What Is a ‘Bug’?
Considerable effort in software research and practice is spent on bugs. Finding bugs, reporting and tracking them, triaging them, attempting to fix them automatically, detecting “bug smells”—these comprise a substantial portion of large projects’ time and development costs, and are a significant subject of study for researchers in software engineering, programming languages, security, and beyond.
But, what is a bug, exactly? While segmentation faults rarely spark joy, most bugs are not so clear cut. Per the Oxford English Dictionary, the word “bug” has been a colloquialism for an engineering “defect” at least since the 1870s. Most modern software-oriented definitions—formal or informal—speak to a disconnect between what a developer intended and what a program actually does. For example, the International Software Testing Qualifications board writes: “A human being can make an error (mistake), which produces a defect (fault, bug) in the program code, or in a document. If a defect in code is executed, the system may fail to do what it should do (or do something it should not), causing a failure. Defects … may result in failures, but not all [do].”3 Most sources forsake even that much precision. Indeed, the influential paper “Finding bugs is easy” begins by saying “bug patterns are code idioms that are often errors”—with no particular elaboration.8 Other work relies on imperfect practical proxies for specifications. For example, in automatic program repair research, a bug corresponds to a failing test case: when the test passes, the bug is considered fixed.
However, when we interrogate fairly straightforward definitions, they start to break down. We then see that subjectivity and judgment surrounds what a bug is, and how and whether it should be fixed. For one, tests can fail for any number of reasons—flakiness, failed code style checks— that we do not ordinarily consider “bugs.” Further, there are almost always more bugs reported than can be reasonably handled given available resources, a fact baked into modern continuous-deployment pipelines and bug triage processes. Or, consider error budgets, which help balance business risk against development velocity, premised on an acceptance that software systems inevitably contain errors, because it is not cost effective to fix them all.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25649359/Razer_Freyja.jpg)
