Vinay Kabadi,Dezhen Kong,Siyu Xie,Lingfeng Bao,Gede Artha Azriadi Prana,Tien-Duy B. Le,Xuan-Bach D. Le,David Lo

DOI: https://doi.org/10.1109/icsme58846.2023.00017

2023-01-01

Abstract:Automated program repair (APR) has been gaining ground with substantial effort devoted to the area, opening up many challenges and opportunities. One such challenge is that the state-of-the-art repair techniques often resort to incomplete specifications, e.g., test cases that witness buggy behavior, to generate repairs. In practice, bug-exposing test cases are often available when: (1) developers, at the same time of (or after) submitting bug fixes, create the tests to assure the correctness of the fixes, or (2) regression errors occur. The former case – a scenario commonly used for creating popular bug datasets – however, may not be suitable to assess how APR performs in the wild. Since developers already know where and how to fix the bugs, tests created in this case may encapsulate knowledge gained only after bugs are fixed. Thus, more effort is needed to create datasets for more realistically evaluating APR.We address this challenge by creating a dataset focusing on bugs identified via continuous integration (CI) failures – a special case of regression errors – wherein bugs happen when the program after being changed is re-executed on the existing test suite. We argue that CI failures, wherein bug-exposing tests are created before bug fixes and thus assume no prior knowledge of developers on the bugs to be involved, are more realistic for evaluating APR. Toward this end, we curated 102 CI failures from 40 popular real-world software on GitHub. We demonstrate various features and the usefulness of the dataset via an evaluation of five well-known APR techniques, namely GenProg, Kali, Cardumen, RsRepair and Arja. We subsequently discuss several findings and implications for future APR studies. Overall, experiment results show that our dataset is complementary to existing datasets such as Defect4J in realistic evaluations of APR.

Tianxiao Gu,Zelin Zhao,Xiaoxing Ma,Chang Xu,Chun Cao,Jian Lu

DOI: https://doi.org/10.1109/apsec.2016.044

2016-01-01

Abstract:Dynamic software updating (DSU) is a technique that can update running software systems without stopping them. Most existing approaches require programmer participation to guarantee the correctness of dynamic updating. However, manually preparing dynamic updating is error-prone and time-consuming. Therefore, other approaches prefer to aggressively perform updating without programmer intervention, which may definitely lead to unanticipated runtime errors. To reduce human effort and enhance the reliability for dynamic updating, we leverage automatic runtime recovery (ARR) techniques to recover runtime errors caused by improper dynamic updating. This paper presents ADSU, a fully automatic DSU system using ARR. We evaluate ADSU with real updates from widely used open source software systems, i.e., Apache Tomcat, Apache FTP Server and jEdit. The preliminary results have shown that ADSU succeeds in automatically applying 11 of 16 real-world updates that existing counterparts cannot.

Qijun Zhu,Chun Yuan

DOI: https://doi.org/10.1109/dsn.2007.11

2007-01-01

Abstract:The increasing complexity of modern computer systems makes fault detection and localization prohibitively expensive, and therefore fast recovery from failures is becoming more and more important. A significant fraction of failures can be cured by executing specific repair actions, e.g. rebooting, even when the exact root causes are unknown. However, designing reasonable recovery policies to effectively schedule potential repair actions could be difficult and error prone. In this paper, we present a novel approach to automate recovery policy generation with reinforcement learning techniques. Based on the recovery history of the original user-defined policy, our method can learn a new, locally optimal policy that outperforms the original one. In our experimental work on data from a real cluster environment, we found that the automatically generated policy can save 10% of machine downtime.

Chi Li,Min Zhou,Zuxing Gu,Ming Gu,Hongyu Zhang

DOI: https://doi.org/10.1109/ASE.2019.00130

2019-01-01

Abstract:ABSTRACTMisuse of APIs happens frequently due to misunderstanding of API semantics and lack of documentation. An important category of API-related defects is the error handling defects, which may result in security and reliability flaws. These defects can be detected with the help of static program analysis, provided that error specifications are known. The error specification of an API function indicates how the function can fail. Writing error specifications manually is time-consuming and tedious. Therefore, automatic inferring the error specification from API usage code is preferred. In this paper, we present Ares, a tool for automatic inferring error specifications for C code through static analysis. We employ multiple heuristics to identify error handling blocks and infer error specifications by analyzing the corresponding condition logic. Ares is evaluated on 19 real world projects, and the results reveal that Ares outperforms the state-of-the-art tool APEX by 37% in precision. Ares can also identify more error specifications than APEX. Moreover, the specifications inferred from Ares help find dozens of API-related bugs in well-known projects such as OpenSSL, among them 10 bugs are confirmed by developers.

