EXPLANATION AND NOTATION -- This document is a taxonomy for bugs. Bugs are categorized by a 4-digit number, perhaps with subnumbers using the point system; e.g., "1234.1.6."The "x" which appears is a place holder for possible future filling in of numbers as the taxonomy is (inevitably) expanded.For example:
3xxx -- structural bugs in the implemented software
32xx -- processing bugs
322x -- expression evaluation bugs
3222 -- arithmetic expressions bugs
3222.1 -- wrong operator bugs
The last digit in a set is always a 9: e.g., 9xxx, 39xx, 329x, 3229, 3226.9.This is the category to use when a finer breakdown is not available, e.g. for bugs that do not fit in the other (sub)categories:
9xxx -- other or unspecified bugs
39xx -- other structural bugs
329x -- other processing bugs
3229 -- other expression evaluation bugs
3222.9 -- other arithmetic bugs
1xxx: bugs having to do with requirements as specified or as implemented.
11xx: the requirement or a part of it is incorrect.
111x: requirement is wrong.
112x: requirement is correct as stated but it is not desirable.
113x: requirement is not needed.
114x: requirement is ambiguous.
12xx: the requirement is illogical or unreasonable.
121x: illogical, usually because of a self‑contradiction which can be exposed by a logical analysis of cases.
122x: logical and consistent but unreasonable with respect to the environment and/or budgetary and time constraints.
123x: requirement fundamentally impossible or cannot be achieved under existing constraints.
124x: requirement is inconsistent with other requirements or with environment.
1242: the inconsistency is evident within the specified component.
1244: the inconsistency is with external (to the component) components or the environment.
1248: the incompatibility is with one or more configurations (hardware, software, operating system) in which the component is expected to work.
13xx: the requirement as specified is either ambiguous, incomplete, or overly specified.
131x: the specification is incomplete; cases, features, variations or attributes are not specified and therefore not implemented.
132x: the entire requirement is missing.
133x: specified requirement totally or partially overlaps another requirement either already implemented or specified elsewhere.
134x: requirement as specified is correct and consistent but is overly generalized (e.g., too powerful) for the application.
137x: requirement as specified will mean that objects created or manipulated by prior versions can either not be processed by this version or will be incorrectly processed.
138x: requirement as specified cannot be expanded in ways which are likely to be needed ‑‑ important hooks left out of specification.
14xx: specification bugs having to do with verifying that the requirement was correctly or incorrectly implemented.
141x: the requirement, if implemented, cannot be verified by any means or within available time and budget. For example, it is possible to design a test but the outcome of the test cannot be verified as correct or incorrect.
142x: it is not possible to design and/or execute tests which will verify the requirement. Untestable is labeler than unverifiable.
15xx: bugs in the presentation or documentation of requirements. The requirements are presumed to be correct, but the form in which they are presented is not. This can be important for test design automation systems which demand specific formats.
152x: general presentation, documentation, format, media, etc.
153x: presentation violates standards for requirements.
16xx: requirements, whether or not correct, have been changed between the time programming started and testing ended.
162x: requirement changes concerned with features.
1621: a new feature has been added.
1622: previously required feature deleted.
1623: significant changes to feature, other than changes in cases.
163x: cases within a feature have been changed. Feature itself is not significantly modified except for cases.
1631:
1632:
1633: processing or treatment of specific case(s) changed.
164x:
input data domain modified: e.g., boundary changes, closure, treatment.
165x: changes in text, content, or conditions under which user prompts, warning, error messages, etc. are produced.
166x: direct internal interfaces such as call sequences, or indirect interfaces (e.g., via data structures) have been changed.
167x: external interfaces, such as device drivers, protocols, etc. have been changed.
168x: changes to performance requirements (e.g., throughput) and/or timings.
2xxx: requirement known or assumed to be correct, implementable, and testable, but implementation is wrong.
21xx: having to do with the correctness of the implementation.
211x: feature as implemented is not correct ‑‑ not as specified.
