Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debugging in OSS Always Faster

Posted by michael on from the bugging-also-always-faster dept.

dex@ruunat writes "Damien Challet and Yann Le Du of the University of Oxford studied a model of software bug dynamics, which resulted in a paper on cond-mat this morning. In this paper they study the difference in evolution of number of bugs in open and closed source projects. They conclude: 'When the program is written from scratch, the first phase of development is characterized by a fast decline of the number of bugs, followed by a slow phase where most bugs have been fixed, hence, are hard to find'. Another, perhaps surprising conclusion is that debugging in open source projects is always faster than in closed source projects."

25 of 297 comments (clear)

  1. Possible explanation? by Lane.exe · · Score: 4, Interesting
    Could this be because OS projects tend to be, on the average, smaller than closed-source?

    --
    IAALS.
    1. Re:Possible explanation? by Anonymous Coward · · Score: 4, Interesting

      not always.

      What we need is a QUALIT RATING or SECURITY or DESIGN ratings for OSS.

      There is too much crap that is accepted as is because it is FREE.

      I want QUALITY software, I want to see what footprints the software uses, what info is left where etc (security ratings), I want to see USABILITY (design ratings), good layouts, not like 100 sepereate windows where an MDI type frame with docking would be better (photoshop vs GIMP etc) and so on.

      OSS NEEDS this.

    2. Re:Possible explanation? by tomstdenis · · Score: 3, Interesting

      Linux. Nuff said.

      Besides, you'd be surprised how many commercial libs out there are based on OSS. Like all the zlib variants. Or all the MP3 decoders, etc...

      The difference is more of a "reputation" is at stake in OSS. You can't just half-ass write something that works most of the time when your name is all over it.

      Of the few software firms I've worked in most of the software developers are in the mindset "if the program runs and doesn't crash, its all good" which leads to horribly incomplete poorly factored source code that is a bitch to work on.

      Tom

      --
      Someday, I'll have a real sig.
    3. Re:Possible explanation? by Anonymous Coward · · Score: 1, Interesting

      It could be, but based on my own development I would think it's a matter of documentation versus code availability.

      There are some commercial libs out there (e.g. DirectShow, QuickTime) which have poor, incorrect, or no documentation for a variety of functions. If I had the source, I'd understand what these functions wanted and were capable of doing....instead I spend extra time with the cat 'n mouse testing of a single function (e.g. QuickTime's use of H.263 when setting up the data rate and getting it to work how you want). OSS usually (IMHO) lacks documentation but actually seeing the source will be helpful (not every time, but some times).

      [rant]
      I wish the QuickTime team would get a little less arrogant. They've put together some great stuff over the years, but the hide and seek crap they pull with their documentation and even live support is really pathetic. Come on: you're super-achievers but you can't document your work? You aren't *that* special..
      [/rant]

    4. Re:Possible explanation? by jafac · · Score: 4, Interesting

      I work in an environment where we do Peer Reviews, and I've worked, in the past, in an environment where "if it compiles, ship it" - and I'll say that even if the Peers occasionally miss problems in the Review - the coder who has to present it to the Peers has a TOTALLY different attitude.

      I see code that's very carefully analyzed first, thoroughly commented, thoughtfully indented, module, class, and variable names, though generally longer, they make sense. People go out of their way to be elegant.

      I think that Peer Review is probably MORE important to overall quality of the end product, than developer experience. That's just my opinion, but after living the chaos that was a non-peer reviewed environment for 10 years, the attitudes, etc. there's really a huge difference.

      It's even better if the Review team reserves the right, by convention, to give the presenter a wedgie if they don't like their code.

      --

      These are my friends, See how they glisten. See this one shine, how he smiles in the light.
    5. Re:Possible explanation? by Dalcius · · Score: 4, Interesting

      "Your "untold number of eyes" is nearly indistinguishable from "0" unless your open source project is widely used. Sure, this may hold for the Linux kernel, or Apache, or even Mozilla, but what about all of the open source projects on SourceForge?"

