Content deleted Content added
Darth Stabro (talk | contribs) m Reverted 1 edit by 24.51.54.23 (talk) to last revision by Murray Langton |
m →Static analysis: remove user name comment |
||
| (31 intermediate revisions by 18 users not shown) | |||
Line 10:
In 2002, a study commissioned by the US [[Department of Commerce]]'s [[National Institute of Standards and Technology]] concluded that "software bugs, or errors, are so prevalent and so detrimental that they cost the US economy an estimated $59 billion annually, or about 0.6 percent of the gross domestic product".<ref>{{cite web|url=http://www.nist.gov/public_affairs/releases/n02-10.htm |title=Software bugs cost US economy dear |date=June 10, 2009 |access-date=September 24, 2012 |url-status=dead |archive-url=https://web.archive.org/web/20090610052743/http://www.nist.gov/public_affairs/releases/n02-10.htm |archive-date=June 10, 2009 }}</ref>
Since the 1950s, some computer systems have been designed to detect or auto-correct various software errors during operations.
== History ==
Line 17:
== Terminology ==
''Mistake metamorphism'' (from Greek ''meta'' = "change", ''morph'' = "form") refers to the evolution of a defect in the final stage of software deployment. Transformation of a
Different stages of a mistake in the development cycle may be described as mistake,<ref name=ieeeGlossary>{{cite book
Line 24:
|date=December 31, 1990
|isbn=978-0-7381-0391-4
|doi=10.1109/IEEESTD.1990.101064}}</ref>{{rp|31}}anomaly,<ref name=ieeeGlossary/>{{rp|10}} fault,<ref name=ieeeGlossary/>{{rp|31}} failure,<ref name=ieeeGlossary/>{{rp|31}} error,<ref name=ieeeGlossary/>{{rp|31}} exception,<ref name=ieeeGlossary/>{{rp|31}} crash,<ref name=ieeeGlossary/>{{rp|22}} glitch, bug,<ref name=ieeeGlossary/>{{rp|14}} defect, incident,<ref name=ieeeGlossary/>{{rp|39}} or side effect.
==Examples==
Line 64 ⟶ 53:
== Controversy ==
Sometimes the use of ''bug'' to describe the behavior of software is contentious due to perception. Some suggest that the term should be abandoned;
|website=News at SEI
|publisher=[[Software Engineering Institute]]
|title=News at SEI
|date=
|first=Watts S.
|last=Humphrey
|author-link=Watts Humphrey
|url=https://insights.sei.cmu.edu/documents/2648/1999_102_001_413932.pdf
|at=page 73 of 154 in PDF file
|url=https://insights.sei.cmu.edu/library/news-at-sei-september-1999}}</ref>▼
|access-date=2025-02-02
|archive-url=https://web.archive.org/web/20231015130719/https://insights.sei.cmu.edu/documents/2648/1999_102_001_413932.pdf
|archive-date=2023-10-15
|url-status=live
▲
Some contend that ''bug'' may be used to [[coverup|cover up]] an intentional design decision. In 2011, after receiving scrutiny from US Senator [[Al Franken]] for recording and storing users' locations in unencrypted files,<ref>{{cite journal
|author=Gregg Keizer
|title=Apple faces questions from Congress about iPhone tracking
Line 105 ⟶ 98:
Newer [[programming language]]s tend to be designed to prevent common bugs based on vulnerabilities of existing languages. Lessons learned from older languages such as [[BASIC]] and [[C (programming language)|C]] are used to inform the design of later languages such as [[C Sharp (programming language)|C#]] and [[Rust (programming language)|Rust]].
A [[compiled]] language allows for detecting some typos (such as a misspelled identifier) before [[Runtime (program lifecycle phase)|runtime]] which is earlier in the [[software development process]] than for an [[Interpreter (computing)|interpreted]] language.▼
Languages may include features such as a static [[type system]], restricted [[namespace]]s and [[modular programming]]. For example, for a typed, compiled language (like [[C (programming language)|C]]):
Line 112 ⟶ 107:
is syntactically correct, but fails type checking since the right side, a string, cannot be assigned to a float variable. Compilation fails {{endash}} forcing this defect to be fixed before development progress can resume. With an interpreted language, a failure would not occur until later at runtime.
