Fast black-box testing of system recovery code

Fault injection-a key technique for testing the robustness of software systems-ends up rarely being used in practice, because it is labor-intensive and one needs to choose between performing random injections (which leads to poor coverage and low representativeness) or systematic testing (which takes a long time to wade through large fault spaces). As a result, testers of systems with high reliability requirements, such as MySQL, perform fault injection in an ad-hoc manner, using explicitly-coded injection statements in the base source code and manual triggering of failures. This paper introduces AFEX, a technique and tool for automating the entire fault injection process, from choosing the faults to inject, to setting up the environment, performing the injections, and finally characterizing the results of the tests (e.g., in terms of impact, coverage, and redundancy). The AFEX approach uses a metric-driven search algorithm that aims to maximize the number of bugs discovered in a fixed amount of time. We applied AFEX to real-world systems-MySQL, Apache httpd, UNIX utilities, and MongoDB-and it uncovered new bugs automatically in considerably less time than other black-box approaches. © 2012 ACM.

AFEX: An Automated Fault Explorer for Faster System Testing

George Candea, Lorenzo Keller, Paul Dan Marinescu

Fault injection is an often overlooked component of the software test cycle, yet it is critical for building robust systems. The main reasons for this neglect are ineffectual tools, an overwhelmingly large number of possible faults to inject, and extensive manual labor required to do such tests. We present AFEX, a system that automates fault injection for software systems, finds and ranks important faults faster and more accurately than random injection, and automatically characterizes the quality of the resulting fault sets. AFEX is parallelized, such that test time decreases linearly with the number of test nodes available. AFEX also includes four fault injectors that simulate faults in major layers in the system stack: hardware, network, libraries, and human operators. We show how AFEX uses metric-driven search algorithms to efficiently find top-ranked faults in real systems like MySQL cluster and rsync.

2008

Techniques for Identifying Elusive Corner-Case Bugs in Systems Software

Radu Banabic

Modern software is plagued by elusive corner-case bugs (e.g., security bugs). Because there are no scalable, automated ways of finding them, such bugs can remain hidden until software is deployed in production. This thesis proposes approaches to solve this problem. First, we present black-box and white-box fault injection mechanisms, which allow developers to test the behavior of their own code in the presence of failures in external components, e.g., in libraries, in the kernel, or in remote nodes of a distributed system. We describe how to make black-box fault injection more efficient, by prioritizing tests based on their estimated impact. For white-box testing, we proposed and implemented a technique to find Trojan messages in distributed systems, i.e., messages that are accepted as valid by receiver nodes, yet cannot be sent by any correct sender node. We show that Trojan messages can lead to subtle semantic bugs. We used fault injection techniques to find new bugs in systems such as the MySQL database, the Apache HTTP server, the FSP file service protocol suite, and the PBFT Byzantine-fault-tolerant replication library. Testing can find bugs and build confidence in the correctness of a system. However, exhaustive testing is often unfeasible, and therefore testing may not discover all bugs before a system is deployed. In the second part of this thesis, we describe how to automatically harden production systems, reducing the impact of any corner-case bugs missed by testing. We present a framework that reduces the overhead cost of instrumentation tools such as memory error detectors. Lowering the cost enables system developers to use such tools in production to harden their systems, reducing the impact of any remaining corner-case bugs. We used our framework to generate a version of the Linux kernel hardened with Address Sanitizer. Our hardened kernel has most of the benefit of full instrumentation: it detects the same vulnerabilities as full instrumentation (7 out of 11 privilege escalation exploits from 2013-2014 can be detected using instrumentation tools). Yet, it obtains these benefits at only a quarter of the overhead.

EPFL2015

Techniques for Identifying Elusive Corner-Case Bugs in Systems Software

Radu Banabic

EPFL2015