      While this argument does hold merit, I do think you would be surprised at the amount of looking over that utilities get. Ever hear of SDMS? Probably not. Not many folks have, I would reckon. I did some work with this project almost two years ago trying to implement PostgreSQL support so our company could use the utility internally. I found a few bugs and sent back patches as well as my changes to incorporate Postgres support. I can't speak as to the bug changes, but some time later Postgres support was added to the project.

      This is but one example, but I think it's fair to say that, although "millions and jillions of eyes are looking!!!11!" isn't correct, there are more eyes looking than you would imagine. There are only so many categories of software, and each have a good number of users.

      "Sounds to me like you're working with an inadequate number of testers, or at least an inadequate unit testing plan for developers."

      At the risk of sounding like an ass, have you or are you now working as a programmer? Testers are a valuable commodity, but are rarely used in the manner that they should be. The company that I work for is a good example, though we're attempting to move in that direction.
      Even with that said, this point is generally moot as one can argue that "more heads are better than none."

      --
      ~Dalcius
      Rome wasn't burnt in a day.
    6. Re:Possible explanation? by damiam · · Score: 3, Interesting
      That's true, but the Photoshop UI does have some advantages over Gimp - the menu and toolboxes are always visible, and not liable to get hidden behind picture windows. Sure, you can say "Just tell your WM to make the main GIMP window stay on top", but not all WMs (Windows, for example) can easily do that. Even then, it's annoying to maximise an image and have it overlap the toolbox.

      I like the way Photoshop for Mac is done. It's not MDI, because all windows are managed by the WM, but it gives it enough hints to ensure that things just work. For example, if I click on the GIMP's icon in my dock/taskbar/panel, I want to see the image I'm working on, not just the GIMP toolbox. Photoshop gets this right, and GIMP doesn't.

      --
      It's hard to be religious when certain people are never incinerated by bolts of lightning.
    7. Re:Possible explanation? by po8 · · Score: 2, Interesting

      Heh. I was reading the source code for XGammon for some random reason a few months ago, and the README said

      An Imakefile is provided now.
      Thanks to thomas@ghpc8.ihf.rwth-aachen.de and
      Bart Skinner (bart@skinner.cs.uoregon.edu)
      and later
      Portation: SunOS 4.1 4.2 bart@skinner.cs.uoregon.edu, was the first and many others.

      I sat there for a moment trying to figure out who this Bart Skinner person was: I had done CS at U. Oregon in that time frame, and couldn't remember the name. Finally it came to me: it was me.

      I had given the authors some help with the program back in the day and since totally forgotten about it. They had credited me (thanks!) but had confused the hostname of the machine I was on with my last name: as a result, I didn't recognize me for a moment.

      It was a pretty obscure piece of code in its heyday. In 2003 it's even more obscure. A few months ago I was looking at the source...

    8. Re:Possible explanation? by Dalcius · · Score: 2, Interesting

      To be fair, I'm young as well (I'm 20). Minus a year for college, I've been working as a programmer at my company since the summer of 2000 (with a lot of recreational programming before that).

      For the last year, I've been working as a "Software Analyst". I get bug reports that our setup folks can't solve and I solve them. This often requires a lot of code hunting. We've got everything from extremely junky Fortran 77 (no whitespace, no variable names over 6 characters -- and Fortran at that) for our legacy app, and some CGI programs written in spaghetti-code C (with a good mix of HTML templating and javascript thrown in)! Even better, this all runs on HP-UX. Needless to say, I get plenty of practice fielding bad code and weird issues. =)

      Our development team is comprised of 12 developers total, and only in the last 4 years has it grown past a four man team. The company is now around 50 heads total, and a QA department is in sight (the Software Analysts will eventually be QA).

      Anyway, our newer products are all based on open source tools. PostgreSQL, Apache, Linux, Perl, Mason, ORBit, etc. The source code, mailing lists, IRC, etc. and the open attitude have made things a breeze, not to mention these tools have saved us a very large sum of money in licensing costs.

      This is quite possibly the exception to the rule, I have no problem admitting that. Somehow, though, from what I hear of other companies, this isn't all too uncommon.

