Is open-source Tomcat buggy? No more than 'commercialware'

Tomcat, the Java-based application server that is part of the open Apache Jakarta project, suffers about the same level of defects as proprietary code, according to a survey by Reasoning Inc.

The finding is important, said Jeff Klagenberg, Reasoning's director of product management, because of a belief in the Java development community that the programming language is less error-prone than languages like C and C++.

"We see some of the same types of defects [in Tomcat that] we see in C and C++, which I don't think the Java development community has necessarily known," he said. "There was an expectation that Java removed certain types of defects and they do still exist in the code."

The Reasoning study inspecting mature Tomcat Version 4.1.24 code found 17 software defects in 70,988 lines of Tomcat source code, according to the Mountain View, Calif.-based inspection service. The defect density of the Tomcat code inspected was 0.24 per thousand lines of source code, Reasoning officials said.

The majority of the defects were null pointer dereference (NPD) errors, which can crash applications, Klagenberg said.

"In Java, of course, you don't have explicit pointers, you have references to objects," he explained. "What happens is those references can be null, they can basically have no data in them. But your application can go to try to look at an object that you are expecting to exist, but which does not exist. It's null and will cause the application to stop running."

The Reasoning report on Tomcat inspection is available at


For other Programmers Report articles, please go to

About the Author

Rich Seeley is Web Editor for Campus Technology.


Upcoming Events


Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.