Look Out for Bugs

Posted4 months agoActive4 months ago

todsacerdoti

66 points

40 comments

matklad.github.ioTechstory

calmmixed

Debate

60/100

ProgrammingDebuggingCode Quality

Key topics

Programming

Debugging

Code Quality

The article 'Look Out for Bugs' discusses the importance of carefully reading code to identify bugs, sparking a discussion on the practicality and effectiveness of this approach among developers.

Snapshot generated from the HN discussion

Discussion Activity

Active discussion

First comment

Peak period

84-96h

Avg / period

9.3

Comment distribution28 data points

Loading chart...

Based on 28 loaded comments

Key moments

01Story posted
Sep 4, 2025 at 10:59 AM EDT
4 months ago
Step 01
02First comment
Sep 8, 2025 at 7:16 AM EDT
4d after posting
Step 02
03Peak activity
19 comments in 84-96h
Hottest window of the conversation
Step 03
04Latest activity
Sep 9, 2025 at 3:29 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (40 comments)

Showing 28 comments of 40

vlaaad

4 months ago

3 replies

Does this person also identify performance issues by reading the code? This is completely impractical.

IshKebab

4 months ago

2 replies

You totally can identify performance issues by reading code. E.g. spotting accidentally-quadratic, or failing to reserve vectors, or accidental copies in C++. Or in more amateur code (not mine!) using strings to do things that can be done without them (e.g. rounding numbers; yes people do that).

It's a lot easier and better to use profiling in general, but that doesn't mean I never see read code and think "hmm that's going to be slow".

Ygg2

4 months ago

1 reply

Ok. I'll bite. How do you identify that a performance uplift of part of the code will kill the performance of overall app? Or won't have any observable effect?

I'm not saying you can't spot naive performance pitfalls. But how do you spot cache misses reading the code?

IshKebab

4 months ago

1 reply

For example if someone uses a linked list where a vector would have worked. Vectors are much faster, partly due to better spatial locality.

Ygg2

4 months ago

Ok (that's a naive performance problem), and you speed that up, but now a shared resource is used mutably more often, leading to frequent locking and more overall pauses. How would you read that from your code?

jcgrillo

4 months ago

Practitioners of this approach to performance optimization often waste huge swaths of their colleagues' time and attention with pointless arguments about theoretical performance optimizations. It's much better to have a measurement first policy. "Hmm that might be slow" is a good signal that you should measure how fast it is, and nothing more.

Nevermark

4 months ago

Once your code is optimized so that manual mental/notepad execution is fast enough, it will crush it on any modern processor.

lapcat

4 months ago

> Does this person also identify performance issues by reading the code? This is completely impractical.

This sounds like every technical job interview.

foobarbecue

4 months ago

2 replies

Why is "public static void ..." written in Cyrillic here? I guess this might be a joke?

kaathewise

4 months ago

1 reply

The first programming language I learned was Java. And for us non-native speakers who didn't know English very well at that point public static void did indeed sound like a magic spell. It was behind both an understanding and a language barriers

zahlman

4 months ago

When I first saw Java, I had already seen multiple dialects of BASIC, plus Turing (a Pascal dialect), HyperTalk (the scripting language of HyperCard, and predecessor of AppleScript), J (an APL derivative), C and C++. I'm also a native speaker of English.

Your perception is still warranted. It was clear enough to me what all of that meant, but I was well aware that static is an awkward, highly overloaded term, and I already had the sense that all this boilerplate is a negative.

Joker_vD

4 months ago

To try and relate to the native English speakers the impression of how the usual boilerplate feels like arbitrary magical incantations to novice programmers (and non-native English speakers, I guess).

ChrisMarshallNY

4 months ago

2 replies

In Writing Solid Code[0], Steve Maguire recommends stepping through every line of code, in a symbolic debugger.

Sounds crazy, but I usually end up doing that, anyway, as I work.

Another tip that has helped me, is to add code documentation to inline code, after it’s written (I generally add some, but not much inline, as I write it. Most of my initial documentation is headerdoc). The process of reading the code, helps cement its functionality into my head, and I also find bugs, just like he mentions.

[0] https://writingsolidcode.com/

jamil7

4 months ago

1 reply

I also do this quite a lot but pair it with an automated test to repeatedly trigger the breakpoint with different values and round out the tests and code accordingly.

ChrisMarshallNY

4 months ago

That sounds like an excellent practice!

lapcat

4 months ago

2 replies

> In Writing Solid Code[0], Steve Maguire recommends stepping through every line of code, in a symbolic debugger.

> Sounds crazy, but I usually end up doing that, anyway, as I work.

This doesn't sound crazy to me. On the contrary, it sounds crazy not to do it.

How many bugs do we come across where we ask rhetorically, "Did this ever work?" It becomes obvious that the programmer never ran the code, otherwise the bug would have exhibited immediately.

01HNNWZ0MV43FF

4 months ago

When I think about stepping through the code in a debugger, I think about how hard it is to even run all the code, for the projects I've had the most trouble on.

1. One was soft real-time and stepping through the code in a debugger would first mean having a robust way to play back data input on a simulate time tick. Doing it on live sensor data would mean the code saw nonsense.

2. One requires a background service to run as root. Attaching a debugger to that is surely possible but not any fun.

3. Attaching a debugger to an Android app is certainly possible, but I have never practiced it, and I'm not sure if it can be done "in the field" - Suppose I have a bug that only replicates under certain conditions that are hard to simulate.

