Jim's Random Notes

Musings on technology and life

Home
Jim's Random Notes
Old Random Notes
    Archive
    Title Index
TriTryst
Rants and other Writings
Marine Military Academy
Work
WinHelp
Publications
Tools and Utilities

Contact



.NET Reference Guide


Blogs I Like
Jeff Duntemann
Michael Covington
Ms. Mona

Something else interesting about the research I mentioned yesterday is that they've used the tool to find a large number of previously undiscovered bugs in the Linux kernel—primarily, if I'm reading the sketchy information in the Slashdot postings correctly, in kernel device drivers.  That the bugs reside primarily in device drivers isn't terribly surprising.  Device driver code is notoriously difficult to write for many reasons, and doubly so when the programmers don't take the time to read and understand the hardware manuals.  It's harder still when the manuals don't exist and the programmer is working from knowledge gained by poking random data at the hardware interface to see what comes out.

That this analysis reveals so many previously undiscovered bugs both validates and refutes the open source mantra "with enough eyes, all bugs are shallow."  Validation because somebody finally looked at the code, and refutation because it points out that not all code is equally examined.  Some parts of the code get looked at by thousands of eyes, and other parts don't even get tested by the original programmer, much less reviewed by somebody competent.  An automated auditing tool like this is useful, but it still can't replace a competent programmer reviewing the code, as it's still quite possible for errors to occur in modules that do not exhibit any of the redundancies or similar indicators.  The idea behind open source is that "somebody will care."  The reality is that lots of people care about certain parts of the project, but other parts are left wanting.  That particular problem can only get worse as the kernel continues to grow.

---