Program bug causing big losses, have shot Bob, please? -Programmer, programming-IT information

On September 3, 2015, as the Supreme Court rejected the appeal of Mizuho Securities in Tokyo, maintained the second instance upheld the results of a 10-year litigation finally drew to a close. This case will have a profound impact on the IT industry: If a program bug caused huge economic loss and who should take? Users? Operators? Or system developer?

Glossary : bug, refers to a computer program error

Today, the protagonist of the story is that Mizuho (みずほ) securities, the Tokyo Stock Exchange (hereinafter Topix), and Fujitsu.

All Fujitsu′s classmate, really not Fujitsu black Thunder. First within the industry of your company, projects, and so GUA Ah! If again it hurts your feelings, look at the pictures can not forgive me ... ...

Well, have said to say, start below.

(A) the Mizuho Securities ′ Wu refers to the Dragon events

If the clock could be turned back, Mizuho Securities trader Tian Zhongjun (not his real name) across the back minutes before the opening on December 8, 2005, Topix, Tian Zhongjun will choose breaking his own show?

Glossary : Oolong (fat finger), is a stock trader, trader, stock trading time, accidentally hit the wrong direction of price, quantity, trading.

Thanks Tian Zhongjun error input, so that his Mizuho Securities suffered astronomical losses of more than 40 billion yen. Yen painted like a ghost money denomination, 40 billion yen is still quite some silver drops (according to the current exchange rate is about 2.7 billion yuan).

This day is Japan Corporation J-Com initial public offering (IPO) days. 9:27, from the opening minutes. Tian Zhongjun had a customer delegate: " at 610,000 yen price, selling 1 J-Com shares ". Tian Zhongjun after receiving the Commission, Mizuho Securities on the trading terminal, mistakenly entered " 1 yen per share price, sold 610,000 shares ."

After the command is issued, Mizuho Securities trading software to check that this is an unusual trade order, gives a warning dialog box. However, as this level of Mizuho Securities trader trader, is not playing cards by the routine, every day this warning dialog box you saw too much. Tian Zhongjun hadn′t even read the contents of the dialog box, press the OK button. Then, this huge sell orders in the Dong on the permit trading market.

2 minutes later, Tian Zhongjun discovered the mistake, hurriedly tried to withdraw this amount of sell orders through trading software. Is entered 3 times in a row back orders, was rejected by Topix trading systems ( later identified as attributable to the trading system bug ).

Call Tian Zhongjun quickly to the head of the Exchange, require the sell down. Exchange said: "we have no right to operate, this problem can only be your own way."

Position trading has begun. This huge sell orders first set the opening price at 672,000 yen, and then in turn will pay all transaction, shares that will eventually J-Com died down on the price of 572,000 yen. (Different from the domestic, Japan PLM is not strictly in accordance with the 10% to calculate, but based on the opening price to determine the price range of an integer)

A chaos in the market at the moment. Retail investors were alarmed by this huge space, thinking that J-Com what′s wrong with the company, follow the trend of selling. And several large institutions and have guessed is Oolong tea, buy quickly fell. Some institutions have the moral integrity, such as Deutsche B?rse, after buying a few feel that it is too unkind, consciously stop the buying. And most of the agencies have said: how much is a moral burden, there are cheaper does not occupy a bastard! Rob exhilaration.

Students may not understand stock trading, is probably the bright.

Originally, the customer delegate is this ... ...

However, residual Tian Zhongjun entered the wrong number ... ...

However, the stock price a price limit. So page subsequent to the issuance system and automatically converted this price ... ...

Even 570,000, you cheap! Boyle, no big crowd quickly, rushing to burst ... ...

In the stock market in the rules of the game, as long as you sell a stock, it must deliver the goods to the buyer only after the transaction. However, the J-Com shares issued a total of more than 14,000 shares, mostly held by company executives, the real circulation of more than more than 3,000 shares in the market. 610,000 shares, Mizuho where? Cannot take pictures at home!

No way, Mizuho Securities had to issue reversed a decision to buy, start buying chips and others. In this way, J-Com shares were pushed to the limit price of 772,000 yen, continued until the end of the trading day. On the day of the transaction, Mizuho Securities have lost a total of about 27 billion yen.