You're not wrong. But maybe bugs build up when programmers don't want to admit that we aren't really able to run our code, and managers don't want to give us time to actually run it.

ChrisMarshallNY

4 months ago

True, dat.

Writing Solid Code is over 30 years old, and has techniques that are still completely relevant, today (some have become industry standard).

Reading that, was a watershed in my career.

152334H

4 months ago

1 reply

Extremely funny post.

The author doesn't grasp how much of what they've written amounts to flexing their own outlier intelligence; they must sincerely believe the average programmer is capable of juggling a complex 500 line program in their heads.

wduquette

4 months ago

I do what the author does all the time, every day. But then, I work mostly on my own; and I've spent decades learning how to structure my code so as to minimize the amount that has to be "live" in my head at any give moment, and so that I can quickly rebuild that mental model on re-reading.

gobdovan

4 months ago

1 reply

Isn't this basically what a debugger gives you? You say "follow the control flow" and "track state," but those are exactly what I do when stepping through code with invariants and watchpoints. The only real difference I see is that reading doesn't require a reproducible example, while debugging does. Otherwise, the habits seem nearly identical.

lapcat

4 months ago

1 reply

> The only real difference I see is that reading doesn't require a reproducible example, while debugging does.

You can manipulate values in a debugger to make it go down any code path you like.

gobdovan

4 months ago

Yeah, exactly. Although sometimes, if you don't have a repro, you may want to understand more of the code in the way the article shows to (at least 1-2 go to definitions), as you'd need to know what to change the values to.

Krei-se

4 months ago

I keep reading articles about how you need to fit mental models of code in your head with analogies to spatial maps. This is not how your brain processes these. You have a spatial center mapping 3D objects to literally mini-3d-models encoded in neurons. You can grasp some(!) code with this if the structure is similar to what you code yourself, but most of the code in larger bases is a ruleset like your countries taxcode - it will only fit in your language processing center and need a lot of working memory.

Now some people might be able to fit more than millers number 7+-2 there and juggle concepts with 20 interconnected entities, but this is mostly done by people having this as their main work / business logic.

These articles mix up same-form dimensional mapping like audio or visual to distinct data, it's similar to why its easy to replicate audio and images, but not olfactory / smell. Your nose picks up millions of different molecules and each receptor locks onto a certain one.

Thinking you can find general rules here is exactly why LLMs seem to work but can never be inductive - they map similarities in higher dimensional space, not reasoning. And the same mix up happens here: You map this code to a space that feels home to you, but it will not apply to reading another purpose software outside your field, a different process pipeline, language or form.

If your assumption would be correct all humans needed to train is reading assembly and then magically all bugs will resolve!

Maybe if you want to understand code with both hemispheres map it to a graph, but trying to make strategies from spatial recognition work for code is like trying to make sense of your traffic law rules by length of paragraphs.

4 months ago

I think I'm having a hard time understanding the value of this piece. Is carefully reading the code you're writing/working on not the default? How on Earth do you write code without understanding what it does?

markbnj

4 months ago

I once found a bug in code that was read to me over the phone while I sat in an airport waiting for a flight. So I agree that constructing a model of the program in your head is the key, and you can use various interfaces for that. Some are more optimal than others. When I first started learning to write programs we very often debugged from printed listings for example. They rolled up nicely but random access was very slow.

Dan42

4 months ago

This article really resonated with me. I've been trying to teach this way of thinking to juniors, but with mixed results. They tend to just whack at their code until it stops crashing, while I can often spot logic errors in a minute of reading. I don't think it's that hard, just a different mindset.

There's a well-known quote: "Make the program so simple, there are obviously no errors. Or make it so complicated, there are no obvious errors." A large application may not be considered "simple" but we can minimize errors by making it a sequence of small bug-free commits, each one so simple that there are obviously no errors. I first learned this as "micro-commits", but others call it "stacked diffs" or similar.

I think that's a really crucial part of this "read the code carefully" idea: it works best if the code is made readable first. Small readable diffs. Small self-contained subsystems. Because obviously a million-line pile of spaghetti does not lend itself to "read carefully".

Type systems certainly help, but there is no silver bullet. In this context, I think of type systems a bit like AI: they can improve productivity, but they should not be used as a crutch to avoid reading, reasoning, and building a mental model of the code.

K0nserv

4 months ago

I agree with the idea of not making bugs in the first place. Overall I think this piece is great and includes good suggestions. However, personally I think the best weapon to avoid writing bugs is making them impossible in the first place, ala "Making invalid state unpresentable".

Interestingly there's a post from the last day arguing that "Making invalid state unpresentable" is harmful[0], which I don't think I agree with. My experience is that bugs hide in crevices created by having invalid states remain representable and are often caused by the increased cognitive load of not having small reasoning scopes. In terms of reading code to find bugs, having fewer valid states and fewer intersections of valid state makes this easier. With well-define and constrained interfaces you can reason about more code because you need to keep fewer facts in your head.

electric_muse's point in a sibling comment "The whole “just read the code carefully and you’ll find bugs” thing works fine on a 500-line rope implementation. Try that on a million-line distributed system with 15 years of history and a dozen half-baked abstractions layered on top of each other. You won’t build a neat mental model, you’ll get lost in indirection." is a good case study in this too. Having poorly scoped state boundaries means this reasoning is hard, here too making invalid states unpresentable and interfaces constrained helps.

0: https://news.ycombinator.com/item?id=45164444

12 more comments available on Hacker News

View full discussion on Hacker News

ID: 45128055Type: storyLast synced: 11/20/2025, 12:53:43 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN