of Tea <> wrote:
    >On Mon, 06 Mar 2006 06:25:35 +0000, Steven H wrote:
    >
    >> my BIT third year project had an estimated line count somewhere in the
    >> thirty five to forty thousand lines, written in .net 1.1 - and not what i
    >> would call a 'complex application'.

    >
    >Your project had an "estimated" line count? Don't you even know how many
    >lines you wrote??


    Two possible explanations:

    Either:
    - he never actually wrote the code, just estimated the number of lines it
    would require to do so.

    Or:
    - he wrote a few hundred lines, and the compiler generated the rest when it
    linked in the called objects.

    I know very little about .net, but from what I have been told by people who
    make a lot of money by knowing it intimately(*), I suspect the latter
    explanation is closer to the truth. I haven't looked, but I would bet that
    someone has updated the old joke, about how much object code it takes to say
    "Hello, World" in various languages, to include the .net executable size.


    (*) And bore us all with war stories about it at the pub...

    --
    Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    "New interface closely resembles Presentation Manager,
    preparing you for the wonders of OS/2!"
    -- Advertisement on the box for Microsoft Windows 2.11 for 286
     
    Don Hills, Mar 6, 2006
    #10
  11. thing2

    Warwick Guest

    On Mon, 6 Mar 2006 06:25:35 +0000 (UTC), Steven H wrote:

    > Hello Have A Nice Cup of Tea,
    >
    >> [1 quoted line suppressed]

    >
    > lol... i take it you are easealy sucked in with numbers ?
    >
    > i have some numbers for you
    >
    > one thousand lines of code, even in a managed language like .net where a
    > lot is done for you, isnt really that much. one thousand lines in a more
    > lower level language like C/++ is even less.
    >
    > my BIT third year project had an estimated line count somewhere in the thirty
    > five to forty thousand lines, written in .net 1.1 - and not what i would
    > call a 'complex application'.
    >
    > and my bug count .... **** all, my data / middle / web-service tiers were
    > bug free - all my bugs were in UI land.
    >
    > just to put that 0.32 bugs per 1000 lines into perspective.
    >
    > ----------------
    > Steven H
    >
    > the madGeek
    >
    >> [17 quoted lines suppressed]


    I don't see your point. Its a fraction. So what if you can make the
    denominator and numerator bigger. The ratio is what matters.
     
    Warwick, Mar 6, 2006
    #11
  12. thing2

    Warwick Guest

    On Mon, 06 Mar 2006 22:36:11 +1300, Have A Nice Cup of Tea wrote:

    > On Mon, 06 Mar 2006 21:35:03 +1300, Peter wrote:
    >
    >> [9 quoted lines suppressed]

    >
    > Agreed.
    >
    > I suppose the reason why some people say that the idea of producing bug
    > free code cannot be done is that they don't aim at producing completely
    > bug gree code - they only aim at producing "good enough" code.
    >
    >
    > Have A Nice Cup of Tea


    I reckon the reason is because imperative languages like C and .net cannot
    be proved. afaik People have tried and given up. A functional language like
    Haskell or maybe Erlang OTP is probably better for a mission critical
    application. But you have to learn to code without variables or loops.
     
    Warwick, Mar 6, 2006
    #12
  13. thing2

    Jerry Guest

    Jerry, Mar 6, 2006
    #13
  14. thing2

    Peter Guest

    Jerry wrote:

    > thing2 wrote:
    >> http://www.theregister.co.uk/2006/03/03/open_source_safety_report/
    >>
    >> regards
    >>
    >> Thing

    >
    > So why isn't someone *fixing* bugs instead of counting them?


    All significant bugs would have now been fixed. On can be assured that LAMP
    bugs are fixed mighty quickly and long before anyone tries to exploit them.

    And ordinary bug fixes are free, you do not have to buy the next 'edition'
    of the software to get ordinary bug fixes unlike with 'pay' software.
     
