+ <item>
+ <title>Two projects that have improved the quality of free software a lot</title>
+ <link>Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html</link>
+ <guid isPermaLink="true">Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html</guid>
+ <pubDate>Sat, 2 May 2009 15:00:00 +0200</pubDate>
+ <description>
+<p>There are two software projects that have had huge influence on the
+quality of free software, and I wanted to mention both in case someone
+do not yet know them.</p>
+
+<p>The first one is <a href="http://valgrind.org/">valgrind</a>, a
+tool to detect and expose errors in the memory handling of programs.
+It is easy to use, all one need to do is to run 'valgrind program',
+and it will report any problems on stdout. It is even better if the
+program include debug information. With debug information, it is able
+to report the source file name and line number where the problem
+occurs. It can report things like 'reading past memory block in file
+X line N, the memory block was allocated in file Y, line M', and
+'using uninitialised value in control logic'. This tool has made it
+trivial to investigate reproducible crash bugs in programs, and have
+reduced the number of this kind of bugs in free software a lot.
+
+<p>The second one is
+<a href="http://en.wikipedia.org/wiki/Coverity">Coverity</a> which is
+a source code checker. It is able to process the source of a program
+and find problems in the logic without running the program. It
+started out as the Stanford Checker and became well known when it was
+used to find bugs in the Linux kernel. It is now a commercial tool
+and the company behind it is running
+<a href="http://www.scan.coverity.com/">a community service</a> for the
+free software community, where a lot of free software projects get
+their source checked for free. Several thousand defects have been
+found and fixed so far. It can find errors like 'lock L taken in file
+X line N is never released if exiting in line M', or 'the code in file
+Y lines O to P can never be executed'. The projects included in the
+community service project have managed to get rid of a lot of
+reliability problems thanks to Coverity.</p>
+
+<p>I believe tools like this, that are able to automatically find
+errors in the source, are vital to improve the quality of software and
+make sure we can get rid of the crashing and failing software we are
+surrounded by today.</p>
+</description>
+ </item>
+