      Cheers

      --
      ~Dalcius
      Rome wasn't burnt in a day.
  2. Faster to debug? by Anonymous Coward · · Score: 2, Interesting

    Why does it matter if the source is open? The article should be talking about software developed by a team of individuales (including OSS) vs. software by one individual. If the source is open, there may be additional people looking at the sourcecode, but if there are many contributors the source may be a big mess of 50 different coding styles. (can't agree on a single way to splice a string, etc)

    --
    Getting too much pr0n?

    1. Re:Faster to debug? by tomstdenis · · Score: 2, Interesting

      While generally that is true you'd be surprised how many people trust you at face value. [cheap plug] one of my OSS projects is a crypto library. You'd be surprised how few people actually verify test vectors for themselves before deploying a project using my lib.

      While I [as I suppose many OSS developers] try to write good code, all too many end users [often other developers] will simply plomp a library in and use it.

      How many times can you honestly say you verified the source for vorbis/ogg or zlib or etc... for corectness?

      Tom

      --
      Someday, I'll have a real sig.
  3. Look at lifecycle by Anonymous Coward · · Score: 2, Interesting

    In the open source world, people are more willing to let a project die and be replaced than in close source.

    I know when I work on open source, if something is really ugly and needs to be replaced, I do. In a close source world thats often considered too risky and old unmaintainable code hangs around forever.

  4. Re:Who's surprised? by youaredan · · Score: 2, Interesting

    No No.. I wasnt even implying that was possible... Redmond hasn't even come to know and love publically selected mirrors... We are stuck with becoming psuedo world citizens in the sense that we are limited by the fact that everyone else in the world is using windows update... I hated that about windows... now, when I want to update anything - I emerge sync and emerge -u world in Gentoo Linux, and the world rejoices.

    --
    -Digital Extremist // digitale
  5. ESR says... by Realistic_Dragon · · Score: 4, Interesting

    If you read 'The Cathedral and the Bazzar' by ESR he gives some very good reasons for Open Source development being better at bug finding:

    1) With enough eyeballs, all bugs are shallow - someone will know the answer, or stimulate the person who does.

    2) Users provide better bug reports including line numbers, decent config information, possibly even patches.

    To which you can add number 3 and 4 of my own devising:

    3) The kind of people who write and use OSS care about security and stability (often to an extreme) and so think that bug fixes are essential not a nice-to-have.

    4) Closed source developes have to deal with management and merketing wienies - it's a wonder they even get buggy code out the door.

    --
    Beep beep.
  6. Programming Style by bobthemuse · · Score: 3, Interesting

    I wonder how much of this is due to programming style. What I mean is, can there be a difference in how easy it is to debug apache (maintained and written by many people) versus an OSS project which was mostly written my one person? I'd imagine that a large number of programmers results in more 'generic' code, rather than the specialized shortcuts that are unique to most programmers. That would make it much easier to debug, IMHO.

  7. If it's so fast by Anonymous Coward · · Score: 1, Interesting

    Then explain these open source FAILURES

    1) The kweather applet in kde
    2) The gtk file dialog
    3) the latency in the arts sound sever
    4) the lack of support for pci modems
    5) the color scheme of games.slashdot.org

  8. Re:suprising? by bladernr · · Score: 2, Interesting

    I could be suprising for a number of reasons:

    1. Closed-source projects are often have a more structured process for development, along the lines of CMM, ISO 9001, established methodologies, etc. Things like CMM and ISO 9001 are assumed to result in higher quality (I seriously dispute that, but its the widely held assumption).

    2. Many closed-source projects have customers with support contracts. Many open-source developers are not bound by such contracts and are not forced to fix bugs. It is assumed that suppliers with contracts to fix bugs will fix bugs (see Microsoft to see if that is a good assumption).

    3. The quality of closed-source programmers is assumed to be higher. That is because the stereotype of the open source person is someone in college, unemployed, or in some other way with too much time on their hands. The sterotype of the closed-source (ie, corporate) programmer is that they went through a rigorous review and selection process to qualify to work on the project (that is assumed by people who have never worked in corporate IT).

    --
    Sarcasm and hyperbole are the final refuges for weak minds
  9. Re:Mediocre Propoganda at Best, A Joke at Worse by ArmorFiend · · Score: 3, Interesting

    Two of the three open projects you cite also happen to be bigger than most projects, with more developers working in || at the same time than most projects. Does that help them? Read "the mythical man-month" for the answer. (Hint: no).

