Content deleted Content added
start review: mv examples to new section. copy ref from Therac-25. define bug. |
m →Static analysis: remove user name comment |
||
| (41 intermediate revisions by 25 users not shown) | |||
Line 1:
{{Short description|
{{Self-reference|To report a [[MediaWiki]] error on Wikipedia, see [[Wikipedia:Bug reports]].}}
{{Use mdy dates|date=April 2020}}
Line 10:
In 2002, a study commissioned by the US [[Department of Commerce]]'s [[National Institute of Standards and Technology]] concluded that "software bugs, or errors, are so prevalent and so detrimental that they cost the US economy an estimated $59 billion annually, or about 0.6 percent of the gross domestic product".<ref>{{cite web|url=http://www.nist.gov/public_affairs/releases/n02-10.htm |title=Software bugs cost US economy dear |date=June 10, 2009 |access-date=September 24, 2012 |url-status=dead |archive-url=https://web.archive.org/web/20090610052743/http://www.nist.gov/public_affairs/releases/n02-10.htm |archive-date=June 10, 2009 }}</ref>
Since the 1950s, some computer systems have been designed to detect or auto-correct various software errors during operations.
== History ==
Line 17:
== Terminology ==
''Mistake metamorphism'' (from Greek ''meta'' = "change", ''morph'' = "form") refers to the evolution of a defect in the final stage of software deployment. Transformation of a
Different stages of a mistake in the development cycle may be described as mistake,<ref name=ieeeGlossary>{{cite book
Line 24:
|date=December 31, 1990
|isbn=978-0-7381-0391-4
|doi=10.1109/IEEESTD.1990.101064}}</ref>{{rp|31}}anomaly,<ref name=ieeeGlossary/>{{rp|10}} fault,<ref name=ieeeGlossary/>{{rp|31}} failure,<ref name=ieeeGlossary/>{{rp|31}} error,<ref name=ieeeGlossary/>{{rp|31}} exception,<ref name=ieeeGlossary/>{{rp|31}} crash,<ref name=ieeeGlossary/>{{rp|22}} glitch, bug,<ref name=ieeeGlossary/>{{rp|14}} defect, incident,<ref name=ieeeGlossary/>{{rp|39}} or side effect.
==Examples==
Line 64 ⟶ 53:
== Controversy ==
Sometimes the use of ''bug'' to describe the behavior of software is contentious due to perception. Some suggest that the term should be abandoned;
|website=News at SEI
|publisher=[[Software Engineering Institute]]
|title=News at SEI
|date=
|first=Watts S.
|last=Humphrey
|author-link=Watts Humphrey
|url=https://insights.sei.cmu.edu/documents/2648/1999_102_001_413932.pdf
|at=page 73 of 154 in PDF file
|url=https://insights.sei.cmu.edu/library/news-at-sei-september-1999}}</ref>▼
|access-date=2025-02-02
|archive-url=https://web.archive.org/web/20231015130719/https://insights.sei.cmu.edu/documents/2648/1999_102_001_413932.pdf
|archive-date=2023-10-15
|url-status=live
▲
Some contend that ''bug'' may be used to [[coverup|cover up]] an intentional design decision. In 2011, after receiving scrutiny from US Senator [[Al Franken]] for recording and storing users' locations in unencrypted files,<ref>{{cite journal
|author=Gregg Keizer
|title=Apple faces questions from Congress about iPhone tracking
Line 105 ⟶ 98:
Newer [[programming language]]s tend to be designed to prevent common bugs based on vulnerabilities of existing languages. Lessons learned from older languages such as [[BASIC]] and [[C (programming language)|C]] are used to inform the design of later languages such as [[C Sharp (programming language)|C#]] and [[Rust (programming language)|Rust]].
A [[
Languages may include features such as a static [[type system]], restricted [[namespace]]s and [[modular programming]]. For example, for a typed, compiled language (like [[C (programming language)|C]]):
Line 112 ⟶ 107:
is syntactically correct, but fails type checking since the right side, a string, cannot be assigned to a float variable. Compilation fails {{endash}} forcing this defect to be fixed before development progress can resume. With an interpreted language, a failure would not occur until later at runtime.
Some languages exclude features that easily lead to bugs, at the expense of slower performance {{endash}} the principle being that it is usually better to write simpler, slower correct code than complicated, buggy code. For example,
Some languages include features that add runtime overhead in order to prevent
▲A [[compiler|compiled]] language allows for detecting some typos (such as a misspelled identifier) before [[Runtime (program lifecycle phase)|runtime]] which is earlier in the [[software development process]] than for an [[Interpreter (computing)|interpreted]] language.
=== Techniques ===
For example,
if (condition)
foo(); But this code always executes {{code|foo}}:
if (condition);
foo(); Using braces - even if they're not strictly required - reliably prevents this error:
if (condition) {
foo();
}
Enforcement of conventions may be manual (i.e. via [[code review]]) or via automated tools such as [[Lint_(software)|linters]].
=== Specification ===
Some{{who?|date=May 2025}} contend that writing a [[program specification]], which states the intended behavior of a program, can prevent bugs. Others{{who?|date=May 2025}}, however, contend that formal specifications are impractical for anything but the shortest programs, because of problems of [[combinatorial explosion]] and [[Nondeterministic algorithm|indeterminacy]].
=== Software testing ===
One goal of [[software testing]] is to find bugs. Measurements during testing can provide an estimate of the number of likely bugs remaining. This becomes more reliable the longer a product is tested and developed.{{citation needed|date=February 2017}}▼
▲Measurements during testing can provide an estimate of the number of likely bugs remaining. This becomes more reliable the longer a product is tested and developed.{{citation needed|date=February 2017}}
=== Agile practices ===
Line 154 ⟶ 145:
[[Agile software development]] may involve frequent software releases with relatively small changes. Defects are revealed by user feedback.
With [[test-driven development]] (TDD), [[
=== Static analysis ===
Tools for [[static code analysis]] help developers by inspecting the program text beyond the compiler's capabilities to spot potential problems. Although in general the problem of finding all programming errors given a specification is not solvable (see [[halting problem]]), these tools exploit the fact that human programmers tend to make certain kinds of simple mistakes
=== Instrumentation ===
Line 184 ⟶ 175:
Some contend that locating a bug is something of an art.
It is not uncommon for a bug in one section of a program to cause failures in a different section,{{citation needed|date=November 2012}} thus making it difficult to track, in an apparently unrelated part of the system. For example, an error in a graphics [[Rendering (computer graphics)|rendering]] routine causing a file [[
Sometimes, the most difficult part of debugging is finding the cause of the bug. Once found, correcting the problem is sometimes easy if not trivial.
Line 194 ⟶ 185:
Typically, the first step in locating a bug is to reproduce it reliably. If unable to reproduce the issue, a programmer cannot find the cause of the bug and therefore cannot fix it.
Some bugs are revealed by inputs that may be difficult for the programmer to re-create. One cause of the [[Therac-25]] radiation machine deaths was a bug (specifically, a [[race condition]]) that occurred only when the machine operator very rapidly entered a treatment plan; it took days of practice to become able to do this, so the bug did not manifest in testing or when the manufacturer attempted to duplicate it. Other bugs may stop occurring whenever the setup is augmented to help find the bug, such as running the program with a debugger; these are called ''[[heisenbug]]s'' (humorously named after the [[
Since the 1990s, particularly following the [[Ariane 5 Flight 501]] disaster, interest in automated aids to debugging rose, such as [[static code analysis]] by [[abstract interpretation]].<ref>{{Cite web|url=http://christele.faure.pagesperso-orange.fr/polyspace.html|title=PolySpace Technologies history|website=christele.faure.pagesperso-orange.fr|access-date=August 1, 2019}}</ref>
Line 217 ⟶ 208:
=== Severity ===
''Severity'' is a measure of impact the bug has.<ref>{{Cite journal|last1=Soleimani Neysiani|first1=Behzad|last2=Babamir|first2=Seyed Morteza|last3=Aritsugi|first3=Masayoshi|date=2020-10-01|title=Efficient feature extraction model for validation performance improvement of duplicate bug report detection in software bug triage systems|url=https://linkinghub.elsevier.com/retrieve/pii/S0950584920301117|journal=Information and Software Technology|language=en|volume=126|pages=106344|doi=10.1016/j.infsof.2020.106344|s2cid=219733047|url-access=subscription}}</ref> This impact may be data loss, financial, loss of goodwill and wasted effort. Severity levels are not standardized, but differ by context such as industry and tracking tool. For example, a crash in a video game has a different impact than a crash in a bank server. Severity levels might be ''crash or hang'', ''no workaround'' (user cannot accomplish a task), ''has workaround'' (user can still accomplish the task), ''visual defect'' (a misspelling for example), or ''documentation error''. Another example set of severities: ''critical'', ''high'', ''low'', ''blocker'', ''trivial''.<ref>{{cite web|url=http://www.bugzilla.org/docs/4.4/en/html/bug_page.html|title=5.3. Anatomy of a Bug|work=bugzilla.org|url-status=live|archive-url=https://web.archive.org/web/20130523121753/http://www.bugzilla.org/docs/4.4/en/html/bug_page.html|archive-date=May 23, 2013}}</ref> The severity of a bug may be a separate category to its priority for fixing, or the two may be quantified and managed separately.