    Peter, Mar 6, 2006
    #14
  15. thing2

    Enkidu Guest

    Have A Nice Cup of Tea wrote:
    > On Mon, 06 Mar 2006 14:11:22 +1300, thing2 wrote:
    >
    >
    >>http://www.theregister.co.uk/2006/03/03/open_source_safety_report/
    >>
    >>regards
    >>
    >>Thing

    >
    >
    > I say! That's an excellent report. And it will lead to those bugs it did
    > find being reported and fixed.
    >
    > 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!
    >
    > Thanks for posting that URL, Thing.
    >

    When IBM's flagship OS, MVS, came out it was estimated at 2 million
    lines of code and also 2 million bugs. But many of those were trivial,
    like the misspelling of a literal string..

    Cheers,

    Cliff
     
    Enkidu, Mar 6, 2006
    #15
  16. thing2

    Steven H Guest

    Hello Shane,

    > er steven, whilst I have no doubt your code had a low bug count,
    > perhaps an
    > actual number or three might put more perspective on it?


    thats hard question to answer - it would be intresting to find out though.

    the point i was trying to get at is basically the point you made, that numbers
    like 0.32/1000 really do not mean much.

    that is because even 'simple' and 'streight forward' applications like my
    project year application that dont have all that much complexity (well i
    dont think its complecated) still have a surprisingly high line count (i
    was quite surprised to get that number).

    so saying that a bug-count of 0.32/1000 is 'good' doesnt really mean much
    because you cant really measure complexity or even bugs per line easealy.

    ----------------
    Steven H

    the madGeek

    > Steven H wrote:
    >
    >> Hello Have A Nice Cup of Tea,
    >>
    >>> 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!
    >>>

    >> lol... i take it you are easealy sucked in with numbers ?
    >>
    >> i have some numbers for you
    >>
    >> one thousand lines of code, even in a managed language like .net
    >> where a lot is done for you, isnt really that much. one thousand
    >> lines in a more lower level language like C/++ is even less.
    >>
    >> my BIT third year project had an estimated line count somewhere in
    >> the thirty five to forty thousand lines, written in .net 1.1 - and
    >> not what i would call a 'complex application'.
    >>
    >> and my bug count .... **** all, my data / middle / web-service tiers
    >> were bug free - all my bugs were in UI land.
    >>
    >> just to put that 0.32 bugs per 1000 lines into perspective.
    >>
    >> ----------------
    >> Steven H

    > er steven, whilst I have no doubt your code had a low bug count,
    > perhaps an
    > actual number or three might put more perspective on it?
    > so far I see.. 0.32/1000 vs **** all
    > which means bugger all (to me) and 0.32/1000 vs ??/1000 would be much
    > betterer
    > Ta
     
    Steven H, Mar 6, 2006
    #16
  17. thing2

    thing2 Guest

    Jerry wrote:
    > thing2 wrote:
    >
    >> http://www.theregister.co.uk/2006/03/03/open_source_safety_report/
    >>
    >> regards
    >>
    >> Thing

    >
    >
    > So why isn't someone *fixing* bugs instead of counting them?


    ho hum..

    Management and anti-fud

    anti-FUD ~ Commercial vendors have long tried to claim that OSS was
    inferior, (code quality and lacking features or bloat if you prefer) so
    now here we have the second study that really looks at an OSS stack, and
    it stands up well.

    Fundimentals of Good Management, You cannot manage anything if you dont
    know what is going on and how good/bad the situation is.

    eg If I have 4 applications, but only time to fix one at a time, knowing
    the bug rate per application means I can use this info for risk
    management, ie do the worst thing first....and in the event of an issue
    I can demonstratee my methodology in explaining why I did what I did....

    regards

    Thing
     
    thing2, Mar 6, 2006
    #17
  18. thing2

    Enkidu Guest

    At a rate of 0.32/1000 your code would have 10 - 12 bugs in it. That's
    easily possible without you knowing it. Likewise your data / middleware
    / web-service tiers probably also had bugs at some unknown rate.

    If you wrote 40,000 lines of .Net 1.1 code you would have had to write
    your way around several .Net bugs. I know I have had to write around ASP
    bugs even in short programs. IMO it is a wonder that the number of
    application bugs is so small considering how buggy the underlying
    languages that they written in are.

    Cheers,

    Cliff

    Steven H wrote:
    > Hello Have A Nice Cup of Tea,
    >
    >> 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!

