The many levels of software anaomlies

This paper has been brewing in my head for a long time. It started when I heard someone say “All software has bugs.” I was logically forced to say that the statement was true, but it didn’t feel completely true to me. This statement needed some clarification and adjustment to make the truth ring in a harmonious fashion.

My first step was to think that not all bugs are the same. They occur at different times. After you write a line of code the bug could appear the 1st time you run it, or the 10th or the 1,000,000th. This leads me to create a scale similar to Big O notation for algorithms. I call this “Big B” notation. Big B notation is the Log10(N). Where N is the number of times the line of code is run to make the bug occur.

For Example:

// Divide by zero
result =  input / 0;

This will throw a divide by zero error the first time it is executed. It has a Big B of zero – written as B(0).

// Integer overflow 
int i = 1;
while (true) {
   i = i + 1;

In Java this will overflow the value of i when it is incremented the 2,147,483,647th time. Which is a B(9.3)

Big B is a handy notation. If you run a program and it has errors in B(0) to B(2) range this is a beta program. A released program should not contain B(7) or lower bugs and should not have known B(9.3) bugs like integer overflow. So now we can say “All programs have software bugs, but they should be less the B(7) bugs.

Big B is pretty good but it only covers one category of bugs. The bugs that occur on repeated execution. A lot of bugs don’t fall into this category. Bugs such as resource exhaustion, malicious user input and the long list of other categories. Don’t use Big B on these categories, it does work very well.

There needs to be some other classification of bugs. I thought maybe something like IP Code would be a good framework to work from. But this line of thought has not offered many rewards. Your comments and suggestions are very welcome.

There is one other level of anomalies. This is a category of bugs that has been running for decades. It has full unit testing and the code has been reviewed several times. No reasonable level of testing would discover this level of bug. This level of bug should be called a “Knuth”. The Knuth is named after Donald Knuth who writes checks to anyone who finds a bug in his books. See: Knuth reward check

There may be bugs in all software. Hopefully, they are only “Knuth Level” bugs. If your boss or users find one of these you should be proud knowing you did your best, no shame shall fall upon your family. Now you should fix the bug, and then write them a check for $2.56 or perhaps offer to buy them a beer.