Программные ошибки примеры

From Wikipedia, the free encyclopedia

Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being.^[1] The following is a list of software bugs with significant consequences.

Space[edit]

• A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962).^[2] The initial reporting of the cause of this bug was incorrect.^[3]
• NASA’s 1965 Gemini 5 mission landed 80 miles (130 km) short of its intended splashdown point when the pilot compensated manually for an incorrect constant for the Earth’s rotation rate. A 360-degree rotation corresponding to the Earth’s rotation relative to the fixed stars was used instead of the 360.98-degree rotation in a 24-hour solar day. The shorter length of the first three missions and a computer failure on Gemini 4 prevented the bug from being detected earlier.^[4]
• The Russian Space Research Institute’s Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).^[5]
• The European Space Agency’s Ariane flight V88 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.^[6][7]
• In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the rover landed, which was found in preflight testing but given a low priority as it only occurred in certain unanticipated heavy-load conditions.^[8] The problem, which was identified and corrected from Earth, was due to computer resets caused by priority inversion.^[9]
• In 2000, a Zenit 3SL launch failed due to faulty ground software not closing a valve in the rocket’s second stage pneumatic system.^[10]
• The European Space Agency’s CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.^[11]
• NASA Mars Polar Lander was destroyed because its flight software mistook vibrations caused by the deployment of the stowed legs for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).^[12]
• Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands based on parameters in pound-force (lbf) rather than newtons (N).
• A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).^[13][14]
• NASA’s Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover’s flash memory. It was restored to working condition after deleting unnecessary files.^[15]
• Japan’s Hitomi astronomical satellite was destroyed on March 26, 2016, when a thruster fired in the wrong direction, causing the spacecraft to spin faster instead of stabilize.^[16]
• Israel’s first attempt to land an unmanned spacecraft on the moon with the Beresheet was rendered unsuccessful on April 11, 2019, due to a software bug with its engine system, which prevented it from slowing down during its final descent on the moon’s surface. Engineers attempted to correct this bug by remotely rebooting the engine, but by the time they regained control of it, Beresheet could not slow down in time to avert a hard, crash landing that disintegrated it.^[17]

Medical[edit]

• A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of beta radiation.^[18][19][20]
• Radiation therapy planning software RTP/2 created by Multidata Systems International could incorrectly double the dosage of radiation depending on how the technician entered data into the machine. At least eight patients died, while another 20 received overdoses likely to cause significant health problems (November 2000).^[21] See also Instituto Oncológico Nacional#Accident
• A Medtronic heart device was found vulnerable to remote attacks (2008-03).^[22]
• The Becton Dickinson Alaris Gateway Workstation allows unauthorized arbitrary remote execution (2019).^[23][24]
• The CareFusion Alaris pump module (8100) will not properly delay an Infusion when the «Delay Until» option or «Multidose» feature is used (2015).^[25]

Tracking years[edit]

• The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.^[26]
• A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 2³¹ − 1 (2,147,483,647) seconds.^[27]
• An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers’ cards as expired.^[28]

Electric power transmission[edit]

• The Northeast blackout of 2003 was triggered by a local outage that went undetected due to a race condition in General Electric Energy’s XA/21 monitoring software.^[29]

Administration[edit]

• The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.^{[citation needed]}

Telecommunications[edit]

• AT&T long-distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long-distance network.^[30][31]
• In January 2009, Google’s search engine erroneously notified users that every web site worldwide was potentially malicious, including its own.^[32]
• In May 2015, iPhone users discovered a bug where sending a certain sequence of characters and Unicode symbols as a text to another iPhone user would crash the receiving iPhone’s SpringBoard interface,^[33] and may also crash the entire phone, induce a factory reset, or disrupt the device’s connectivity to a significant degree,^[34] preventing it from functioning normally. The bug persisted for weeks, gained substantial notoriety and saw a number of individuals using the bug to play pranks on other iOS users,^{[citation needed]} before Apple eventually patched it on June 30, 2015, with iOS 8.4.

Military[edit]

• The software error of a MIM-104 Patriot caused its system clock to drift by one third of a second over a period of one hundred hours – resulting in failure to locate and intercept an incoming Iraqi Al Hussein missile, which then struck Dharan barracks, Saudi Arabia (February 25, 1991), killing 28 Americans.^[35][36]
• A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre in June 1994, killing 29. Initially, the crash was dismissed as pilot error, but an investigation by Computer Weekly uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft’s engine control computer.^[37]
• Smart ship USS Yorktown was left dead in the water in September 1997 for nearly 3 hours after a divide by zero error.^[38]
• In April 1992 the first Lockheed YF-22 crashed while landing at Edwards Air Force Base, California. The cause of the crash was found to be a flight control software error that failed to prevent a pilot-induced oscillation.^[39]
• While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on 11 February 2007, a group of six F-22 Raptors flying from Hickam AFB, Hawaii, experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The fighters were able to return to Hawaii by following their tankers, something that might have been problematic had the weather not been good. The error was fixed within 48 hours, allowing a delayed deployment.^[40]

Media[edit]

• In the Sony BMG copy protection rootkit scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD.^[41] Sony’s subsequent efforts to provide a utility to fix the problem actually exacerbated it.^[42]

Video gaming[edit]

• Eve Online‘s deployment of the Trinity patch erased the boot.ini file from several thousand users’ computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.^[43]
• The Corrupted Blood incident was a software bug in World of Warcraft that caused a deadly, debuff-inducing virtual disease that could only be contracted during a particular raid to be set free into the rest of the game world, leading to numerous, repeated deaths of many player characters. This caused players to avoid crowded places in-game, just like in a «real world» epidemic, and the bug became the center of some academic research on the spread of infectious diseases.^[44]
• On June 6, 2006, the online game RuneScape suffered from a bug that enabled certain player characters to kill and loot other characters, who were unable to fight back against the affected characters because the game still thought they were in player-versus-player mode even after they were kicked out of a combat ring from the house of a player who was suffering from lag while celebrating an in-game accomplishment. Players who were killed by the glitched characters lost many items, and the bug was so devastating that the players who were abusing it were soon tracked down, caught and banned permanently from the game, but not before they had laid waste to the region of Falador, thus christening the bug «Falador Massacre».^[45]
• In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.^[46]
• Upon initial release, the ZX Spectrum game Jet Set Willy was impossible to complete because of a severe bug that corrupted the game data, causing enemies and the player character to be killed in certain rooms of the large mansion where the entire game takes place.^[47] The bug, known as «The Attic Bug», would occur when the player entered the mansion’s attic, which would then cause an arrow to travel offscreen, overwriting the contents of memory and altering crucial variables and behavior in an undesirable way. The game’s developers initially excused this bug by claiming that the affected rooms were death traps, but ultimately owned up to it and issued instructions to players on how to fix the game itself.^[48]
• One of the free demo discs issued to PlayStation Underground subscribers in the United States contained a serious bug, particularly in the demo for Viewtiful Joe 2, that would not only crash the PlayStation 2, but would also unformat any memory cards that were plugged into that console, erasing any and all saved data onto them.^[49] The bug was so severe that Sony had to apologize for it and send out free copies of other PS2 games to affected players as consolation.^[50]
• Due to a severe programming error, much of the Nintendo DS game Bubble Bobble Revolution is unplayable because a mandatory boss fight failed to trigger in the 30th level.^[51]
• An update for the Xbox 360 version of Guitar Hero II, which was intended to fix some issues with the whammy bar on that game’s guitar controllers, came with a bug that caused some consoles to freeze, or even stop working altogether, producing the infamous «red ring of death».^[52]
• Valve’s Steam client for Linux could accidentally delete all the user’s files in every directory on the computer. This happened to users that had moved Steam’s installation directory.^[53] The bug is the result of unsafe shellscript programming:

STEAMROOT="$(cd "${0%/*}" && echo $PWD)"

# Scary!
rm -rf "$STEAMROOT/"*

The first line tries to find the script’s containing directory. This could fail, for example if the directory was moved while the script was running, invalidating the «selfpath» variable $0. It would also fail if $0 contained no slash character, or contained a broken symlink, perhaps mistyped by the user. The way it would fail, as ensured by the && conditional, and not having set -e cause termination on failure, was to produce the empty string. This failure mode was not checked, only commented as «Scary!». Finally, in the deletion command, the slash character takes on a very different meaning from its role of path concatenation operator when the string before it is empty, as it then names the root directory.

• Minus World is an infamous glitch level from the 1985 game Super Mario Bros., accessed by using a bug to clip through walls in level 1–2 to reach its «warp zone», which leads to the said level.^[54] As this level is endless, triggering the bug that takes the player there will make the game impossible to continue until the player resets the game or runs out of lives.
• «MissingNo.» is a glitch Pokémon species present in Pokémon Red and Blue, which can be encountered by performing a particular sequence of seemingly unrelated actions. Capturing this Pokémon may corrupt the game’s data, according to Nintendo^[55][56][57] and some of the players who successfully attempted this glitch. This is one of the most famous bugs in video game history, and continues to be well-known.^[58]

Encryption[edit]

• In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the «random» numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.^[59]
• Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency’s public access to the online filing portion of its website^[60] following the theft of social insurance numbers.^[61]
• The Apple «goto fail» bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.
• The GnuTLS «goto fail» bug was similar to the Apple bug and found about two weeks later. The GnuTLS bug also allowed attackers to bypass SSL/TLS security. ^[62]

Transportation[edit]