Affected not only J-Com shares. Mizuho Securities until after the end of the day, disclosed a Black Dragon event. On the day of the transaction process, rumors are already on the market, a security company has made Black Dragon, will be a tremendous loss. Because you don′t know which broker is out of the question, all brokerage stocks have been sold.

The securities companies are crying, have issued a statement: shareholders of men, really nothing to do with me ... ... And eggs. Is one of the most miserable J-Com listing of major publishers--Nikko Securities shares fell by 8%. This sense of unease also affect all investors. When the end of the day, the Nikkei index fell 301 points.

(B) after the end

First term is delivery problems. Stock delivery that does not exist? While of Mizuho Securities by buying back, reclaiming most of the sell orders, but there are more than 90,000 stranded by other institutional and retail buying. Under the rules, Mizuho must be within 3 days of delivery (Japan′s delivery date is T+3). As I said before, only circulated in the market more than more than 3,000 shares of J-Com stock, which kill more than 90,000 shares of Mizuho Securities also can′t get it out.

Finally, through consultation, seller agrees to settle with cash. Liquidation price set at $ 910,000 yen per share--which is Mizuho Securities knock Wu long means just before stock prices. The cash settlement and Mizuho Securities to add insult, extending losses to more than 40 billion.

As regards parties Tian Zhongjun, does not seem to be too severely punished. Mizuho Securities has not announced the party′s real name, knew it was a male-only stockbroker. When an event occurs, are catching up with Japan companies to bonuses. Because Tian Zhongjun, a mistake, to kill corporate profits throughout the year, Mizuho Securities bonus bubble soup for all employees. Rumors, Tian Zhongjun into Mizuho Securities in the "most hated person list" No.1.

Large institutions that looters have also been blamed. Identified, a total of 22 organizations in the own-profit refers to the event. Switzerland Bank, Morgan Stanley, Nikko Securities, Lehman Brothers, Switzerland credit for Nomura, the six firms, share a total of 16.8 billion from this incident, Mizuho Securities losses of more than 40%.

Although it′s unlikely that money to, and can, after all, is earned in accordance with market rules, so regulators can only from a moral condemnation of these companies. It has been suggested that allow these companies to make money out of it. They said this, equal to the company′s profits go to someone else, not accountable to their shareholders.

Later under the regulation, part of the profits of securities companies have agreed to take the money out, the establishment of a fund to protect the interests of investors, this is another story.

In this case, Topix Exchange was most in doubt. After Mizuho Securities first conscious of pending orders, used to issue directives cancelled several times, but were all rejected by Exchange system, which clearly does not meet the system′s trading rules. Secondly, Mizuho Securities made contact with head of the Topix′s case, still allow this amount of sell orders in the Topix continue, smacks of ineffective supervision. Afterwards, President of Topix 鶴 island cut to resign.

Mizuho Securities believes, is the fault of Topix, just let himself suffered the loss of 40 billion yen. This error should be paid for by Topix. Topix is: your own goal that had the wrong instructions, what to hang on me? In this regard, Mizuho Securities back: cancellation orders issued prior to that time, resulting in loss of them. But also no possibility of selling single-why not let people withdraw?

Torn between the two companies to tear off, nor did the problem maneuvering. Thus, in September 2006, Mizuho is a lawsuit, and trading system developers--Topix Fuji notice to court. In this way, the long proceedings began.

(C) the court proceedings

In this case, the fact is very clear: because Exchange system bug, in specific conditions, will not withdraw a single phenomenon. After a detailed investigation was informed that this bug is Fujitsu′s technical staff in 2000 during a program change, accidentally buried in.

Originally, the program must undergo a rigorous regression testing to verify that the processes have impact on other business. But Fujitsu not only ignore the test, the Tokyo Stock Exchange in the system acceptance testing (UAT) while also neglect this aspect of content. The result, the bomb was detonated at this point in time. (Below is a COBOL code contains a bug)

Around this fact, the first issue is: Topix and Fujitsu, should be responsible for the losses at Mizuho Securities, please?