{{anchor|Show stopper|Showstopper|Showstopper bug}}A bug severe enough to delay the release of the product is called a ''show stopper''.<ref name="DoD_Glossary1989">{{Cite encyclopedia |title=Show stopper |encyclopedia=Glossary: defense acquisition acronyms and terms |year=1989 |publisher=Department of Defense, [[Defense Systems Management College]] |___location=Fort Belvoir, Virginia|url=https://hdl.handle.net/2027/mdp.39015061290758?urlappend=%3Bseq=163 |editor-last=Jones |editor-first=Wilbur D. Jr. |edition=4 |page=123 |hdl=2027/mdp.39015061290758?urlappend=%3Bseq=163 |language=en|via=Hathitrust}}</ref><ref name="Zachary1994">{{Cite book |title=Show-stopper!: the breakneck race to create Windows NT and the next generation at Microsoft |last=Zachary |first=G. Pascal |publisher=[[Free Press (publisher)|The Free Press]] |year=1994 |isbn=0029356717 |___location=New York |page=158 |language=en |url=https://archive.org/details/showstopperbreak00zach/page/158/mode/1up?q=%22showstopper+bug%22 |url-access=registration |via=archive.org}}</ref>
Line 259 ⟶ 250:
=== Cost ===
In 1994, NASA's [[Goddard Space Flight Center]] managed to reduce their average number of errors from 4.5 per
|journal=Software Engineering Laboratory Series
|title=An Overview of the Software Engineering Laboratory
Line 273 ⟶ 264:
|series=NASA Office of Chief Engineer Technical Excellence Program
|url= https://www.nasa.gov/wp-content/uploads/2015/04/418878main_fswc_final_report.pdf
}}</ref> Some projects even attained zero defects: the [[firmware]] in the [[IBM Wheelwriter]] typewriter which consists of 63,000 SLOC, and the [[Space Shuttle]] software with 500,000 SLOC.<ref name="CobbMills1990" />▼
▲Some projects even attained zero defects: the [[firmware]] in the [[IBM Wheelwriter]] typewriter which consists of 63,000 SLOC, and the [[Space Shuttle]] software with 500,000 SLOC.<ref name="CobbMills1990" />
=== Benchmark ===
Line 280 ⟶ 270:
To facilitate reproducible research on testing and debugging, researchers use curated benchmarks of bugs:
* the Siemens benchmark
* ManyBugs<ref name="Le GouesHoltschulte2015">{{cite journal|last1=Le Goues|first1=Claire|author1-link=Claire Le Goues|last2=Holtschulte|first2=Neal|last3=Smith|first3=Edward K.|last4=Brun|first4=Yuriy|last5=Devanbu|first5=Premkumar|last6=Forrest|first6=Stephanie|last7=Weimer|first7=Westley|title=The ManyBugs and IntroClass Benchmarks for Automated Repair of C Programs|journal=IEEE Transactions on Software Engineering|volume=41|issue=12|year=2015|pages=1236–1256|issn=0098-5589|doi=10.1109/TSE.2015.2454513|doi-access=free}}</ref> is a benchmark of 185 C bugs in nine open-source programs.
* Defects4J<ref name="JustJalali2014">{{cite book|last1=Just|first1=René|title=Proceedings of the 2014 International Symposium on Software Testing and Analysis – ISSTA 2014|pages=437–440|last2=Jalali|first2=Darioush|last3=Ernst|first3=Michael D.|s2cid=12796895|chapter=Defects4J: a database of existing faults to enable controlled testing studies for Java programs|year=2014|doi=10.1145/2610384.2628055|isbn=9781450326452|citeseerx=10.1.1.646.3086}}</ref> is a benchmark of 341 Java bugs from 5 open-source projects. It contains the corresponding patches, which cover a variety of patch type.
Line 302 ⟶ 292:
|publisher=[[IEEE]]
|doi=10.1109/ASE.2017.8115662}}</ref>
Such a bug can be from a lack of awareness of the qualities of the data storage such as a [[arithmetic precision|loss of precision]] due to [[rounding]], [[
=== Control flow ===
Line 339 ⟶ 329:
=== Teamwork ===
* Unpropagated updates; e.g. programmer changes "myAdd" but forgets to change "mySubtract", which uses the same algorithm. These errors are mitigated by the [[
* Comments out of date or incorrect: many programmers assume the comments accurately describe the code.
* Differences between documentation and product.
Line 352 ⟶ 342:
== In popular culture ==
* In video gaming, the term "[[glitch#Video game glitches|glitch]]" is sometimes used to refer to a software bug. An example is the glitch and [[List of Pokémon|unofficial Pokémon species]] [[MissingNo.]]
* In both the 1968 novel ''[[2001: A Space Odyssey (novel)|2001: A Space Odyssey]]'' and the corresponding [[2001: A Space Odyssey
* In the English version of the Nena 1983 song ''[[99 Luftballons]]'' (99 Red Balloons) as a result of "bugs in the software", a release of a group of 99 red balloons are mistaken for an enemy nuclear missile launch, requiring an equivalent launch response and resulting in catastrophe.
* In the 1999 American comedy ''[[Office Space]]'', three employees attempt (unsuccessfully) to exploit their company's preoccupation with the Y2K computer bug using a computer virus that sends rounded-off fractions of a penny to their bank account—a long-known technique described as [[
* The 2004 novel ''The Bug'', by [[Ellen Ullman]], is about a programmer's attempt to find an elusive bug in a database application.<ref>{{cite book | last=Ullman | first=Ellen | date=2004 | title=The Bug | publisher=[[Picador (imprint)|Picador]] | isbn=978-1-250-00249-5 }}</ref>
* The 2008 Canadian film ''[[Control Alt Delete (film)|Control Alt Delete]]'' is about a computer programmer at the end of 1999 struggling to fix bugs at his company related to the year 2000 problem.
| |||