    >
    >
    > lol... i take it you are easealy sucked in with numbers ? i have some
    > numbers for you
    >
    > one thousand lines of code, even in a managed language like .net
    > where a lot is done for you, isnt really that much. one thousand
    > lines in a more lower level language like C/++ is even less.
    >
    > my BIT third year project had an estimated line count somewhere in
    > the thirty five to forty thousand lines, written in .net 1.1 - and
    > not what i would call a 'complex application'.
    >
    > and my bug count .... **** all, my data / middle / web-service tiers
    > were bug free - all my bugs were in UI land.
    >
    > just to put that 0.32 bugs per 1000 lines into perspective.
    >
    > ---------------- Steven H
    >
    > the madGeek
    >
    >> On Mon, 06 Mar 2006 14:11:22 +1300, thing2 wrote:
    >>
    >>> http://www.theregister.co.uk/2006/03/03/open_source_safety_report/
    >>>
    >>>
    >>>
    >>>
    >>> regards
    >>>
    >>> Thing
    >>>

    >> I say! That's an excellent report. And it will lead to those bugs
    >> it did find being reported and fixed.
    >>
    >> 0.32 bugs per thousand lines of code in the LAMP stack. Excellent!
    >>
    >> Thanks for posting that URL, Thing.
    >>
    >> Have A Nice Cup of Tea
    >>

    >
    >
     
    Enkidu, Mar 6, 2006
    #18
  19. thing2

    Enkidu Guest

    Have A Nice Cup of Tea wrote:
    > On Mon, 06 Mar 2006 06:25:35 +0000, Steven H wrote:
    >
    >
    >>my BIT third year project had an estimated line count somewhere in the
    >>thirty five to forty thousand lines, written in .net 1.1 - and not what i
    >>would call a 'complex application'.

    >
    >
    > Your project had an "estimated" line count? Don't you even know how many
    > lines you wrote??
    >

    I couldn't tell you the exact number of lines in anything that *I* have
    written. Never counted them, and most people do not. 35 - 40,000 is not
    a bad estimate.

    Cheers,

    Cliff
     
    Enkidu, Mar 6, 2006
    #19
  20. thing2

    Enkidu Guest

    Have A Nice Cup of Tea wrote:
    > On Mon, 06 Mar 2006 21:35:03 +1300, Peter wrote:
    >
    >
    >>Commercial software typically has 20 to 30 bugs for every 1,000 lines of
    >>code, according to Carnegie Mellon University's CyLab Sustainable
    >>Computing Consortium. The study identified 0.17 bugs per 1,000 lines of
    >>code in the Linux kernel."
    >>
    >>--------------------
    >>
    >>I guess studies by university groups should be more objective than people
    >>or companies counting bugs in their own code.

    >
    >
    > Agreed.
    >
    > I suppose the reason why some people say that the idea of producing bug
    > free code cannot be done is that they don't aim at producing completely
    > bug gree code - they only aim at producing "good enough" code.
    >

    Lennier, we've been through this before. There is no way to guarantee
    that code is bug free, even with extensive testing.

    The longest bit of code that someone produced that was provably bug-free
    was about 30 lines long and was produced for a CompSci Doctoral thesis.

    Cheers,

    Cliff
     
    Enkidu, Mar 6, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David

    A picture is worth a thousand words

    David, Jul 19, 2003, in forum: Digital Photography
    Replies:
    4
    Views:
    421
    David
    Jul 25, 2003
  2. Replies:
    7
    Views:
    1,526
    Craighton
    Apr 22, 2012
  3. Jason

    Bugs and Bugs...get rid of them

    Jason, Jan 31, 2006, in forum: Computer Security
    Replies:
    1
    Views:
    519
    Hellish
    Jan 31, 2006
  4. arethusa
    Replies:
    6
    Views:
    908
    arethusa
    Apr 14, 2007
  5. Matthias Scheler

    How to report bugs to Cisco

    Matthias Scheler, Oct 25, 2009, in forum: Cisco
    Replies:
    4
    Views:
    1,333
Loading...

Share This Page