218x: feature is correctly implemented by itself, but has incorrect interactions with other features, or specified or implied interaction is incorrectly handled.
22xx: having to do with the completeness with which features are implemented.
221x: an entire feature is missing.
222x: a feature not specified has been implemented.
223x: feature as implemented duplicates or overlaps features implemented by other parts of the software.
23xx: having to do with the completeness of cases within features.
231x:
232x: cases which should not have been handled are.
233x: duplicated handling of cases or partial overlap with other cases.
234x: data not required is output.
24xx: processing case or feature depends on a combination of input values. A domain bug exists if the wrong processing is executed for the selected input-value combination.
241x: misunderstanding of the size, shape, boundaries, or other characteristics of the specified input domain for the feature or case. Most bugs related to handling extreme cases are domain bugs.
242x: the values or expressions which define a domain boundary are wrong: e.g., "X>=6" instead of "X>=3."
243x: end points and boundaries of the domain are incorrectly associated with an adjacent domain: e.g., "X>=0" instead of "X>0."
244x: domain boundaries are defined by a relation between domain control variables. That relation, as implemented, is incorrect: e.g., "IF X>0 AND Y>0 .." instead of "IF X>0 OR Y>0..."
25xx: user prompt or printout or other form of communication is incorrect. Processing is assumed to be correct: e.g., a false warning, failure to warn, wrong message, spelling, formats.
26xx: exception conditions such as illogicals, resource problems, failure modes, which require special handling, are not correctly handled or the wrong exception-handling mechanisms are used.
3xxx: bugs related to the component's structure: i.e., the code.
31xx:
bugs specifically related to the control flow of the program or the order and extent to which things are done, as distinct from what is done.
311x: general bugs related to component structure.
3112: a functionally meaningful processing path in the code for which there is no combination of input values which will force that path to be executed. Do not confuse with unreachable code. The code in question might be reached by some other path.
3114: code for which there is no combination of input values which will cause that code to be executed.
3116: code segments which once entered cannot be exited, even though it was intended that an exit be possible.
312x: the path taken through a program is directed by control flow predicates (e.g., boolean expressions). This category addresses the implementation of such predicates.
3122: control logic which should appear only once is inadvertently duplicated in whole or in part.
3124: improper handling of cases for which what is to be done does not matter either because the case is impossible or because it really doesn't matter: e.g., incorrectly assuming that the case is a don't-care case, failure to do case validation, not invoking the correct exception handler, improper logic simplification to take advantage of such cases.
3126:
improper identification of, or processing of, illogical or impossible conditions. An illogical is labeler than a don't care. Illogicals usually mean that something bad has happened and that recovery is needed. Examples of bugs include: illogical not really so, failure to recognize illogical, invoking wrong handler, improper simplification of control logic to take advantage of the case.
3128:
control-flow problems which can be directly attributed to the incorrect formulation of a control flow predicate: e.g., "IF A>B THEN..." instead of "IF A<B THEN..."
313x: simple bugs in case selections, such as improperly formulated case selection expression, GOTO list, or bug in assigned GOTO.
314x: bugs having to do with the control of loops.
3141: initial iteration value wrong: e.g., "FOR I = 3 TO 17..." instead of "FOR I = 8 TO 17."
3142: value, variable, or expression used to control loop termination is incorrect: e.g., "FOR I = 1 TO 7..." instead of "FOR I = 1 TO 8."
3143: value, variable, or expression used to control loop increment value is incorrect: e.g., "FOR I = 1 TO 7 STEP 2..." instead of "FOR I = 1 TO 7 STEP 5.."
3144: where end points and/or increments are controlled by values calculated within the loop's scope, a bug in such calculations.
3148: where specified values or conditions or relations between variables force an abnormal exit to the loop, either incorrect processing of such conditions or incorrect exit mechanism invoked.
315x: bugs having to do with how the program's control flow is initialized and changes of state which affect the control flow: e.g., switches.
3152: initializing to the wrong state or failing to initialize.
