SE Notes
Fixing bugs and defects discovered after software deployment.
Corrective maintenance is the process of diagnosing and fixing defects discovered in software after it has been deployed to production. These defects were introduced during development but escaped detection through testing, or they manifest only under specific conditions not anticipated during testing. Corrective maintenance is reactive by nature—it responds to problems reported by users, detected by monitoring systems, or discovered through operational experience. While it typically accounts for only 17-21% of total maintenance effort, it often receives disproportionate attention because production defects directly impact users and business operations with immediate urgency.
Types of Defects Requiring Correction
Processing Defects produce incorrect results. A tax calculation that applies the wrong rate, a report that double-counts certain transactions, or a search algorithm that misses matching records. The system appears to function normally but produces wrong answers under specific conditions.
Performance Defects cause the system to operate outside acceptable parameters. A query that takes 30 seconds instead of the expected 2 seconds, memory leaks that gradually consume all available RAM, or thread pools that exhaust under peak load. The results may be correct, but the system fails to deliver them within acceptable time or resource constraints.
Interface Defects cause communication failures between system components or between the system and its users. A form that truncates input at an unexpected character limit, an API that returns malformed responses under certain error conditions, or a file export that produces invalid formatting for edge cases.
Logic Defects result from flawed algorithms or decision structures. An if-else chain that fails to handle a valid scenario, a loop that terminates one iteration too early, or a state machine that enters an unreachable state under rare circumstances.
Concurrency Defects appear only when multiple processes or threads interact in specific timing sequences. Race conditions, deadlocks, and data corruption from unsynchronized access are notoriously difficult to reproduce and fix because they depend on precise timing that may occur rarely.
The Corrective Maintenance Process
| Defect Report | Triage & Prioritize → Reproduce → Diagnose |
| Root Cause Analysis | Design Fix → Implement → Test → Deploy → Verify |
| Post-Mortem | Update Tests → Close |
Defect Reporting: Users, automated monitoring, or support staff report unexpected behavior. Effective reports include what happened, what was expected, steps to reproduce, and environmental context (browser version, data values, time of occurrence).
Triage and Prioritization: Not all bugs are equal. A critical defect affecting all users in production demands immediate attention, while a cosmetic issue affecting a rarely-used feature can be scheduled for the next regular release. Common priority schemes:
| Priority | Description | Response Time |
|---|---|---|
| P1 (Critical) | System down, data loss, security breach | Immediate (hours) |
| P2 (High) | Major feature broken, workaround exists | Same day |
| P3 (Medium) | Minor feature issue, limited impact | Next sprint |
| P4 (Low) | Cosmetic, minor inconvenience | Backlog |
Reproduction: Before fixing a bug, you must reliably reproduce it. This is often the most challenging step, particularly for concurrency defects, timing-dependent issues, or problems that occur only with specific data combinations. If you cannot reproduce a bug, you cannot verify your fix works.
Root Cause Analysis: Identify not just what is wrong but why it went wrong. Surface-level fixes that address symptoms without understanding causes often introduce new problems or fail to fully resolve the original issue. Techniques include debugging, log analysis, bisection (identifying which commit introduced the defect), and systematic hypothesis testing.
Real-World Example: E-Commerce Payment Bug
An online retailer receives reports that some customers are charged twice for a single order. Investigation reveals:
Symptom: Approximately 2% of orders show duplicate charges on customer credit card statements.
Reproduction: The bug occurs when a customer clicks "Place Order" and the page takes more than 3 seconds to respond. The customer clicks again, triggering a second payment request before the first completes.
Root Cause: The payment processing endpoint lacks idempotency protection. Each click sends a new payment request with a unique transaction ID, so the payment gateway processes both as legitimate separate transactions.
Fix: Implement an idempotency key based on the order ID. The first request generates a unique key stored in the database. Subsequent requests with the same order ID detect the existing key and return the first request's result without processing payment again. Additionally, disable the submit button after the first click and show a loading indicator.
Verification: Automated tests simulate rapid double-clicks and verify only one charge occurs. Load testing confirms the fix handles concurrent requests correctly.
Post-mortem: The team adds idempotency protection to all payment-related endpoints and creates a code review checklist item requiring idempotency consideration for any endpoint that triggers financial transactions.
Debugging Techniques
Binary Search (Bisection): When you know the system worked at some point and does not work now, use git bisect to find the exact commit that introduced the defect.
Logging and Tracing: Add detailed logging around suspect areas to capture the system's state when the defect occurs. Distributed tracing (using tools like Jaeger or Zipkin) tracks requests across microservice boundaries.
Rubber Duck Debugging: Explain the problem step-by-step to a colleague (or a rubber duck). The act of articulating your assumptions often reveals the flaw in your thinking.
Divide and Conquer: Systematically eliminate potential causes by isolating components. Replace database queries with hardcoded data. Remove network calls with mock responses. Test with minimal input to identify the simplest reproduction case.
Prevention Through Better Practices
The most effective approach to corrective maintenance is reducing the number of defects that reach production. Practices that help include comprehensive code reviews, extensive automated testing (unit, integration, end-to-end), static analysis tools that catch common errors, pair programming for complex logic, thorough acceptance criteria for user stories, and staged deployments that expose changes to small user populations before full rollout.
Metrics and Improvement
Track defect escape rate (defects reaching production per release), mean time to detect (how long defects exist before discovery), mean time to repair (from report to deployed fix), and fix effectiveness (percentage of fixes that fully resolve the issue without introducing new defects). These metrics guide process improvements that reduce corrective maintenance needs over time.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Corrective Maintenance.
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Software Engineering topic.
Search Terms
software-engineering, software engineering, software, engineering, maintenance, corrective, corrective maintenance
Related Software Engineering Topics