• By some accounts Toyota’s electronic throttle control system (ETCS) had bugs that could cause sudden unintended acceleration.^[63]
• The Boeing 787 Dreamliner experienced an integer overflow bug which could shut down all electrical generators if the aircraft was on for more than 248 days.^[64] A similar problem was found in Airbus A350 which need to be powered down before reaching 149 hours of continuous power-on time, otherwise certain avionics systems or functions would partially or completely fail.^[65]
• In early 2019, the transportation-rental firm Lime discovered a firmware bug with its electric scooters that can cause them to brake very hard unexpectedly, which may hurl and injure riders.^[66]
• Boeing 737 NG had all cockpit displays go blank if a specific type of instrument approach to any one of seven specific airports was selected in the flight management computer.^[67]
• Bombardier CRJ-200 equipped with flight management systems by Collins Aerospace would make wrong turns during missed approach procedures executed by the autopilot in some specific cases when temperature compensation was activated in cold weather.^[68]

Finance[edit]

• The Vancouver Stock Exchange index had large errors due to repeated rounding. In January 1982 the index was initialized at 1000 and subsequently updated and truncated to three decimal places on each trade. This was done about 3000 times a day. The accumulated truncations led to an erroneous loss of around 25 points per month. Over the weekend of November 25–28, 1983, the error was corrected, raising the value of the index from its Friday closing figure of 524.811 to 1098.892.^[69][70]
• Knight Capital Group lost $440 million in 45 minutes due to the improper deployment of software on servers and the re-use of a critical software flag that caused old unused software code to execute during trading.^[71]

• Post Office Limited Between 2000 and 2015, 736 subpostmasters were prosecuted by the UK Post Office, with many falsely convicted and sent to prison. This was a result of failure to recognize defects in the Horizon financial software, the subpostmasters were blamed for financial shortfalls which were actually software defects.^[72]

Blockchain[edit]

• Ethereum The DAO (organization) bug — 3.6M ETH^[73]

See also[edit]

• London Ambulance Service § Innovation

References[edit]

External links[edit]

• Forum on Risks to the Public in Computers and Related Systems

From Wikipedia, the free encyclopedia

Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being.^[1] The following is a list of software bugs with significant consequences.

Space[edit]

• A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962).^[2] The initial reporting of the cause of this bug was incorrect.^[3]
• NASA’s 1965 Gemini 5 mission landed 80 miles (130 km) short of its intended splashdown point when the pilot compensated manually for an incorrect constant for the Earth’s rotation rate. A 360-degree rotation corresponding to the Earth’s rotation relative to the fixed stars was used instead of the 360.98-degree rotation in a 24-hour solar day. The shorter length of the first three missions and a computer failure on Gemini 4 prevented the bug from being detected earlier.^[4]
• The Russian Space Research Institute’s Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).^[5]
• The European Space Agency’s Ariane flight V88 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.^[6][7]
• In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the rover landed, which was found in preflight testing but given a low priority as it only occurred in certain unanticipated heavy-load conditions.^[8] The problem, which was identified and corrected from Earth, was due to computer resets caused by priority inversion.^[9]
• In 2000, a Zenit 3SL launch failed due to faulty ground software not closing a valve in the rocket’s second stage pneumatic system.^[10]
• The European Space Agency’s CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.^[11]
• NASA Mars Polar Lander was destroyed because its flight software mistook vibrations caused by the deployment of the stowed legs for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).^[12]
• Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands based on parameters in pound-force (lbf) rather than newtons (N).
• A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).^[13][14]
• NASA’s Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover’s flash memory. It was restored to working condition after deleting unnecessary files.^[15]
• Japan’s Hitomi astronomical satellite was destroyed on March 26, 2016, when a thruster fired in the wrong direction, causing the spacecraft to spin faster instead of stabilize.^[16]
• Israel’s first attempt to land an unmanned spacecraft on the moon with the Beresheet was rendered unsuccessful on April 11, 2019, due to a software bug with its engine system, which prevented it from slowing down during its final descent on the moon’s surface. Engineers attempted to correct this bug by remotely rebooting the engine, but by the time they regained control of it, Beresheet could not slow down in time to avert a hard, crash landing that disintegrated it.^[17]

Medical[edit]

• A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of beta radiation.^[18][19][20]
• Radiation therapy planning software RTP/2 created by Multidata Systems International could incorrectly double the dosage of radiation depending on how the technician entered data into the machine. At least eight patients died, while another 20 received overdoses likely to cause significant health problems (November 2000).^[21] See also Instituto Oncológico Nacional#Accident
• A Medtronic heart device was found vulnerable to remote attacks (2008-03).^[22]
• The Becton Dickinson Alaris Gateway Workstation allows unauthorized arbitrary remote execution (2019).^[23][24]
• The CareFusion Alaris pump module (8100) will not properly delay an Infusion when the «Delay Until» option or «Multidose» feature is used (2015).^[25]

Tracking years[edit]

• The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.^[26]
• A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 2³¹ − 1 (2,147,483,647) seconds.^[27]
• An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers’ cards as expired.^[28]

Electric power transmission[edit]

• The Northeast blackout of 2003 was triggered by a local outage that went undetected due to a race condition in General Electric Energy’s XA/21 monitoring software.^[29]

Administration[edit]

• The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.^{[citation needed]}

Telecommunications[edit]

• AT&T long-distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long-distance network.^[30][31]
• In January 2009, Google’s search engine erroneously notified users that every web site worldwide was potentially malicious, including its own.^[32]
• In May 2015, iPhone users discovered a bug where sending a certain sequence of characters and Unicode symbols as a text to another iPhone user would crash the receiving iPhone’s SpringBoard interface,^[33] and may also crash the entire phone, induce a factory reset, or disrupt the device’s connectivity to a significant degree,^[34] preventing it from functioning normally. The bug persisted for weeks, gained substantial notoriety and saw a number of individuals using the bug to play pranks on other iOS users,^{[citation needed]} before Apple eventually patched it on June 30, 2015, with iOS 8.4.

Military[edit]

• The software error of a MIM-104 Patriot caused its system clock to drift by one third of a second over a period of one hundred hours – resulting in failure to locate and intercept an incoming Iraqi Al Hussein missile, which then struck Dharan barracks, Saudi Arabia (February 25, 1991), killing 28 Americans.^[35][36]
• A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre in June 1994, killing 29. Initially, the crash was dismissed as pilot error, but an investigation by Computer Weekly uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft’s engine control computer.^[37]
• Smart ship USS Yorktown was left dead in the water in September 1997 for nearly 3 hours after a divide by zero error.^[38]
• In April 1992 the first Lockheed YF-22 crashed while landing at Edwards Air Force Base, California. The cause of the crash was found to be a flight control software error that failed to prevent a pilot-induced oscillation.^[39]
• While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on 11 February 2007, a group of six F-22 Raptors flying from Hickam AFB, Hawaii, experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The fighters were able to return to Hawaii by following their tankers, something that might have been problematic had the weather not been good. The error was fixed within 48 hours, allowing a delayed deployment.^[40]

Media[edit]

• In the Sony BMG copy protection rootkit scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD.^[41] Sony’s subsequent efforts to provide a utility to fix the problem actually exacerbated it.^[42]

Video gaming[edit]

• Eve Online‘s deployment of the Trinity patch erased the boot.ini file from several thousand users’ computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.^[43]
• The Corrupted Blood incident was a software bug in World of Warcraft that caused a deadly, debuff-inducing virtual disease that could only be contracted during a particular raid to be set free into the rest of the game world, leading to numerous, repeated deaths of many player characters. This caused players to avoid crowded places in-game, just like in a «real world» epidemic, and the bug became the center of some academic research on the spread of infectious diseases.^[44]
• On June 6, 2006, the online game RuneScape suffered from a bug that enabled certain player characters to kill and loot other characters, who were unable to fight back against the affected characters because the game still thought they were in player-versus-player mode even after they were kicked out of a combat ring from the house of a player who was suffering from lag while celebrating an in-game accomplishment. Players who were killed by the glitched characters lost many items, and the bug was so devastating that the players who were abusing it were soon tracked down, caught and banned permanently from the game, but not before they had laid waste to the region of Falador, thus christening the bug «Falador Massacre».^[45]
• In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.^[46]
• Upon initial release, the ZX Spectrum game Jet Set Willy was impossible to complete because of a severe bug that corrupted the game data, causing enemies and the player character to be killed in certain rooms of the large mansion where the entire game takes place.^[47] The bug, known as «The Attic Bug», would occur when the player entered the mansion’s attic, which would then cause an arrow to travel offscreen, overwriting the contents of memory and altering crucial variables and behavior in an undesirable way. The game’s developers initially excused this bug by claiming that the affected rooms were death traps, but ultimately owned up to it and issued instructions to players on how to fix the game itself.^[48]
• One of the free demo discs issued to PlayStation Underground subscribers in the United States contained a serious bug, particularly in the demo for Viewtiful Joe 2, that would not only crash the PlayStation 2, but would also unformat any memory cards that were plugged into that console, erasing any and all saved data onto them.^[49] The bug was so severe that Sony had to apologize for it and send out free copies of other PS2 games to affected players as consolation.^[50]
• Due to a severe programming error, much of the Nintendo DS game Bubble Bobble Revolution is unplayable because a mandatory boss fight failed to trigger in the 30th level.^[51]
• An update for the Xbox 360 version of Guitar Hero II, which was intended to fix some issues with the whammy bar on that game’s guitar controllers, came with a bug that caused some consoles to freeze, or even stop working altogether, producing the infamous «red ring of death».^[52]
• Valve’s Steam client for Linux could accidentally delete all the user’s files in every directory on the computer. This happened to users that had moved Steam’s installation directory.^[53] The bug is the result of unsafe shellscript programming:

STEAMROOT="$(cd "${0%/*}" && echo $PWD)"

# Scary!
rm -rf "$STEAMROOT/"*

The first line tries to find the script’s containing directory. This could fail, for example if the directory was moved while the script was running, invalidating the «selfpath» variable $0. It would also fail if $0 contained no slash character, or contained a broken symlink, perhaps mistyped by the user. The way it would fail, as ensured by the && conditional, and not having set -e cause termination on failure, was to produce the empty string. This failure mode was not checked, only commented as «Scary!». Finally, in the deletion command, the slash character takes on a very different meaning from its role of path concatenation operator when the string before it is empty, as it then names the root directory.

• Minus World is an infamous glitch level from the 1985 game Super Mario Bros., accessed by using a bug to clip through walls in level 1–2 to reach its «warp zone», which leads to the said level.^[54] As this level is endless, triggering the bug that takes the player there will make the game impossible to continue until the player resets the game or runs out of lives.
• «MissingNo.» is a glitch Pokémon species present in Pokémon Red and Blue, which can be encountered by performing a particular sequence of seemingly unrelated actions. Capturing this Pokémon may corrupt the game’s data, according to Nintendo^[55][56][57] and some of the players who successfully attempted this glitch. This is one of the most famous bugs in video game history, and continues to be well-known.^[58]

Encryption[edit]

• In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the «random» numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.^[59]
• Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency’s public access to the online filing portion of its website^[60] following the theft of social insurance numbers.^[61]
• The Apple «goto fail» bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.
• The GnuTLS «goto fail» bug was similar to the Apple bug and found about two weeks later. The GnuTLS bug also allowed attackers to bypass SSL/TLS security. ^[62]

Transportation[edit]

• By some accounts Toyota’s electronic throttle control system (ETCS) had bugs that could cause sudden unintended acceleration.^[63]
• The Boeing 787 Dreamliner experienced an integer overflow bug which could shut down all electrical generators if the aircraft was on for more than 248 days.^[64] A similar problem was found in Airbus A350 which need to be powered down before reaching 149 hours of continuous power-on time, otherwise certain avionics systems or functions would partially or completely fail.^[65]
• In early 2019, the transportation-rental firm Lime discovered a firmware bug with its electric scooters that can cause them to brake very hard unexpectedly, which may hurl and injure riders.^[66]
• Boeing 737 NG had all cockpit displays go blank if a specific type of instrument approach to any one of seven specific airports was selected in the flight management computer.^[67]
• Bombardier CRJ-200 equipped with flight management systems by Collins Aerospace would make wrong turns during missed approach procedures executed by the autopilot in some specific cases when temperature compensation was activated in cold weather.^[68]

Finance[edit]

• The Vancouver Stock Exchange index had large errors due to repeated rounding. In January 1982 the index was initialized at 1000 and subsequently updated and truncated to three decimal places on each trade. This was done about 3000 times a day. The accumulated truncations led to an erroneous loss of around 25 points per month. Over the weekend of November 25–28, 1983, the error was corrected, raising the value of the index from its Friday closing figure of 524.811 to 1098.892.^[69][70]
• Knight Capital Group lost $440 million in 45 minutes due to the improper deployment of software on servers and the re-use of a critical software flag that caused old unused software code to execute during trading.^[71]

• Post Office Limited Between 2000 and 2015, 736 subpostmasters were prosecuted by the UK Post Office, with many falsely convicted and sent to prison. This was a result of failure to recognize defects in the Horizon financial software, the subpostmasters were blamed for financial shortfalls which were actually software defects.^[72]

Blockchain[edit]

• Ethereum The DAO (organization) bug — 3.6M ETH^[73]

See also[edit]

• London Ambulance Service § Innovation

References[edit]

External links[edit]

• Forum on Risks to the Public in Computers and Related Systems

Дефекты программного обеспечения можно обнаружить на каждом этапе разработки и тестирования продукта. Чтобы гарантировать исправление наиболее серьезных дефектов программного обеспечения, тестировщикам важно иметь хорошее представление о различных типах дефектов, которые могут возникнуть.

В этой статье мы обсудим самые распространенные типы ПО дефекты и способы их выявления.

Что такое дефект?

Дефект программного обеспечения — это ошибка, изъян, сбой или неисправность в компьютерной программе, из-за которой она выдает неправильный или неожиданный результат или ведет себя непреднамеренным образом. Программная ошибка возникает, когда фактические результаты не совпадают с ожидаемыми. Разработчики и программисты иногда допускают ошибки, которые создают ошибки, называемые дефектами. Большинство ошибок возникает из-за ошибок, которые допускают разработчики или программисты.

Обязательно прочтите: Разница между дефектом, ошибкой, ошибкой и сбоем

Типы программных ошибок при тестировании программного обеспечения

Существует множество различных типов дефектов программного обеспечения, и тестировщикам важно знать наиболее распространенные из них, чтобы они могут эффективно тестировать их.

Ошибки программного обеспечения подразделяются на три типа:

1. Дефекты программного обеспечения по своей природе
2. Дефекты программного обеспечения по их приоритету
3. Дефекты программного обеспечения по их серьезности

Обычно мы можем видеть приоритет и серьезность классификаторов в большинстве инструментов отслеживания ошибок. Если мы настроим классификатор в соответствии с характером ошибки, а также приоритетом и серьезностью, это поможет легко управлять распределением обязанностей по исправлению ошибок соответствующим командам.

#1. Дефекты программного обеспечения по своей природе

Ошибки в программном обеспечении имеют широкий спектр природы, каждая из которых имеет свой собственный набор симптомов. Несмотря на то, что таких багов много, сталкиваться с ними можно не часто. Вот наиболее распространенные ошибки программного обеспечения, классифицированные по характеру, с которыми вы, скорее всего, столкнетесь при тестировании программного обеспечения.

#1. Функциональные ошибки

Как следует из названия, функциональные ошибки — это те, которые вызывают сбои в работе программного обеспечения. Хорошим примером этого может служить кнопка, при нажатии на которую должно открываться новое окно, но вместо этого ничего не происходит.

Функциональные ошибки можно исправить, выполнив функциональное тестирование.

#2. Ошибки на уровне модуля

Ошибки на уровне модуля — это дефекты, связанные с функциональностью отдельного программного модуля. Программный модуль — это наименьшая тестируемая часть приложения. Примеры программных модулей включают классы, методы и процедуры. Ошибки на уровне подразделения могут существенно повлиять на общее качество программного обеспечения.

Ошибки на уровне модуля можно исправить, выполнив модульное тестирование.

#3. Ошибки уровня интеграции

Ошибки уровня интеграции — это дефекты, возникающие при объединении двух или более программных модулей. Эти дефекты может быть трудно найти и исправить, потому что они часто требуют координации между несколькими командами. Однако они могут оказать существенное влияние на общее качество программного обеспечения.

Ошибки интеграции можно исправить, выполнив интеграционное тестирование.

#4. Дефекты юзабилити

Ошибки юзабилити — это дефекты, влияющие на работу пользователя с программным обеспечением и затрудняющие его использование. Дефект юзабилити — это дефект пользовательского опыта программного обеспечения, который затрудняет его использование. Ошибки юзабилити — это такие ошибки, как если веб-сайт сложен для доступа или обойти, или процесс регистрации сложен для прохождения.

Во время тестирования удобства использования тестировщики программного обеспечения проверяют приложения на соответствие требованиям пользователей и Руководству по доступности веб-контента (WCAG) для выявления таких проблем. Однако они могут оказать существенное влияние на общее качество программного обеспечения.

Ошибки, связанные с удобством использования, можно исправить, выполнив тестирование удобства использования.

#5. Дефекты производительности

Ошибки производительности — это дефекты, влияющие на производительность программного обеспечения. Это может включать в себя такие вещи, как скорость программного обеспечения, объем используемой памяти или количество потребляемых ресурсов. Ошибки уровня производительности сложно отследить и исправить, поскольку они могут быть вызваны рядом различных факторов.

Ошибки юзабилити можно исправить, выполнив тестирование производительности.

#6. Дефекты безопасности

Ошибки безопасности — это тип дефекта программного обеспечения, который может иметь серьезные последствия, если его не устранить. Эти дефекты могут позволить злоумышленникам получить доступ к конфиденциальным данным или системам или даже позволить им получить контроль над уязвимым программным обеспечением. Таким образом, очень важно, чтобы ошибкам уровня безопасности уделялось первоочередное внимание и устранялись как можно скорее.

Ошибки безопасности можно исправить, выполнив тестирование безопасности.

#7. Дефекты совместимости

Дефекты совместимости — это те ошибки, которые возникают, когда приложение несовместимо с оборудованием, на котором оно работает, или с другим программным обеспечением, с которым оно должно взаимодействовать. Несовместимость программного и аппаратного обеспечения может привести к сбоям, потере данных и другому непредсказуемому поведению. Тестировщики должны знать о проблемах совместимости и проводить соответствующие тесты. Программное приложение, имеющее проблемы с совместимостью, не работает последовательно на различных видах оборудования, операционных системах, веб-браузерах и устройствах при подключении к определенным программам или работе в определенных сетевых условиях.