At first, the Topix want to depend on, all errors in Fujitsu′s body. Topix argued: If is a system bug leading to Mizuho Securities trading losses, it′s Fujitsu′s fault. Because my system requirements, and is specified by the cancellation. Fujitsu developed a program does not meet my needs, lead to such results.

To the Topix′s argument, the Tokyo District Court ruled: the primary responsibility of this system is the Topix. Fujitsu is Topix system supplier, is jointly and severally liable person. Whether it′s primary responsibility is joint and several liability, and if they are found guilty of gross negligence, compensation should be made.

Then program the bug is "gross negligence"? It′s hard to say. Is there a hidden bug in a system is to be proved. Even tested more thoroughly, undetectable bug will flow out. So legally, not usually because of losses related to the bug all blame the program developers. Otherwise, the world′s largest producer--Microsoft bug, losing even the underwear left early.

This brought out the second argument in the present case: what kind of bug is the "gross negligence"? Court gives judgement--the bug is not very easy to find.

So, the prosecution is brought in by senior program apes and siege experts group of Lion, tore into a ball in the Court.

Spike Swiss experts group: horizontal grooves, this bug is too obvious, okay? Can′t even measure the rough, does your company personnel program are music teacher taught you?

Fujitsu expert group: the same Council あ phosphorus! Such a complex combination of conditions, you can quickly find the bug! OK did you lose bragging!

Expert missions to fight on both sides, who could not convince anyone, just in front of the judges began to review the code.

And at the moment the judge, expression is very calming ... ...

But in the judge′s heart, there are 10,000 grass-mud horses!

Argument to the end, Meng made a face the judge said: what you have said seems to have got a point ... ... But instead, so it cannot be determined as easy to find ... .... Fujitsu won′t have to lose!

Eventually, the Tokyo District Court judgment: program bug and cannot be regarded as gross negligence, compensation for damage caused by this part No. However, after the phone call, Topix Mizuho Securities Exchange, Topix fails to fulfil the duties of the abort exception transactions, is a major fault. The other hand, Oolong was due Mizuho Securities, Mizuho Securities does not exemption. From the loss of phone calls after that point in time, borne by the Topix 70%, 10.7 billion yen.

Mizuho Securities and Topix were dissatisfied with the results of the trial, an appeal to the Tokyo High Court. On September 3, 2015, the Tokyo High Court rejected the appeal and upheld the result. For more than 10 years of litigation finally settled.

(D) the profound impact

See here, Bob and siege should be relieved of a lion, and finally don′t have to pay for the writing bug.

But wait a minute! According to this jurisprudence, "whether the bug can easily be detected" this will become the criteria of similar actions in the future. Once convicted of gross negligence, and Bob really wanted to cry but no tears.

Now here′s the thing: as a code monkey, no one can guarantee no bug in your own code. What to do in order to avoid this situation?

Thunder, since it could not be proved that all the bug was detected in the program, then the indicators recognized within the industry, such as the test case of density, bug density, is likely to test the adequacy of the judge. (And, Yes, even without a bug we also make out! ）

In addition, the bug is full, will also become important benchmarks for judging. After a bug is found, has carried out deep mining was also important, the so-called "cross-exhibition open." See this word, it is estimated that many of its peers have nightmares! This topic is very large, Thunder discussion on another article and colleagues in the future.

Also don′t forget, whether test results or a corresponding result bug,

To keep evidence!

To keep evidence!

To keep evidence!

Important things to say it three times.

Topix also recognize that in the present case, decrepit old trading system and too many bug and other defects. As the prevalence of program trading in recent years, the old system has become increasingly unable to meet the needs of modern securities transactions. Compared to places such as London and New York stock exchanges, the Topix system response times to 100 times slower times.

Oolong to Mizuho Securities refers to the event as an opportunity to export 2010 major projects in the financial sector--Topix next generation trading system "arrowhead" construction. The new system, developed by Fujitsu is responsible for.

Court tore (JI) red (Chi) ear (BAI) red (Lian), stepping back and doing what – Topix and Fujitsu, it really is a good friend!

