• Keine Ergebnisse gefunden

Error models for the representative injection of software defects

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "Error models for the representative injection of software defects"

Copied!
2
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 2 Seite )

Volltext

(1)

Error models for the representative injection of software defects

Anna Lanzaro1, Roberto Natella1, Stefan Winter2, Domenico Cotroneo1, Neeraj Suri2

1DIETI, Federico II University of Naples, Italy {anna.lanzaro, roberto.natella, cotroneo}@unina.it

2DEEDS Group, Dept. of CS, TU Darmstadt, Germany {sw, suri}@cs.tu-darmstadt.de

Abstract: This paper considers the representativeness of injected error models for ascertaining software defects.

Business- and safety-critical systems are more and more relying on software. Therefore, while in the past these systems were mainly threatened by hardware faults, they are today increasingly exposed tosoftware faults, as demonstrated by recent severe software-related accidents [WDS+10]. It is a matter of fact that, despite careful engineering and rigorous quality assurance, critical systems are deployed with residual (unknown) software defects.

This problem is exacerbated by the massive reuse of legacy and off-the-shelf software components [Wey98, Voa98]: When a component is reused in a new context, the system may use parts of the component that were previously seldom used and only lightly tested, or may interact with the component in unforeseen ways, thus exposing residual software faults in the component that had not been discovered before.

It thus becomes important to adopt software fault tolerance strategies, in order to prevent such residual defects in less critical parts from affecting more critical parts of a system.

Software fault injection(SFI) is an experimental approach to assess the dependability of software-intensive systems in the presence of faulty software components, and to guide the development of software fault tolerance mechanisms and algorithms. SFI deliberately introduces faults in software components [Voa98, KS08] for:

• Validating fault-tolerance mechanisms: SFI can evaluate error detection and han- dling mechanisms (such as assertions and exception handlers) against component faults, and to add and to improve such mechanisms if necessary.

• Aiding FMECAs (Failure Mode, Effects, and Criticality Analysis): Developers can quantify the impact of a faulty component on the overall system (e.g., in terms of catastrophic system failures), and mitigate risks by focusing testing efforts on the most critical components or by revising the system design.

• Dependability benchmarking: SFI helps developers to choose among alternative systems or components the one that provides the best dependability and/or perfor- mance in the presence of other, faulty, components.

118

(2)

Existing methods for the injection ofrepresentativesoftware faults (i.e., the errors gener- ated by injected faults match the effects of real residual software faults in a component) consist in the corruption of the code of software components [NCDM13]. Unfortunately, such code mutation suffers from practical disadvantages, including the need for source code (which may be impossible to obtain for proprietary third-party components) and the ability to mutate binary code (which has been proven to be very difficult due to the seman- tic gap between source-level faults and their corresponding binary translation).

Therefore, practitioners often restrict themselves to a projection (error model) of the em- ulated defects’ effects at the interfaces between software components. Interface error injectionovercomes the limitations of code mutations, by mimicking the effects (i.e.,er- rors) produced by faulty components through the injection ofexceptional or invalid values at the component’s interface [WSSM11].

The research question we address is whether existing error models for interface injec- tions are representative projections of residual defects commonly found in software sys- tems. For this purpose, we propose a method for analyzing how faults in software com- ponents manifest as errors at the interfaces of software components (error propagation) [LNW+14]. The method injects faults in the software component under analysis through code mutations, and it instruments and executes the software component to identify the effects of injected faults on the program that uses the component, including the corruption of data structures shared between the program and the component, and erroneous return values from function calls. A case study with widely used software libraries reveals that existing interface error models are not suitable for emulating software faults, and provides useful insights for improving the representativeness of interface error injections.

Acknowledgments:Work supported by the projectsSVEVIA(PON 02 00485 3487758), TENACE(PRIN n.20103P34XC),BMBF EC-SPRIDE, andLOEWE-CASED.

References

[KS08] K. Kanoun and L. Spainhower. Dependability Benchmarking for Computer Systems.

Wiley-IEEE Computer Society, 2008.

[LNW+14] A. Lanzaro, R. Natella, S. Winter, D. Cotroneo, and N. Suri. An Empirical Study of Injected versus Actual Interface Errors. InProc. ISSTA, pages 397–408, 2014.

[NCDM13] R. Natella, D. Cotroneo, J.A. Dur˜aes, and H.S. Madeira. On Fault Representativeness of Software Fault Injection. IEEE Trans. Softw. Eng., 39(1):80–96, 2013.

[Voa98] J.M. Voas. Certifying off-the-shelf software components. IEEE Computer, 31(6):53–

59, 1998.

[WDS+10] W.E. Wong, V. Debroy, A. Surampudi, H. Kim, and M.F. Siok. Recent catastrophic accidents: Investigating how software was responsible. InProc. SSIRI, pages 14–22, 2010.

[Wey98] Elaine J Weyuker. Testing component-based software: A cautionary tale.IEEE Softw., 15(5):54–59, 1998.

[WSSM11] S. Winter, C. Sˆarbu, N. Suri, and B. Murphy. The impact of fault models on software robustness evaluations. InProc. ICSE, pages 51–60, 2011.

119

Referenzen

Jetzt herunterladen ( PDF - 2 Seite - 33.94 KB )

ÄHNLICHE DOKUMENTE

The Distribution of Residual Life After Tolerable Faults

The probability distribution function of residual life after well- defined tolerable faults is given.. As a non-trivial example a cubic multicomputer tolera- ting

The use of polydimethylsiloxane for injection laryngoplasty

Preoperatively, 6 weeks postoperatively, and at least 12 months (range = 12–27 months, mean = 18 months, SD = 6 months) after injection laryngoplasty, the follow- ing parameters

Water coning in permeable faults

The analytical solution for the maximum water-free production rate in case of laminar flow in a fault with specified permeability, as expected in sandstone reservoirs, results in

The development of an eco-label for software products - a transdisciplinary process?

Using the project of labelling green software products as a case example, we come to the conclusion that it is possible and promising to apply transdisciplinary ideas to

Optimizing the deployment of software in the cloud

Abstract: We present the genetic algorithm CDOXplorer that explores the cloud de- ployment options search space on the basis of automatically extracted architectural models

On the coverage of proactive security: an addition to the taxonomy of faults

As the development of fault-tolerant systems requires to specify which types of faults are tolerated, timely exploitation needs to be one viewpoint of a fault taxonomy. As this is not

Open source software release: A guideline for the publication of software under the open source status

The first step of such a process is the fundamental decision whether or not underlying software should be transferred to the status of open source.. The decision depends on the

An Approach for Analysing the Propagation of Data Errors in Software

Using the backtrack and trace trees enables determining two specific aspects: (a) the paths in the system that errors will most likely propagate along to get to certain output