LibreOffice's superlow defect rate puts proprietary software to shame

LibreOffice code is among the cleanest you'll find, with one-tenth the defect density of the average proprietary code base for similar-scale apps

open source 3

For old-timers, the venerable codebase comes with a folk-memory of instability and resource greed. But the LibreOffice project -- founded four years ago this weekend -- hold good news for those who prefer their office suite to be open source.

According to code improvement vendor Coverity, the LibreOffice code maintained by the Document Foundation has one of the lowest defect densities in the software industry following intensive analysis and fixing by its community.

The 2013 Coverity Scan Open Source Report found the average defect density for open source projects with more than 1 million lines of code was 0.65, whereas the defect density for proprietary code bases of a similar scale to LibreOffice was 0.71.

The code, based on OpenOffice, originally came with a defect density of 1.1 -- above average for open source -- but the work of TDF developers has reduced that dramatically, down to 0.84 in their first year of work, then to 0.08 at the date of the press release. As of today, the defect density is down to 0.07 (visible to logged-in Scan users) -- that's less than one-tenth the rate found in proprietary software of a similar profile. While it's difficult to compare diverged code trees, the defect density in another successor of the same original code -- at Apache OpenOffice -- is currently 0.94 according to Coverity. Unfortunately, there's no way to compare with an equivalent proprietary codebase like Microsoft Office.

The LibreOffice team has analyzed more than 9 million lines of code to find and fix 10,000-plus defects of all types, including some with the potential to impact security and many that affected stability and memory use. The team working through the Coverity results is led by Caolán McNamara of Red Hat and includes Stephan Bergmann, Noel Grandin, Norbert Thiebaud, Julien Nabet, and others.

Coverity offers a commercial tool suite designed to help developers track the most common defects arising from software development, such as null pointers, buffer overruns, and resource leaks. Itself heavily dependent on open source software, the suite offers tools for code and test analysis, metrics tracking, and issue workflow. A subset of the commercial tools is offered free of charge to open source projects as Coverity Scan, which tests every line of code as well as every potential execution path. The root cause of each defect is then clearly identified, making it easy to fix bugs.

More than 2,700 open source projects make use of Scan to help shake the defects out of their code, including the Linux kernel and many Apache projects such as Hadoop, Cassandra, CloudStack, Struts, and Tomcat. Zack Samocha, senior director of products at Coverity, told me, "This is a service we provide to the open source community to help us on our mission of helping organizations deliver higher quality and more secure software, faster."

While an open source license on code is no automatic guarantee of quality, by its nature it allows evaluation of quality and encourages collaborative efforts toward improvement. That's why Coverity asserts open source code quality now outpaces that of proprietary code. Even within that trend, LibreOffice is an outlier, with amazingly low defect density. Four years of work by a diverse community has yielded terrific quality.

Copyright © 2014 IDG Communications, Inc.