I was talking to Dalibor and he pointed me at the FindBugs
paper, which is super-cool.

Figure 14 (page 10) is particularly interesting. This is the one
where they show Classpath as having 724 flagged bugs in 457 KLOC, and
the 1.5 JDK as having 3,314 flagged bugs in 1,183 KLOC.

First, the size disparity is interesting here. Classpath is about
60% complete (by a naive count that excludes a lot of libraries that
exist but aren’t integrated). This suggests that our code is 64% the
size of the corresponding JDK code. (These numbers are a little
fuzzy, since we aren’t doing comparisons against 1.5 yet, so perhaps
that first 60% is a little high.)

Second, our bug rate is much better: 1.6 bugs per KLOC versus 2.8
for Sun. My theory here is that bugs in free libraries tend to be
fixed, whereas bugs in Sun’s library tend to be worked around. Even
though the JDK source is “available”, it is only available under a
very restrictive license that provides a strong disincentive to bother
fixing problems in it.

I’d love to see us running FindBugs nightly against Classpath, and
mandating that code be “FindBugs clean” (to the extent reasonably
possible).

75%

As I mentioned above, there are free Java libraries out there,
like Tritonus, that implement parts of the standard library but aren’t
part of Classpath. If you roll all these into the nightly comparison,
it turns out that we’re above 75% complete (versus 1.4). That’s quite
good, especially when you consider where we were a year ago.