Software Quality

On the Late Night Linux podcast episode 20 about 38 minutes in there's the question: why does most software have bugs? Shouldn't software developers just have better skills? Why isn't software always built by qualified experts? Why isn't building software like building bridges or any other kind of civil engineering project? After all, we know how to build bridges which don't immediately collapse. Also why does software keep changing? Can't we just all run the same version of XFCE from now until the end of time and be happy with it?

Variations of these questions have existed for as long as I can remember. At the last place I worked the CEO also had the idea that we should try to make software engineering into a "Real Engineering discipline" with standards and known processes and reproducibility of results, not so many "cowboys", etc. It's not an entirely whacky idea either.

So why isn't software like bridges? It's because the things we can build - and have already built - with software are many orders of magnitude more complex than designing a bridge. Bridges are made out of materials whose properties can be quite precisely understood, and Newtonian mechanics provides a high level of accuracy in predicting how those materials will behave when arranged in certain ways. So a bridge designer can know how the harmonics of the structure will behave when vehicles in a certain mass range are moving over it at a certain frequency, even before the bridge has been constructed. They can calculate what side winds within an expected speed range based in historical weather reports will do, given the surface area and structural composition.

But with software these kinds of calculations in advance are usually impossible, speculative or only possible with big error bars. There are a lot of unknowns, a lot of possible interactions between parts, and what that adds up to is that the complexity is greater than any particular human mind. When the complexity of the problem is greater than your own complexity then the way to make progress is via exploration and itteration. When something fails then try something else. Search the terrain of solutions. Keep applying patches for failure cases and carry on until some level of stability emerges.

Software is only partially designed. Mostly it grows and is curated. It's more like gardening than building bridges.

It's not completely hopeless because over time ways of improving software quality have become known. Unit testing. Static analysis. Continuous integration. Reproducible builds. Dependency tree analysis. Penetration testing and fuzzing of inputs. Watchdog systems. Atomic operations enabling rollbacks. Packaging systems for reliable deployment. All of these methods can be used to help avoid having software immediately fall over.

But even if software is perfect at the time of deployment if it's not maintained then eventually bitrot will happen. Dependencies will change. Operating systems will change. Ways of using computers will change. After enough time without maintenance things will begin to fail. Yes you can create an emulator or have a virtual machine image. Perhaps I could still run Windows 3.11 inside of a VM as if it was 1994, but in the modern context this would be of very limited utility and the security bugs would be horrendous.

So why can't we just carry on using the same software year after year? History happens. The world is complex and people are complex, even though sometimes they might not appear to be. Humans are the unsatisfied species. We didn't want to stick to stone hand axes and just kept tinkering to try to make things better. One thing lead to another and before you know it we have self-driving cars and LED eyelashes.

You can try to seek statis in a mythical golden age, but it's always a mirage. Things evolve and change is unavoidable. At the current time the rate of change in software is enough that there just isn't time for any developer to become an expert. In general by the time you're an expert on some aspect of software technology it has become obsolete. This means that learning is continuous and that's why to some folks the software industry looks like a bunch of people who don't really know what they're doing.