Ошибки совместимости можно исправить, выполнение тестирования совместимости.

#8. Синтаксические ошибки

Синтаксические ошибки являются самым основным типом дефекта. Они возникают, когда код нарушает правила языка программирования. Например, использование неправильной пунктуации или забывание закрыть скобку может привести к синтаксической ошибке. Синтаксические ошибки обычно мешают запуску кода, поэтому их относительно легко обнаружить и исправить.

#9. Логические ошибки

Логические ошибки — это дефекты, из-за которых программа выдает неправильные результаты. Эти ошибки может быть трудно найти и исправить, потому что они часто не приводят к каким-либо видимым ошибкам. Логические ошибки могут возникать в любом типе программного обеспечения, но они особенно распространены в приложениях, требующих сложных вычислений или принятия решений.

Общие симптомы логических ошибок включают:

• Неверные результаты или выходные данные
• Неожиданное поведение
• Сбой или зависание программного обеспечения

Чтобы найти и исправить логические ошибки, тестировщикам необходимо иметь четкое представление о коде программы и о том, как она должна работать. Часто лучший способ найти такие ошибки — использовать инструменты отладки или пошаговое выполнение, чтобы отслеживать выполнение программы и видеть, где что-то идет не так.

#2. Дефекты программного обеспечения по степени серьезности

Уровень серьезности присваивается дефекту по его влиянию. В результате серьезность проблемы отражает степень ее влияния на функциональность или работу программного продукта. Дефекты серьезности классифицируются как критические, серьезные, средние и незначительные в зависимости от степени серьезности.

#1. Критические дефекты

Критический дефект — это программная ошибка, имеющая серьезные или катастрофические последствия для работы приложения. Критические дефекты могут привести к сбою, зависанию или некорректной работе приложения. Они также могут привести к потере данных или уязвимостям в системе безопасности. Разработчики и тестировщики часто придают первостепенное значение критическим дефектам, поскольку их необходимо исправить как можно скорее.

#2. Серьезные дефекты

Серьезный дефект — это программная ошибка, существенно влияющая на работу приложения. Серьезные дефекты могут привести к замедлению работы приложения или другому неожиданному поведению. Они также могут привести к потере данных или уязвимостям в системе безопасности. Разработчики и тестировщики часто придают первостепенное значение серьезным дефектам, поскольку их необходимо исправить как можно скорее.

#3. Незначительные дефекты

Незначительный дефект — это программная ошибка, которая оказывает небольшое или незначительное влияние на работу приложения. Незначительные дефекты могут привести к тому, что приложение будет работать немного медленнее или демонстрировать другое неожиданное поведение. Разработчики и тестировщики часто не придают незначительным дефектам приоритет, потому что их можно исправить позже.

#4. Тривиальные дефекты

Тривиальный дефект – это программная ошибка, не влияющая на работу приложения. Тривиальные дефекты могут привести к тому, что приложение отобразит сообщение об ошибке или проявит другое неожиданное поведение. Разработчики и тестировщики часто присваивают тривиальным дефектам самый низкий приоритет, потому что они могут быть исправлены позже.

#3. Дефекты программного обеспечения по приоритету

#1. Дефекты с низким приоритетом

Дефекты с низким приоритетом, как правило, не оказывают серьезного влияния на работу программного обеспечения и могут быть отложены для исправления в следующей версии или выпуске. В эту категорию попадают косметические ошибки, такие как орфографические ошибки, неправильное выравнивание и т. д.

#2. Дефекты со средним приоритетом

Дефекты со средним приоритетом — это ошибки, которые могут быть исправлены после предстоящего выпуска или в следующем выпуске. Приложение, возвращающее ожидаемый результат, которое, однако, неправильно форматируется в конкретном браузере, является примером дефекта со средним приоритетом.

#3. Дефекты с высоким приоритетом

Как следует из названия, дефекты с высоким приоритетом — это те, которые сильно влияют на функционирование программного обеспечения. В большинстве случаев эти дефекты необходимо исправлять немедленно, так как они могут привести к серьезным нарушениям нормального рабочего процесса. Дефекты с высоким приоритетом обычно классифицируются как непреодолимые, так как они могут помешать пользователю продолжить выполнение поставленной задачи.