This part pictures online

程序bug导致了天大的损失，要枪毙程序猿吗？ - 程序员,编程 - IT资讯

2015年9月3日，随着东京最高法院驳回瑞穗证券的上诉，维持二审的原判结果，一个长达10年的诉讼终于画下了句号。这个判例将对IT行业产生深远的影响：如果程序的bug导致了巨大的经济损失，应该由谁来承担？用户？运营商？还是系统开发商？

名词解释：bug，指计算机程序里的错误

今天故事的主角是，瑞穗(みずほ)证券，东京证券交易所(下文简称东证)，和富士通。

各位富士通的同学，雷子真的不是富士通黑啊。你们公司行业内第一，项目多，所以卦点就多啊！要是又一次伤害了你们的感情，看下图能原谅我不……

嗯，该说的也都说过了，下面正式开始。

（一）瑞穗证券的乌龙指事件

如果时光能够倒流，让瑞穗证券的交易员田中君(化名)穿越回2005年12月8日东证开盘前的那几分钟，田中君会不会选择把自己那根乌龙指给掰断呢？

名词解释：乌龙指(fat finger)，是指股票交易员、操盘手、股民在交易的时候，不小心敲错了价格、数量、买卖方向等。

正是由于田中君的一次错误输入，让他所在的瑞穗证券遭受了超过400亿日元的天价损失。虽然日元那面额画得跟冥币似的，400亿日元也还是相当值些银子滴(按照当时的汇率，约为人民币27亿元)。

这天，是日本公司J-Com首次公开上市(IPO)的日子。上午9:27，距离开盘还有几分钟。田中君接到一位客户的委托：“以61万日元的价格，卖出1股J-Com的股票”。田中君接到委托后，在瑞穗证券的交易终端上，错误地输入了“以每股1日元的价格，卖出61万股”。

指令发出后，瑞穗证券的交易软件检查到这是一个异常的交易订单，给出了一个警告的对话框。可是，像瑞穗证券交易员这种级别的操盘手，玩的就是不按套路出牌，每天这种警告对话框见得太多了好么。田中君甚至都没有好好读一下对话框里的内容，就按下了确定按钮。于是，这个巨大的卖单就挂在了东证的交易盘口上。

2分钟后，田中君发现了这个错误，赶紧试图通过交易软件撤销这笔卖单。可是连续输入3次撤单指令，都被东证的交易系统拒绝了（后来查明是由于交易系统的bug所致）。

田中君又迅速给交易所的负责人打电话，要求将这个卖单撤下。交易所的人表示：“我们无权操作，这个问题只能你们自己想办法”。

这时盘口交易已经开始。这个巨大的卖单首先将开盘价定在了67.2万日元，然后又依次将所有买单成交，最终将J-Com的股价钉死在跌停价57.2万日元上。（与国内不同，日本的涨跌停价并不是严格的按照10%来计算，而是根据开盘价确定出一个整数的价格范围）

此刻市场内一片大乱。散户们被这个巨大空单吓得惊慌失措，以为J-Com公司出了什么问题，纷纷跟风抛售。而一些机构和大户已经猜到是出了乌龙指，迅速在跌停价买进。一些有节操的机构，例如德意志证券，买了几手后觉得实在是太不厚道，自觉停止了抢购。而大部分机构纷纷表示：节操才多少钱一斤，有便宜不占王八蛋啊！抢得不亦乐乎。

可能有同学不太懂股票交易，大概就是下面这种赶脚。

本来，客户的委托是下面这样的......

然而，手残的田中君把数字输入错了……

但是，股票价格有涨跌幅限制。所以页面发布以后，系统又自动把价格改成了下面这样......

就算是57万，也是非常便宜了好么！大妈，不，大户们迅速围观，争相爆买......

在股市这个游戏规则里，只要你卖出的股票有人接了，那成交后就必须把货交给买家才行。可是，J-Com的股票一共才发行了14000多股，大部分还由公司高管持有，真正在市场上流通的也就3000多股。61万股，让瑞穗上哪里去弄？总不能自己在家里画啊！

没有办法，瑞穗证券只好发出了反向买入的决定，开始和其他人一起抢购筹码。这样一来，J-Com的股价又被拉高到涨停价77.2万日元，一直持续到当天的交易结束。在当天的交易中，瑞穗证券一共损失了约270亿日元。