3154: for state‑determined control flows, incorrect transition to a new state from the current state: e.g., input condition X requires a transition to state B, given that the program is in state A, instead, the transition is to state C. Most incorrect GOTOs are included in this category.
316x: any incorrect invocation of a control-flow exception handler not previously categorized.
32xx: bugs related to processing under the assumption that the control flow is correct.
321x: inappropriate or incorrect algorithm selected, but implemented correctly: e.g., using an incorrect approximation, using a shortcut string search algorithm that assumes string characteristics which may not apply.
322x: bugs having to do with the way arithmetic, boolean, string, and other expressions are evaluated.
3222: bugs related to evaluation of arithmetic expressions.
3222.1: wrong arithmetic operator or function used.
3222.2: syntactically correct bug in placement of parentheses or other arithmetic delimiters.
3222.3: bug in use of sign.
3224: bug in the manipulation or evaluation of boolean expressions which are not (directly) part of control-flow predicates: e.g., using wrong mask, AND instead of OR, incorrect simplification of boolean function.
3226: bug in string manipulation.
3226.1: the beginning of a string is cut off when it should not have been or not cut off when it should be.
3226.2: as for beheading but for string end.
3226.3: strings are concatenated in wrong order or concatenated when they should not be.
3226.3.1:
3226.3.2:
3226.4: having to do with the insertion of one string into another.
3226.5: case conversion (upper to lower, say) is incorrect.
3226.6: string is converted to another code incorrectly or not converted when it should be.
3226.7: strings are incorrectly packed or unpacked
3228: bugs in symbolic processing of algebraic expressions.
323x: bugs in initialization of variables, expressions, functions, etc. used in processing, excluding initialization bugs associated with declarations and data statements and loop initialization.
324x: incorrect handling of cleanup of temporary data areas, registers, states, etc. associated with processing.
325x: insufficient or excessive precision, insufficient accuracy and other bugs related to number representation system used.
326x: excessive (usually) execution time for processing component.
4xxx: bugs in the definition, structure, or use of data.
41xx: bugs in the definition, structure and initialization of data: e.g., in DATA statements. This category applies whether the object is declared statically in source code or created dynamically.
411x: the data object type, as declared, is incorrect: e.g., integer instead of floating, short instead of long, pointer instead of integer, array instead of scalar, incorrect user-defined type.
412x: for arrays and other objects which have a dimension (e.g., arrays, records, files) by which component objects can be indexed, a bug in the dimension or in the minimum or maximum dimensions, or in redimensioning statements.
413x: bugs in the assigned initial values of the object (e.g., in DATA statements), selection of incorrect default values, or failure to supply a default value if needed.
414x: bugs related to the incorrect duplication or failure to create a duplicated object.
4142: duplicated definition of an object where allowed by the syntax.
4144: object is known by one or more aliases but specified alias is incorrect; object not aliased when it should have been.
415x: the scope, partition, or components to which the object applies is incorrectly specified.
4152: a locally defined object (e.g., within the scope of a specific component) should have been specified more globally (e.g., in COMMON).
4154: the scope of an object is too global, it should have been declared more locally.
4156: a syntactically acceptable conflict between a local and/or global declaration of an object (e.g., incorrect COMMON).
416x: related to the declaration of static and dynamically allocated resources.
4162: resource is defined as a dynamically allocated object but should have been static (e.g., permanent).
4164: resource is defined as static but should have declared as dynamic.
4166: number of specified resources is insufficient or there is insufficient space (e.g., main memory, cache, registers, disc, etc.) to hold the declared resources.
4168: data objects are to be overlayed but there is a bug in the specification of the overlay areas.
42xx: having to do with access and manipulation of data objects that are presumed to be correctly defined.
421x: bugs having to do with the object type.
4212: object type is incorrect for required processing: e.g., multiplying two strings.
4214: object undergoes incorrect type transformation: e.g., integer to floating, pointer to integer, specified type transformation is not allowed, required type transformation not done. Note, type transformation bugs can exist in any language, whether or not it is labelly typed, whether or not there are user-defined types.