  10. Seems reasonable to me by riptalon · · Score: 4, Interesting

    During development the closed source software will only be used by the developers, and in general the developers are not like their end users and may have little interest in actually using the software they have been payed to write. For open source however the software is likely to be available to users from a very early stage and the developers are likely to be active users of the software as well. It would be very surprising if the bugs were not squashed faster.

    Once the software is released closed source has the problem that bugs will only be fixed if the producer sees profit in it. Major security bugs will be fixed "relatively" quickly, as they might impact future sales otherwise, but with closed source the producer may not fix known non-security critical bugs if they don't feel like it, and no one else can.

    There is also a problem with bug reporting in the closed source world. Who actually reports closed source non-security critical bugs? There isn't a lot of incentive since they may not be fixed anyway and if they are the fix will likely just go into then next version (that could be a year or two away) and you will have to pay for. Also the fraction of the users that do not have a licenced copy are unlikely to report bugs.

    Whatever the merits of this particular study's methodology the results are just plain common sense anyway.

  11. Drink the kool-aid... by HydeMan · · Score: 2, Interesting

    This is yet another example of someone trying to sell the OSS agenda. Statistics can easily lie, and I suspect that the person involved in the study was not a neutral party. A more important question is do people on /. EVER find fault in OSS? Surely it can't be a nirvana. Be honest, and get real.

  12. Except when written in Ada by ebunga · · Score: 2, Interesting

    Seriously, grab gnat, go to http://www.adahome.com/ and read a tutorial or two, and start writing reliable, readable, and reusable code in the amount of time it takes to read through the tutorial.

  13. Re:Debugging Software by Anonymous Coward · · Score: 2, Interesting

    This may come as a shock to you but closed source developers do have access to source code, as unbelievable as that may sound. That means that they can actually step through the code with a debugger just like their open source friends.

  14. Re:The "many eyes" myth by Ramses0 · · Score: 2, Interesting

    I've looked at a surprising number of program's source code. abcde, www-mechanize, ode physicis libraries, perl stuff, php stuff, python stuff, parts of the ogg utilities. Mostly because it doesn't have some feature that I want, or it does something that I'm interested in doing, and want to know how hard it is. It might not be much, but a cursory overview can tell you whether the author knew what they heck they were doing, and auditing even one code path (or even one function) can be helpful. Try it some time. If you're using debian: apt-get source abcde. I use it all the time as my "reference to how the hell bash programming works" :^)

    --Robert

  15. Re:To quote Gene Spafford... by deranged+unix+nut · · Score: 2, Interesting

    Sounds like the type of hell I put my developers through. I have been averaging roughly 2 bugs per day, while writing test automation, verifying fixes, generating reports, etc.

    The customer probably would have only reported a dozen of those bugs if they weren't fixed, and they might only notice a couple dozen now that they are fixed and different from the previous version, but the developers fixed several hundred of the bugs that I found.

    As for "Why in the world would I do THAT?", "because the code let me do it." Any good software tester should continually challenge the assumptions of the developers. The code needs to work correctly.

  16. Re:Not very impressed by Anonymous Coward · · Score: 1, Interesting

    Actually, you're not quite synical enough. Stat's are used/abused on a daily basis. It's not about the figures, it's about the questions used to represent the figures.

    E.g. DNA testing for criminal proceeds was once said to be as good as 1 in a million. So when the police get a suspect and the DNA matches, we have guilty verdict.

    Well no. It merely says that in a country like the US, there are statistically speaking around 240 possible matches. Doesn't sound quite the same does it?

    In this case, close family and ethnic origin will probably offer up the 239. (DNA testing has hopefully moved on to a more detailed testing, but there was a big cost factor with the improved accuracy.)

    So you see we have the same figures, but completely different ways to influence someone.

    In market research, this kind of usage is very common. When a client want their results to appear better than their competition's, you merely add addition critera to a question to filter the data until the figures show what you want them too. Once you've got the figures, you then rephrase the question to be somewhat less obviously manipulative. Then the final report gets written showing x is better than y.

    I see this very regularly because I wrote the software that facilitates it.