Slashdot Mirror

← Back to Stories (view on slashdot.org)

Debugging in OSS Always Faster

Posted by michael on from the bugging-also-always-faster dept.

dex@ruunat writes "Damien Challet and Yann Le Du of the University of Oxford studied a model of software bug dynamics, which resulted in a paper on cond-mat this morning. In this paper they study the difference in evolution of number of bugs in open and closed source projects. They conclude: 'When the program is written from scratch, the first phase of development is characterized by a fast decline of the number of bugs, followed by a slow phase where most bugs have been fixed, hence, are hard to find'. Another, perhaps surprising conclusion is that debugging in open source projects is always faster than in closed source projects."

27 of 297 comments (clear)

  1. Possible explanation? by Lane.exe · · Score: 4, Interesting
    Could this be because OS projects tend to be, on the average, smaller than closed-source?

    --
    IAALS.
    1. Re:Possible explanation? by Anonymous Coward · · Score: 4, Interesting

      not always.

      What we need is a QUALIT RATING or SECURITY or DESIGN ratings for OSS.

      There is too much crap that is accepted as is because it is FREE.

      I want QUALITY software, I want to see what footprints the software uses, what info is left where etc (security ratings), I want to see USABILITY (design ratings), good layouts, not like 100 sepereate windows where an MDI type frame with docking would be better (photoshop vs GIMP etc) and so on.

      OSS NEEDS this.

    2. Re:Possible explanation? by macrom · · Score: 4, Insightful

      I would think the opposite -- that there are more (talented?) eyes looking at OS projects than CS projects. Many times closed projects have several developers, but only one ever sees a particular module at any given time. At my current company, we have 30 or so developers, but the modules I write are owned by me and usually only seen by me. Peer review sessions can alleviate this, but those are generally short and cover major functionality. With OSS, you have an untold number of eyes viewing a project that can help catch problems in a more timely manner.

      The theory that your best work will be done when the most eyes are watching can also apply. I think we (developers) are all guilty of shoving some nasty code in a project at some time or another under the notion that no one else will ever see it. When the whole world can look at your work, sometimes those attitudes change.

    3. Re:Possible explanation? by athakur999 · · Score: 4, Insightful

      Something else I can think of is that your testers have access to the code and can give you more precise bug reports than if they were doing traditional black box testing. Better bug reports and information means less time investigating.

      --
      "People that quote themselves in their signatures bother me" - athakur999
    4. Re:Possible explanation? by jared_hanson · · Score: 4, Insightful

      There are a number of different possiblities here, given the different dynamics of each group.

      1. In general, there are more users of closed source software, so bugs may be discovered at a faster rate. With limited development resources, the greater number of bugs take longer to fix.

      2. Users of open source software tend to be more programmer-minded. They find bugs and fix them themselves, since they have access to the source code. Everyone fixing their own bugs leads to faster debugging times.

      3. In larger companies, development and test typically are two distinct groups. There is an inherent lag in this that leads to slower response time in removing bugs. Open source software is developed and tested by the same core, ususally small group. Since the same people develop and test, they are more likely to find the bugs in their own code and fix them quicker.

      Just some observations, and I am sure there are other reasons. I'm sure the results of the study are a combination of many factors.

      --
      -- Fighting mediocrity one bad post at a time.
    5. Re:Possible explanation? by Osty · · Score: 5, Insightful

      With OSS, you have an untold number of eyes viewing a project that can help catch problems in a more timely manner.

      Your "untold number of eyes" is nearly indistinguishable from "0" unless your open source project is widely used. Sure, this may hold for the Linux kernel, or Apache, or even Mozilla, but what about all of the open source projects on SourceForge?


      At my current company, we have 30 or so developers, but the modules I write are owned by me and usually only seen by me. Peer review sessions can alleviate this, but those are generally short and cover major functionality.

      Sounds to me like you're working with an inadequate number of testers, or at least an inadequate unit testing plan for developers. Testers are invaluable because that's all they do -- test code. This frees up the developer to be able to actually write code while not having to sacrifice quality for lack of testing. Sure, it's more expensive to hire both testers and developers, but I'd bet that of your 30 or so developers, you could fire 10 of them and hire 15 testers for the same cost, and still have enough man power for development while increasing your code quality from rigorous testing. (Note: This isn't saying that developers can or should write bad code so long as they have testers. Developers should still aspire to writing quality code, so that the testers can focus on the really heinous parts, and not on trivial bugs or logic errors. But at least with testers and good unit tests, you're less likely to let slip a silly bug.)