受到影响的不仅仅是J-Com的股价。瑞穗证券直到当天收盘后，才向外界披露了这一乌龙指事件。而在当天的交易过程中，市场上已经有传闻，一家证券公司搞出了乌龙指，将有重大亏损。由于不知道是哪家券商出了问题，所有券商股票都惨遭抛售。

这下证券公司都哭了，纷纷发表声明：股东老爷们，真的和我没关系啊......然并卵。其中最惨的是J-Com上市的主要发行商——日兴证券，股价一度狂跌了8%。而这股不安情绪也影响了所有投资者。当天收盘时，日经指数大跌了301点。

（二）事后收场

首先是成交单的交割问题。不存在的股票怎么交割啊？虽然瑞穗证券通过回购，抢回了大部分的卖单，但还是有9万多股被其他机构和散户买走了。根据规则，瑞穗必须在3天之内交货(日本的交割日是T+3)。前面说过，市场上一共才流通了3000多股J-Com的股票，这9万多股真是逼死瑞穗证券也拿不出来啊。

最后经过协商，买卖双方同意用现金来结算。清算的价格定在了每股91万日元——这是瑞穗证券敲下乌龙指前一刻的股票价格。这次现金交割又让瑞穗证券雪上加霜，损失扩大到400多亿。

至于当事人田中君，似乎并没有受到太严厉的惩罚。瑞穗证券至今也没有公布当事人的真实姓名，只知道是一名男性证券经纪人。事件发生时，正赶上日本公司要发年终奖。就因为田中君的一个错误操作，一下子把公司一整年的利润都给干掉了，让瑞穗证券所有员工的年终奖都泡了汤。有传闻，田中君成了瑞穗证券里“最讨厌的人排行榜”的No.1。

那些趁火打劫的机构大户也受到了指责。事后查明，共有22家机构在此次乌龙指事件中获利。其中瑞士银行，摩根斯坦利，日兴证券，雷曼兄弟，瑞士信贷，野村证券这六家机构，从这次事件中一共瓜分了168亿，占瑞穗证券损失的40%还多。

尽管这钱来的不太光彩，可毕竟是按照市场规则赚来的，所以金融监管部门只能从道德层面对这些公司进行谴责而已。有人提议，让这些公司把赚到的钱吐出来。这些公司表示：这样做，等于把公司的利润白白送给别人，没法向自己的股东交代啊。

后来在各方的调节下，一部分获利的证券公司同意把钱拿出来，成立一个保护投资者利益的基金，这是后话了。

在这次事件中，东证交易所受到了最多的质疑。首先瑞穗证券在意识到错误挂单后，曾经多次发出取消的指令，但都被交易所的系统所拒绝，这显然不符合系统的交易规则。其次，在瑞穗证券与东证负责人取得了联系的情况下，东证方面仍然放任这笔卖单继续执行，有监管不力之嫌。事后，东证社长鶴島琢夫引咎辞职。

瑞穗证券方面认为，正是由于东证的过错，才让自己蒙受了400亿日元的损失。这个错误理应由东证来买单。东证的观点是：你自己乌龙指敲错了指令，凭啥赖在我身上？对此，瑞穗证券回击：取消交易指令发出之前的那段时间，产生的损失自己认了。但是还没成交的卖单为啥不让人家撤销？

两个公司之间扯来扯去，也没把这个问题谈拢。于是，2006年9月，瑞穗一纸诉状，把东证以及交易系统的开发商——富士通告上法庭。就这样，漫长的诉讼开始了。

（三）法庭诉讼

对于这个案件，事实已经很清楚了：由于交易所的系统bug，在特定的条件下，会发生不能撤单的现象。经过详查得知，这个bug是富士通的技术人员在2000年某次程序修改时，不小心埋进去的。

本来，程序修改后必须经过严格的回归测试，来验证对其他业务流程有没有影响。可是不仅富士通忽略了这个测试，东京证券交易所在系统验收测试(UAT)的时候，也疏忽了这方面的内容。结果，炸弹在这个时间点被引爆了。（下图是包含了bug的cobol代码）

围绕着这个事实，第一个争论点是：东证和富士通，应该为瑞穗证券的损失负责吗？

起初，东证还想耍赖，把错误全部推在富士通身上。东证主张：就算是交易系统的bug导致了瑞穗证券的损失，那也是富士通的错。因为我的系统需求里面，是明确规定了可以撤单的。富士通开发的程序没有符合我的需求，才导致了这样的结果。

对于东证的这个主张，东京地方法院判定：这个系统的主要责任人是东证。富士通只是东证的系统供应商，属于连带责任人。无论是主要责任人还是连带责任人，如果被证明犯有重大过失，都应该做出赔偿。

那么，程序的bug算是“重大过失”吗？这很难说。一个系统里有没有隐藏的bug，是没法从理论上证明的。就算是测试再彻底，也会有测不到的bug流出来。所以在法律上，通常不会把所有因为bug导致的损失都归罪给程序开发商。否则的话，世界上最大的bug生产商——微软，早就赔得连内裤都不剩了。

这就带出了本案第二个争论焦点：什么样的bug才算是“重大过失”？法院给出了判断的标准——这个bug是不是很容易被发现。

于是，控辩双方都找来了由资深程序猿和攻城狮组成的砖家组，在法庭上撕成一团。

穗瑞砖家组：卧槽，这个bug简直太明显了好么？连这个都测不粗来，请问贵司人员的编程，都是音乐老师教的吗？

富士通砖家组：異議あり！这么复杂的条件组合，你特么能一下子就找出bug来啊！你们败吹牛逼了行不行！

双方的砖家团吵来吵去，谁也说服不了谁，干脆，在法官面前开始review起程序代码来了。

而此刻的法官，表情是很镇静的......

但是在法官的心里，简直有一万匹草泥马奔腾而过啊！

争辩到最后，一脸懵逼的法官表示：你们说得好像都挺有道理的......但是意见相反，所以也不能判定成容易发现.......富士通就不用赔了！

最终，东京地方法院判定：程序bug并不能算是重大过失，由这部分导致的损失无需赔偿。但是，在瑞穗证券电话联络东证交易所后，东证未能履行中止异常交易的职责，属于重大过错方。另一方面，事情的起因是由于瑞穗证券的乌龙指，所以瑞穗证券也不能完全免责。从电话联络那个时间点以后产生的损失，由东证承担70%，107亿日元。

瑞穗证券和东证都对这个审判结果表示不满，上诉到东京最高法院。2015年9月3日，东京最高法院驳回上诉，维持原判结果。长达10年的诉讼终于尘埃落定。

（四）深远影响

看到这里，程序猿和攻城狮应该是松了一口气吧，终于不用为自己写的bug而买单了。

但是且慢！根据这个判例，“bug是否很容易被检测出来”这一点，将会成为今后类似诉讼的判断基准。一旦被判定成重大过失，程序猿们可真是欲哭无泪了。

现在问题来了：身为程序猿，谁也不能保证自己的代码里没有bug。该如何做，才能避免陷入到这种境地中呢？

雷子觉得，既然无法从理论上证明程序里所有的bug都被检测出来，那么，一些行业内公认的指标，例如测试时的case密度，bug密度等，很可能会成为测试是否充分的判断依据。（对，就算没有bug我们也要制造出来！）

此外，bug对应得是否充分，也会成为判断的重要基准。一个bug被发现后，有没有进行深刻的挖掘也是很重要的，即所谓的“横展開”。看到这个词，估计很多同行会做噩梦吧！这个话题很大，雷子今后另起文章和各位同行探讨。

还有一点不要忘记，无论是测试结果也好，还是bug的对应结果也好，

要留证据！

要留证据！

要留证据！

重要的事情说三遍。

本案也让东证认识到，旧交易系统的老朽化以及bug过多等缺陷。随着近年来程序化交易的盛行，旧系统已经越来越无法满足现代证券交易的需要。比起伦敦和纽约等地的证券交易所来，当时东证系统的响应时间要慢100倍啊。

以瑞穗证券乌龙指事件为契机，导出了2010年金融行业的重大项目——东证次世代的交易系统“arrowhead”的构建。这个新系统，依然由富士通负责开发。

法庭上撕得面（ji）红（chi）耳（bai）赤（lian），回过头来该干啥干啥——东证和富士通，还真是一对好基友啊！

本文一部分图片来自网络