Некоторые распространенные примеры дефектов с высоким приоритетом включают:

• Дефекты, из-за которых приложение не работает. сбой
• Дефекты, препятствующие выполнению задачи пользователем
• Дефекты, приводящие к потере или повреждению данных
• Дефекты, раскрывающие конфиденциальную информацию неавторизованным пользователям
• Дефекты, делающие возможным несанкционированный доступ к системе
• Дефекты, приводящие к потере функциональности
• Дефекты, приводящие к неправильным результатам или неточным данным
• Дефекты, вызывающие проблемы с производительностью, такие как чрезмерное использование памяти или медленное время отклика

#4. Срочные дефекты

Срочные дефекты — это дефекты, которые необходимо устранить в течение 24 часов после сообщения о них. В эту категорию попадают дефекты со статусом критической серьезности. Однако дефекты с низким уровнем серьезности также могут быть классифицированы как высокоприоритетные. Например, опечатка в названии компании на домашней странице приложения не оказывает технического влияния на программное обеспечение, но оказывает существенное влияние на бизнес, поэтому считается срочной.

#4. Дополнительные дефекты

#1. Отсутствующие дефекты

Отсутствующие дефекты возникают из-за требований, которые не были включены в продукт. Они также считаются несоответствиями спецификации проекта и обычно негативно сказываются на пользовательском опыте или качестве программного обеспечения.

#2. Неправильные дефекты

Неправильные дефекты — это те дефекты, которые удовлетворяют требованиям, но не должным образом. Это означает, что хотя функциональность достигается в соответствии с требованиями, но не соответствует ожиданиям пользователя.

#3. Дефекты регрессии

Дефект регрессии возникает, когда изменение кода вызывает непреднамеренное воздействие на независимую часть программного обеспечения.

Часто задаваемые вопросы — Типы программных ошибок< /h2>

Почему так важна правильная классификация дефектов?

Правильная классификация дефектов важна, поскольку она помогает эффективно использовать ресурсы и управлять ими, правильно приоритизировать дефекты и поддерживать качество программного продукта.

Команды тестирования программного обеспечения в различных организациях используют различные инструменты отслеживания дефектов, такие как Jira, для отслеживания дефектов и управления ими. Несмотря на то, что в этих инструментах есть несколько вариантов классификации дефектов по умолчанию, они не всегда могут наилучшим образом соответствовать конкретным потребностям организации.

Следовательно, важно сначала определить и понять типы дефектов программного обеспечения, которые наиболее важны для организации, а затем соответствующим образом настроить инструмент управления дефектами.

Правильная классификация дефектов также гарантирует, что команда разработчиков сможет сосредоточиться на критических дефектах и ​​исправить их до того, как они повлияют на конечных пользователей.

Кроме того, это также помогает определить потенциальные области улучшения в процессе разработки программного обеспечения, что может помочь предотвратить появление подобных дефектов в будущих выпусках.

Таким образом, отслеживание и устранение дефектов программного обеспечения может показаться утомительной и трудоемкой задачей. , правильное выполнение может существенно повлиять на качество конечного продукта.

Как найти лежащие в основе ошибки программного обеспечения?

Определение основной причины программной ошибки может быть сложной задачей даже для опытных разработчиков. Чтобы найти лежащие в основе программные ошибки, тестировщики должны применять систематический подход. В этот процесс входят различные этапы:

1) Репликация. Первым этапом является воспроизведение ошибки. Это включает в себя попытку воспроизвести тот же набор шагов, в котором возникла ошибка. Это поможет проверить, является ли ошибка реальной или нет.
2) Изоляция. После того, как ошибка воспроизведена, следующим шагом будет попытка ее изоляции. Это включает в себя выяснение того, что именно вызывает ошибку. Для этого тестировщики должны задать себе несколько вопросов, например:
– Какие входные данные вызывают ошибку?
– При каких различных условиях возникает ошибка?
– Каковы различные способы проявления ошибки?
3) Анализ: после Изолируя ошибку, следующим шагом будет ее анализ. Это включает в себя понимание того, почему возникает ошибка. Тестировщики должны задать себе несколько вопросов, таких как:
– Какова основная причина ошибки?
– Какими способами можно исправить ошибку?
– Какое исправление было бы наиболее эффективным? эффективно?
4) Отчет. После анализа ошибки следующим шагом является сообщение о ней. Это включает в себя создание отчета об ошибке, который включает всю соответствующую информацию об ошибке. Отчет должен быть четким и кратким, чтобы разработчики могли его легко понять.
5) Проверка. После сообщения об ошибке следующим шагом является проверка того, была ли она исправлена. Это включает в себя повторное тестирование программного обеспечения, чтобы убедиться, что ошибка все еще существует. Если ошибка исправлена, то тестер может подтвердить это и закрыть отчет об ошибке. Если ошибка все еще существует, тестировщик может повторно открыть отчет об ошибке.

Заключение

В индустрии программного обеспечения дефекты — неизбежная реальность. Однако благодаря тщательному анализу и пониманию их характера, серьезности и приоритета дефектами можно управлять, чтобы свести к минимуму их влияние на конечный продукт.

Задавая правильные вопросы и применяя правильные методы, тестировщики могут помочь обеспечить чтобы дефекты обнаруживались и исправлялись как можно раньше в процессе разработки.
TAG: qa