      The theory that your best work will be done when the most eyes are watching can also apply. I think we (developers) are all guilty of shoving some nasty code in a project at some time or another under the notion that no one else will ever see it. When the whole world can look at your work, sometimes those attitudes change.

      That may be true in theory, but it doesn't pan out in practice. In practice, most open source projects will only be seen (code-wise) by the author(s). If you're lucky, you might have two or three active users that will submit bugs or patches, but often that's not the case.

    6. Re:Possible explanation? by jafac · · Score: 4, Interesting

      I work in an environment where we do Peer Reviews, and I've worked, in the past, in an environment where "if it compiles, ship it" - and I'll say that even if the Peers occasionally miss problems in the Review - the coder who has to present it to the Peers has a TOTALLY different attitude.

      I see code that's very carefully analyzed first, thoroughly commented, thoughtfully indented, module, class, and variable names, though generally longer, they make sense. People go out of their way to be elegant.

      I think that Peer Review is probably MORE important to overall quality of the end product, than developer experience. That's just my opinion, but after living the chaos that was a non-peer reviewed environment for 10 years, the attitudes, etc. there's really a huge difference.

      It's even better if the Review team reserves the right, by convention, to give the presenter a wedgie if they don't like their code.

      --

      These are my friends, See how they glisten. See this one shine, how he smiles in the light.
    7. Re:Possible explanation? by Dalcius · · Score: 4, Interesting

      "Your "untold number of eyes" is nearly indistinguishable from "0" unless your open source project is widely used. Sure, this may hold for the Linux kernel, or Apache, or even Mozilla, but what about all of the open source projects on SourceForge?"

      While this argument does hold merit, I do think you would be surprised at the amount of looking over that utilities get. Ever hear of SDMS? Probably not. Not many folks have, I would reckon. I did some work with this project almost two years ago trying to implement PostgreSQL support so our company could use the utility internally. I found a few bugs and sent back patches as well as my changes to incorporate Postgres support. I can't speak as to the bug changes, but some time later Postgres support was added to the project.

      This is but one example, but I think it's fair to say that, although "millions and jillions of eyes are looking!!!11!" isn't correct, there are more eyes looking than you would imagine. There are only so many categories of software, and each have a good number of users.

      "Sounds to me like you're working with an inadequate number of testers, or at least an inadequate unit testing plan for developers."

      At the risk of sounding like an ass, have you or are you now working as a programmer? Testers are a valuable commodity, but are rarely used in the manner that they should be. The company that I work for is a good example, though we're attempting to move in that direction.
      Even with that said, this point is generally moot as one can argue that "more heads are better than none."

      --
      ~Dalcius
      Rome wasn't burnt in a day.
    8. Re:Possible explanation? by ColaMan · · Score: 4, Funny

      You can't just half-ass write something that works most of the time when your name is all over it

      Well, looking at most OSS projects, you can do that as long as :

      1) No-one else has done it yet.
      2) You mention in the source that this is a "half-ass hack that I threw together to make something work"

      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
  2. In other news ... by The+Clockwork+Troll · · Score: 5, Funny

    Studies reveal that debugging is easier when you do not strip symbols from binaries!

    --

    There are no karma whores, only moderation johns
  3. Not very impressed by zapp · · Score: 5, Insightful

    As with all statistics, you can make them say whatever you want...

    Maybe most OSS projects are easier to debug because of lack of features, or smaller scope, etc.

    What percentage of OSS projects, on say sourceforge.net, have a version number 1.0? (and are "widely" used). The first one that comes to my mind is MythTV and/or FreeVo. I can't speak of freevo, but mythtv (while being impressive) is still very bug ridden and has been out for over a year.

    Another factor is the user group, of course. With OSS I imagine the kernel gets more bugs submitted by users than mythtv, just because the users aren't so much code hackers... they just want to use it.

    The one rule in the software engineering is that there are no rules.

    --
    no comment
    1. Re:Not very impressed by Mostly+a+lurker · · Score: 4, Insightful
      As with all statistics, you can make them say whatever you want...

      This is false. An urban myth. Something that people like to say to make themselves sound more knowledgeable than they really are. The reality is that statistics is a mathematical field and it is as rigorous as any other mathematical field.

      Thank you for correcting my misunderstanding on this. I have always naively assumed that the raw data selected for analysis was somewhat important. In the future, I shall never doubt the result of those benchmarks I see reported as long as the numbers are correctly calculated using appropriate statistical formulae.

  4. Faster debugging in Open Source by Cato+the+Elder · · Score: 5, Insightful

    The paper's conculsion seemed to be that debugging open source projects is faster because you don't have a version problem where customers report bugs in code that has already been modified for the next version.

    I don't buy it. Many open source projects (ACE/TAO, Mozilla) for instance have large customer bases using non-current versions, and presumably finding bugs. Sure, if you only want to fix the bug in the released version, its faster, but it's not like closed source vendors don't have the source code to their previous release to debug with.

    Sure debugging is faster if you always make everyone upgrade to the latest version before filing a bug report. Good luck getting mass acceptance with that.

  5. Re:Who's surprised? by SweetAndSourJesus · · Score: 5, Funny

    What do you want, Windows nightlies?

    The very concept fills me with dread.

    --

    --
    the strongest word is still the word "free"
  6. Mediocre Propoganda at Best, A Joke at Worse by Gabe+Garza · · Score: 5, Insightful
    I know this is Slashdot and the party line is "OSS Rules!," but this seems pushing it even for this audience.

    This was a paper written for a class on statistics. It was not a rigorous study. Their findings are based on a lot of assumptions. They have a very small sample set--they only test their model on Linux, fetchmail, and Mozilla. Many people, including myself, consider these the cream of the crop so far as OSS goes.

    Before you praise it, I urge you to actually read the paper. Don't be intimidated by it--FUD is FUD, even if it's mixed with a heavy does of greek letters and charts.

  7. Of course debugging is easier... by sterno · · Score: 5, Insightful

    I do a lot of coding working mostly with open source products, and sometimes closed source. When I get some bug come up in an open source product, I actually go digging into their code sometimes to figure out what went wrong. If it's closed source I can dig down through my code, but once I hit their code, it's a brick wall.

    Frankly this is why I try to stick to open source software when I do development work. Hell of a lot easier to figure out how something works when you've got code and direct access to the developers via a mailing list.

    --
    This sig has been temporarily disconnected or is no longer in service
  8. Easy explanation by meta-monkey · · Score: 5, Funny

    Well, I think the explanation for this is pretty obvious.

    If you've got open sores, you're going to want to get bugs off of them as quickly as possible. You're also going to notice sooner because it's still bleeding. If you've got closed sores, you might not notice flies buzzing around them near so quickly.

    --
    We don't have a state-run media we have a media-run state.
  9. Microsoft Refutes Oxford Researchers' Conclusions by xelph · · Score: 4, Funny

    A spokesperson at Microsoft refuted the conclusions of two french researchers from Oxford University this afternoon, saying that the business model behind Open Source was flawed anyway, since fewer bugs meant less urgency in updating to newer versions of software where old annoying bugs had been eliminated (only to be replaced with fresh one in anticipation of the subsequent forced release). The spokesperson also mentioned the enormous success of Microsoft's recent Closed Source initiative, under Bill Gates's supervision, to make computing more stable and secure, and finished by indicating that the UK government, who is being turned by Microsoft into a strong Open Source opponent (see recent Slashdot story), belonged to them anyway, and that the "frogs" would be deported to France shortly.

  10. ESR says... by Realistic_Dragon · · Score: 4, Interesting

    If you read 'The Cathedral and the Bazzar' by ESR he gives some very good reasons for Open Source development being better at bug finding:

    1) With enough eyeballs, all bugs are shallow - someone will know the answer, or stimulate the person who does.

    2) Users provide better bug reports including line numbers, decent config information, possibly even patches.

    To which you can add number 3 and 4 of my own devising:

    3) The kind of people who write and use OSS care about security and stability (often to an extreme) and so think that bug fixes are essential not a nice-to-have.

    4) Closed source developes have to deal with management and merketing wienies - it's a wonder they even get buggy code out the door.

    --
    Beep beep.
  11. Bogus assumptions by ckessel · · Score: 5, Insightful
    The paper makes some critical assumptions, one of which is:

    all the users use the modified code at time t + 1 and report bugs exclusively on the updated code.This assumes that all the users update their software at every release.

    This is completely bogus. Not every user is going to update immediately. In fact, the larger the company is the less likely this is due to their desire to qualify new software. This means as Open Source gets more popular with big companies, the more bogus this assumption is.

    The paper also mentions nothing about QA efforts or beta sites on closed source, which are typically on the "immediately updated" products.

    I'm not going to argue whether oss is better/worse than closed, but I heavily doubt this paper proves anything other than if you make lots of assumptions you can prove whatever you want.

  12. but I thought... by H0NGK0NGPH00EY · · Score: 4, Funny

    The one rule in the software engineering is that there are no rules.

    I thought the first rule in software engineering was "you don't talk about software engineering."

    --
    Do not read this sig.
  13. Always ? by FauxPasIII · · Score: 4, Insightful

    All generalizations are false.

    --
    25% Funny, 25% Insightful, 25% Informative, 25% Troll
  14. Seems reasonable to me by riptalon · · Score: 4, Interesting

    During development the closed source software will only be used by the developers, and in general the developers are not like their end users and may have little interest in actually using the software they have been payed to write. For open source however the software is likely to be available to users from a very early stage and the developers are likely to be active users of the software as well. It would be very surprising if the bugs were not squashed faster.

    Once the software is released closed source has the problem that bugs will only be fixed if the producer sees profit in it. Major security bugs will be fixed "relatively" quickly, as they might impact future sales otherwise, but with closed source the producer may not fix known non-security critical bugs if they don't feel like it, and no one else can.

    There is also a problem with bug reporting in the closed source world. Who actually reports closed source non-security critical bugs? There isn't a lot of incentive since they may not be fixed anyway and if they are the fix will likely just go into then next version (that could be a year or two away) and you will have to pay for. Also the fraction of the users that do not have a licenced copy are unlikely to report bugs.

    Whatever the merits of this particular study's methodology the results are just plain common sense anyway.

  15. its the documentation! by appleLaserWriter · · Score: 4, Insightful

    Successful OSS projects must be well documented in order to survive. Naming variables in an intuitive manner and providing insightful comments isn't about improving your annual review scores, it is about ensureing that others can and will read your code.

    Companies like Microsoft need to introduce policies to create the same effect. Code reviews and extreme programming are good examples. They often degenerate into either a rubber stamp or a grudge match between different interpretations of Hungarian Notation.

  16. The "many eyes" myth by Anonymous+Brave+Guy · · Score: 4, Insightful
    A more likely explanation is the 'many eyes' that can review the code.

    Many eyes can. How many actually do? Unless you're talking about the really big projects, probably very few indeed -- one, I suspect, in many cases.

    It's not fair to cite mainstream developments like Linux or Mozilla as the way all open source is any more than it's fair to cite Microsoft's history on things like security and reliability as the way all closed source is.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  17. To quote Gene Spafford... by DesScorp · · Score: 4, Insightful

    " Not always. A more likely explanation is the 'many eyes' that can review the code."

    I went to a speech by Gene Spafford here a few years ago, when the subject of Linux code quality versus other systems (especially MS) came up. Someone mentioned Eric Raymond's "Thousand Eyeballs" theory, that more people looking at the code ensured better quality.

    Spaff responded "that does no good if those thousand eyeballs are looking at things like networking your toaster instead of quality and security".

    I don't think this point is emphasized enough. It's not enough that lots of people are looking at the code. You need lot's of people with training, expierience, and an eye for problems to look at the code. He pointed out that one of the biggest problems in development is that while people can learn C from a book, and even get good at it, they don't learn proper software engineering techniques, philosophies, and debugging skills that way.

    In short, simply being open source and having lots of developers isn't a solution in itself.

    --
    Life is hard, and the world is cruel
  18. I have a c++ (unmanaged) project to get done. by Sludge · · Score: 4, Informative
    I develop with Cygwin and Emacs, but I compile and debug with Visual Studio 7.0. I believe that the Visual Studio debugger is unparalleled (lacking just Emacs integration! :) ), and there is nothing that can beat precompiled headers, a fast compiler (in the first place) and the visual debugging integration of Visual Studio.

    I then boot to Linux and port my code. I've been writing portable code for half a decade, so I know what I'm doing, more or less. But, I can get more work done with Visual Studio, faster.

    In case it makes a difference to your perception, I write end user apps, sometimes with heavy graphics requirements and GUI frontends.

    Due to the nature of my work, I can't rely on masses to test everything before I ship.