Some languages exclude features that easily lead to bugs, at the expense of slower performance {{endash}} the principle being that it is usually better to write simpler, slower correct code than complicated, buggy code. For example,
Some languages include features that add runtime overhead in order to prevent
▲A [[compiled]] language allows for detecting some typos (such as a misspelled identifier) before [[Runtime (program lifecycle phase)|runtime]] which is earlier in the [[software development process]] than for an [[Interpreter (computing)|interpreted]] language.
=== Techniques ===
For example,
if (condition)
foo(); But this code always executes {{code|foo}}:
if (condition);
foo(); Using braces - even if they're not strictly required - reliably prevents this error:
if (condition) {
foo();
}
Enforcement of conventions may be manual (i.e. via [[code review]]) or via automated tools such as [[Lint_(software)|linters]].
=== Specification ===
Some{{who?|date=May 2025}} contend that writing a [[program specification]], which states the intended behavior of a program, can prevent bugs. Others{{who?|date=May 2025}}, however, contend that formal specifications are impractical for anything but the shortest programs, because of problems of [[combinatorial explosion]] and [[Nondeterministic algorithm|indeterminacy]].
=== Software testing ===
One goal of [[software testing]] is to find bugs. Measurements during testing can provide an estimate of the number of likely bugs remaining. This becomes more reliable the longer a product is tested and developed.{{citation needed|date=February 2017}}▼
▲Measurements during testing can provide an estimate of the number of likely bugs remaining. This becomes more reliable the longer a product is tested and developed.{{citation needed|date=February 2017}}
=== Agile practices ===
Line 154 ⟶ 145:
[[Agile software development]] may involve frequent software releases with relatively small changes. Defects are revealed by user feedback.
With [[test-driven development]] (TDD), [[unit test]]s are written while writing the production code, and the production code is not considered complete until all tests have been written and complete successfully.
=== Static analysis ===
Tools for [[static code analysis]] help developers by inspecting the program text beyond the compiler's capabilities to spot potential problems. Although in general the problem of finding all programming errors given a specification is not solvable (see [[halting problem]]), these tools exploit the fact that human programmers tend to make certain kinds of simple mistakes
=== Instrumentation ===
Line 217 ⟶ 208:
=== Severity ===
''Severity'' is a measure of impact the bug has.<ref>{{Cite journal|last1=Soleimani Neysiani|first1=Behzad|last2=Babamir|first2=Seyed Morteza|last3=Aritsugi|first3=Masayoshi|date=2020-10-01|title=Efficient feature extraction model for validation performance improvement of duplicate bug report detection in software bug triage systems|url=https://linkinghub.elsevier.com/retrieve/pii/S0950584920301117|journal=Information and Software Technology|language=en|volume=126|pages=106344|doi=10.1016/j.infsof.2020.106344|s2cid=219733047|url-access=subscription}}</ref> This impact may be data loss, financial, loss of goodwill and wasted effort. Severity levels are not standardized, but differ by context such as industry and tracking tool. For example, a crash in a video game has a different impact than a crash in a bank server. Severity levels might be ''crash or hang'', ''no workaround'' (user cannot accomplish a task), ''has workaround'' (user can still accomplish the task), ''visual defect'' (a misspelling for example), or ''documentation error''. Another example set of severities: ''critical'', ''high'', ''low'', ''blocker'', ''trivial''.<ref>{{cite web|url=http://www.bugzilla.org/docs/4.4/en/html/bug_page.html|title=5.3. Anatomy of a Bug|work=bugzilla.org|url-status=live|archive-url=https://web.archive.org/web/20130523121753/http://www.bugzilla.org/docs/4.4/en/html/bug_page.html|archive-date=May 23, 2013}}</ref> The severity of a bug may be a separate category to its priority for fixing, or the two may be quantified and managed separately.
