5/30/2023 by Patrick Reany
On 5/29/2023 I asked BingChat to explain why it's so hard to write non-buggy code. I'm not a
programmer but the topic interested me anyway. But I'm sure the topic is more interesting
to actual programmers.
Patrick: How come we have not yet learned how to make bug-free applications so the
hackers can't exploit the bugs to make malware?
BingChat: There is no such thing as bug-free software. Even if software is tested as thoroughly
as possible within the time constraints of the project, there are always more bugs12. It's important
to think of software as an ongoing process that can always get better because perfection
isn't attainable3.
Would you like me to look up more information on this topic?
Patrick: I assume that the bugs that appear in applications are there by recognizable programming
mistakes that could be avoided if we put our minds to it. If it's not that simple, why isn't it that simple?
BingChat: Bugs in software can arise from human error in hardware designs or somewhere
in the chain of software tools used to create computer applications, firmware, or operating systems1.
The most common reasons for the occurrence of software bugs are human errors and mistakes made
in designing the program and writing the source code2. Other reasons include unrealistic time
schedules for development, lack of designing experience, lack of coding practices experience,
human factors introducing errors in code, lack of version control, buggy third-party tools and
last-minute changes in the requirement introducing errors3.
Would you like me to look up more information on this topic?
Patrick: If you're claiming that all large software programs will necessarily have bugs in them,
then you are as much as proclaiming the Myth of Bug-Free Software, right?
BingChat: Yes, that’s correct. There is no such thing as bug-free software.
Patrick: Can an LLM be constructed on top of buggy software?
BingChat: Yes, an LLM can be constructed on top of buggy software. In fact, researchers have
proposed a framework that prompts the OpenAI LLM to generate tests, processes the results,
and suggests solutions only when we can be reasonably confident that bug reproduction
has succeeded1.
Patrick: Can an LLM examine its own code for software bugs? If not, why not?
BingChat: No, LLMs cannot examine their own code for bugs1. However, the newest versions
of Codex can identify bugs and fix mistakes in its own code — and even explain what the
code does -- at least some of the time2.
Patrick: What is this 'Codex' you refer to?
BingChat: Codex is an AI system developed by OpenAI that can generate code from natural
language descriptions1. It is a generative model that uses machine learning to generate code
based on the input provided1
Patrick: But it's true that an LLM can look for and find bugs in submitted programs,
such as a Python application, right?
BingChat: Yes, LLMs can find bugs in Python applications1. In fact, this year's DEF CON AI
Village has invited hackers to show up, dive in, and find bugs and biases in large language models
(LLMs) built by OpenAI, Google, Anthropic, and others2.
Patrick: Do you suppose that there's some Cobol program that has been around for 60 years
that has had all its bugs removed by now?
BingChat: It's unlikely that a program has had all its bugs removed after 60 years of use.
Even if the program has been maintained and updated over the years, it’s still possible that
new bugs have been introduced.
Patrick: Can you give me a list of the 10 top rules for programmers to follow to avoid
endowing their software projects with bugs?
BingChat:
Here are some tips to reduce software bugs:
1. Create testable code.
2. Keep it simple.
3. Split up your code.
4. Don’t use comments as a band-aid.
5. Take compiler warnings into account.
6. Use assertions.
7. Use static analysis tools.
8. Use version control.
9. Use code reviews.
10. Use automated testing1.
I hope that helps!
Patrick: Could you give a little explanation on each of those ten points, please?
BingChat: Sure! Here are some explanations for each of the ten points:
1. Create testable code: Make sure you see your test fail at least once. This is the
key concept of test-driven development (TDD). By writing tests first, you can ensure
that your code is testable and that it works as expected.
2. Keep it simple: Complex code is destined to lead to bugs, and it is also much more
challenging to test. Your code should be as simple as possible.
3. Split up your code: Think about splitting up your code into independent modules.
This will make it easier to test and maintain.
4. Don't use comments as a band-aid: Comments can be helpful, but they should not be
used to cover up bad code. If you find yourself writing comments to explain what your
code does, then you should probably refactor your code instead.
5. Take compiler warnings into account: Compiler warnings can often indicate potential
bugs in your code. Make sure you pay attention to them.
6. Use assertions: Assertions are a way to check that your code is working as expected.
They can help you catch bugs early on.
7. Use static analysis tools: Static analysis tools can help you find bugs in your code
before you even run it.
8. Use version control: Version control is essential for managing changes to your code
over time. It allows you to track changes, collaborate with others, and revert changes
if necessary.
9. Use code reviews: Code reviews are an excellent way to catch bugs before they make
it into production. They also help ensure that your code is maintainable and easy
to understand.
10. Use automated testing: Automated testing is an essential part of any software
development process. It allows you to catch bugs early on and ensures that your code
works as expected1.
I hope that helps!