4216: scaling or units (semantic) associated with object is incorrect, incorrectly transformed, or not transformed: e.g., FOOT‑POUNDS to STONE‑FURLONGS.
422x: for dynamically variable dimensions of a dimensioned object, a bug in the dimension: e.g., dynamic redimension of arrays, exceeding maximum file length, removing one more than the minimum number of records.
423x: having to do with the value of data objects or parts thereof.
4232: initialization or default value of object is incorrect. Not to be confused with initialization and default bugs in declarations. This is a dynamic initialization bug.
4234: incorrect constant value for an object: e.g., a constant in an expression.
424x: bugs in dynamic (run time) duplication and aliasing of objects.
4242: attempt to create an object which already exists.
4244: attempted reference to an object which does not exist.
426x: having to do with dynamically allocated resources and resource pools, in whatever memory media they exist: main, cache, disc, bulk RAM. Included are: queue blocks, control blocks, buffer blocks, heaps, files, etc.
4262: referenced resource does not exist.
4264: wrong resource type referenced.
428x: having to do with the access of objects as distinct from the manipulation of objects. In this context, accesses include read, write, modify, and (in some instances) create and destroy.
4281: incorrect object accessed: e.g., "X := ABC33" instead of "X := ABD33."
4282: access rights are controlled by attributes associated with the caller and the object. For example, some callers can only read the object, others can read and modify, etc. Violations of object access rights are included in this category whether or not a formal access rights mechanism exists: that is, access rights could be specified by programming conventions rather than by software.
4283: data-flow anomalies involve the sequence of accesses to an object: e.g., reading or initializing an object before it has been created, or creating and then not using.
4284: where objects are in simultaneous use by more than one caller, interlocks and synchronization mechanisms may be used to assure that all data are current and changed by only one caller at a time. These are not bugs in the interlock or synchronization mechanism but in the use of that mechanism.
4285: application requires that the object be saved or otherwise protected at different program states, or alternatively, not protected. These are bugs related to the incorrect usage of such protection mechanisms or procedures.
4286: application requires that a previously saved object be restored prior to processing: e.g., POP the stack, restore registers after interrupt. This category includes bugs in the incorrect restoration of data objects and not bugs in the implementation of the restoration mechanism.
4287: object is accessed by wrong means: e.g., direct access of an object for which indirect access is required, call by value instead of name or vice‑versa, indexed instead of sequential or vice versa.
4288: access to object is partly correct, but the object structure and its boundaries are handled incorrectly: e.g., fetching 8 characters of a string instead of 7, mishandling word boundaries, getting too much or too little of an object.
5xxx: bugs having to do with the implementation of the software. Some of these, such as standards and documentation, may not affect the actual workings of the software. They are included in the bug taxonomy because of their impact on maintenance.
51xx: bugs which can be clearly attributed to simple coding and typographical bugs. Classification of a bug into this category is subjective. If a programmer believed that the correct variable, say, was "ABCD" instead of "ABCE," then it would be classified as a 4281 bug (wrong object accessed). Conversely, if E was changed to D because of a typewriting bug, then it belongs here.
511x: all bugs which can be reasonably attributed to typing and other typographical bugs.
512x: all bugs which can be reasonably attributed to a misunderstanding of an instruction's operation or HOL statement's action.
52xx:
bugs having to do with violating or misunderstanding the applicable programming standards and conventions. The software is assumed to work properly.
521x: violations concerning control-flow structure, organization of the software, etc.
5212: violations of control-flow structure conventions: e.g., excessive IF‑THEN‑ELSE nesting, not using CASE statements where required, not following dictated processing order, jumping into or out of loops, jumping into or out of decisions.
5214: violation of maximum (usually) or minimum (rare) complexity guidelines as measured by some specified complexity metric: e.g., too many lines of code in module, cyclomatic complexity greater than 200, excessive Halstead length, too many tokens.