{{anchor|Show stopper|Showstopper|Showstopper bug}}A bug severe enough to delay the release of the product is called a ''show stopper''.<ref name="DoD_Glossary1989">{{Cite encyclopedia |title=Show stopper |encyclopedia=Glossary: defense acquisition acronyms and terms |year=1989 |publisher=Department of Defense, [[Defense Systems Management College]] |___location=Fort Belvoir, Virginia|url=https://hdl.handle.net/2027/mdp.39015061290758?urlappend=%3Bseq=163 |editor-last=Jones |editor-first=Wilbur D. Jr. |edition=4 |page=123 |hdl=2027/mdp.39015061290758?urlappend=%3Bseq=163 |language=en|via=Hathitrust}}</ref><ref name="Zachary1994">{{Cite book |title=Show-stopper!: the breakneck race to create Windows NT and the next generation at Microsoft |last=Zachary |first=G. Pascal |publisher=[[Free Press (publisher)|The Free Press]] |year=1994 |isbn=0029356717 |___location=New York |page=158 |language=en |url=https://archive.org/details/showstopperbreak00zach/page/158/mode/1up?q=%22showstopper+bug%22 |url-access=registration |via=archive.org}}</ref>
Line 259 ⟶ 250:
=== Cost ===
In 1994, NASA's [[Goddard Space Flight Center]] managed to reduce their average number of errors from 4.5 per
|journal=Software Engineering Laboratory Series
|title=An Overview of the Software Engineering Laboratory
Line 273 ⟶ 264:
|series=NASA Office of Chief Engineer Technical Excellence Program
|url= https://www.nasa.gov/wp-content/uploads/2015/04/418878main_fswc_final_report.pdf
}}</ref> Some projects even attained zero defects: the [[firmware]] in the [[IBM Wheelwriter]] typewriter which consists of 63,000 SLOC, and the [[Space Shuttle]] software with 500,000 SLOC.<ref name="CobbMills1990" />▼
▲Some projects even attained zero defects: the [[firmware]] in the [[IBM Wheelwriter]] typewriter which consists of 63,000 SLOC, and the [[Space Shuttle]] software with 500,000 SLOC.<ref name="CobbMills1990" />
=== Benchmark ===
Line 280 ⟶ 270:
To facilitate reproducible research on testing and debugging, researchers use curated benchmarks of bugs:
* the Siemens benchmark
* ManyBugs<ref name="Le GouesHoltschulte2015">{{cite journal|last1=Le Goues|first1=Claire|author1-link=Claire Le Goues|last2=Holtschulte|first2=Neal|last3=Smith|first3=Edward K.|last4=Brun|first4=Yuriy|last5=Devanbu|first5=Premkumar|last6=Forrest|first6=Stephanie|last7=Weimer|first7=Westley|title=The ManyBugs and IntroClass Benchmarks for Automated Repair of C Programs|journal=IEEE Transactions on Software Engineering|volume=41|issue=12|year=2015|pages=1236–1256|issn=0098-5589|doi=10.1109/TSE.2015.2454513|doi-access=free}}</ref> is a benchmark of 185 C bugs in nine open-source programs.
* Defects4J<ref name="JustJalali2014">{{cite book|last1=Just|first1=René|title=Proceedings of the 2014 International Symposium on Software Testing and Analysis – ISSTA 2014|pages=437–440|last2=Jalali|first2=Darioush|last3=Ernst|first3=Michael D.|s2cid=12796895|chapter=Defects4J: a database of existing faults to enable controlled testing studies for Java programs|year=2014|doi=10.1145/2610384.2628055|isbn=9781450326452|citeseerx=10.1.1.646.3086}}</ref> is a benchmark of 341 Java bugs from 5 open-source projects. It contains the corresponding patches, which cover a variety of patch type.
Line 352 ⟶ 342:
== In popular culture ==
* In video gaming, the term "[[glitch#Video game glitches|glitch]]" is sometimes used to refer to a software bug. An example is the glitch and [[List of Pokémon|unofficial Pokémon species]] [[MissingNo.]]
* In both the 1968 novel ''[[2001: A Space Odyssey (novel)|2001: A Space Odyssey]]'' and the corresponding [[2001: A Space Odyssey|film of the same name]], the spaceship's onboard computer, [[HAL 9000]], attempts to kill all its crew members. In the follow-up 1982 novel, ''[[2010: Odyssey Two]]'', and the accompanying 1984 film, ''[[2010: The Year We Make Contact
* In the English version of the Nena 1983 song ''[[99 Luftballons]]'' (99 Red Balloons) as a result of "bugs in the software", a release of a group of 99 red balloons are mistaken for an enemy nuclear missile launch, requiring an equivalent launch response and resulting in catastrophe.
* In the 1999 American comedy ''[[Office Space]]'', three employees attempt (unsuccessfully) to exploit their company's preoccupation with the Y2K computer bug using a computer virus that sends rounded-off fractions of a penny to their bank account—a long-known technique described as [[salami slicing]].
| |||