06:39 PM
Charles Babcock
Charles Babcock
Connect Directly

Clean Up HTC's Droid But Don't Panic

Android is yielding solid code, but developers probably need to spend more time debugging.

Dave Peterson, chief marketing officer of Coverity, describes the nature of the defects as follows: "resource leaks, memory corruptions, null pointer dereferences." The scan found 359 defects, 88 of which were "high risk." High risk defects are bugs that "in theory, that could have security implications." That is, they could lead to trouble but are not yet targeted by the troublemakers.

The defects are common programming errors. Operating systems build objects from class libraries, modules of code to be used for a particular individual need, then discarded. If the object remains in random access memory, along with a build-up of many other used objects, it will eventually choke the limited memory of a mobile device. That's one example of a resource leak -- a memory leak. It poses a risk of causing a device crash once memory is filled to the brim.

A C language null pointer dereferences causes a mobile device's software to look for a value in memory that is no longer there. The pointer returns a null value and the program stalls. The programmer should have been more fastidious in going back over all his previous steps to eliminate any pointers no longer needed. It's painstaking work; sometimes a pointer is overlooked.

Are these named bugs security risks? "We don't know what effects they may have or not have," said Peterson.

So 88 defects in about 720,000 lines of code need to be attended to in a particular HTC release of the Android "Froyo" kernel. A scan of other manufacturer's source code, say Motorola's or Nokia's, might yield different results. HTC has been aggressively adopting the Android system and modifying it through contributions from many different vendors. It's also been operating in a more open manner that makes it subject to easy scrutiny.

In the short run, that makes HTC subject to charges that it's producing buggy, inferior code for its phones. In the long run, if the identified defects get corrected, it will show that it clears up bugs quickly and forges ahead with rapid development. Such a stance will pay off for HTC and Android. Meanwhile, we have Coverity watching and publicizing results from its automated scans.

Android developers need to take a lesson from their Linux kernel elders. They've driven their bug rate down to .127 per 1,000 lines of code or one-eighth the average. Android developers need to do likewise. To do so will take more time and developer investment than aggressive Android development has allowed so far. But the adjustment should come sooner rather than later.

2 of 2
Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.