Zhensu Sun,Haotian Zhu,Bowen Xu,Xiaoning Du,Li Li,David Lo

2024-08-02

Abstract:Unanticipated runtime errors, lacking predefined handlers, can abruptly terminate execution and lead to severe consequences, such as data loss or system crashes. Despite extensive efforts to identify potential errors during the development phase, such unanticipated errors remain a challenge to to be entirely eliminated, making the runtime mitigation measurements still indispensable to minimize their impact. Automated self-healing techniques, such as reusing existing handlers, have been investigated to reduce the loss coming through with the execution termination. However, the usability of existing methods is retained by their predefined heuristic rules and they fail to handle diverse runtime errors adaptively. Recently, the advent of Large Language Models (LLMs) has opened new avenues for addressing this problem. Inspired by their remarkable capabilities in understanding and generating code, we propose to deal with the runtime errors in a real-time manner using LLMs. Specifically, we propose Healer, the first LLM-assisted self-healing framework for handling runtime errors. When an unhandled runtime error occurs, Healer will be activated to generate a piece of error-handling code with the help of its internal LLM and the code will be executed inside the runtime environment owned by the framework to obtain a rectified program state from which the program should continue its execution. Our exploratory study evaluates the performance of Healer using four different code benchmarks and three state-of-the-art LLMs, GPT-3.5, GPT-4, and CodeQwen-7B. Results show that, without the need for any fine-tuning, GPT-4 can successfully help programs recover from 72.8% of runtime errors, highlighting the potential of LLMs in handling runtime errors.

Software Engineering,Artificial Intelligence,Cryptography and Security

Xing Gao,Ming-Hong Liao,Xiang-Hu Wu,Chao-Yong Li

DOI: https://doi.org/10.1108/00022660910926863

2009-01-01

Abstract:PurposeThe purpose of this paper is to present a novel algorithm to handle space environment induced errors in the space‐robot software.Design/methodology/approachThe radiations in outer space may induce transient errors in micro‐processors, this phenomena will make software behavior unpredictable, and the existing software fault tolerance methods have been restricted in non‐multi‐threaded operation systems, non‐component‐based frameworks, non‐cacheable micro‐processors, non‐distributed environments, etc. A software model for space‐robot software, based on adaptive redundancy, is developed and a corresponding run‐time error detection algorithm is presented in this paper. Software was monitored and run‐time transient error would be detected and processed.FindingsExperiments indicate that this method introduces about 30‐35 percent time overhead and about 200‐230 percent memory overhead. It also increases the fault detection rate to 84‐92.5 percent. Moreover, the model and algorithm is effective in a realistic space robot environment.Originality/valueA redundancy model is developed and an error detection algorithm is introduced in this paper. Experiments demonstrate it can provide space‐robot software with good protection against the radiation induced transient errors.

Jingwen Leng,Alper Buyuktosunoglu,Ramon Bertran,Pradip Bose,Quan Chen,Minyi Guo,Vijay Janapa Reddi

DOI: https://doi.org/10.1109/hpca47549.2020.00014

2020-01-01

Abstract:Accelerators make the task of building systems that are re-silient against transient errors like voltage noise and soft errors hard. Architects integrate accelerators into the system as black box third-party IP components. So a fault in one or more accelerators may threaten the system's reliability if there are no established failure semantics for how an error propagates from the accelerator to the main CPU. Existing solutions that assure system reliability come at the cost of sacrificing accelerator generality, efficiency, and incur significant overhead, even in the absence of errors. To over-come these drawbacks, we examine reliability management of accelerator systems via hardware-software co-design, coupling an efficient architecture design with compiler and run-time support, to cope with transient errors. We introduce asymmetric resilience that architects reliability at the system level, centered around a hardened CPU, rather than at the accelerator level. At runtime, the system exploits task-level idempotency to contain accelerator errors and use memory protection instead of taking checkpoints to mitigate over-heads. We also leverage the fact that errors rarely occur in systems, and exploit the trade-off between error recovery performance and improved error-free performance to enhance system efficiency. Using GPUs, which are at the fore-front of accelerator systems, we demonstrate how our system architecture manages reliability in both integrated and discrete systems, under voltage-noise and soft-error related faults, leading to extremely low overhead (less than 1%) and substantial gains (20% energy savings on average).

Qian Meng,Hadas Kress-Gazit

2024-07-02

Abstract:This paper presents a framework that enables robots to automatically recover from assumption violations of high-level specifications during task execution. In contrast to previous methods relying on user intervention to impose additional assumptions for failure recovery, our approach leverages synthesis-based repair to suggest new robot skills that, when implemented, repair the task. Our approach detects violations of environment safety assumptions during the task execution, relaxes the assumptions to admit observed environment behaviors, and acquires new robot skills for task completion. We demonstrate our approach with a Hello Robot Stretch in a factory-like scenario.

Robotics

Gang Chen,Hai Jin,Deqing Zou,Bing,Weizhong Qiang,Gang Hu

DOI: https://doi.org/10.1109/cluster.2010.18

2010-01-01

Abstract:When multiple instances of an application running on multiple virtual machines, an interesting problem is how to utilize the fault handling result from one application instance to heal the same fault occurred on other sibling instances, and hence to ensure high service availability in a cloud computing environment. This paper presents SHelp, a lightweight runtime system that can survive software failures in the framework of virtual machines. It applies weighted rescue points and error virtualization techniques to effectively make applications by-pass the faulty path. A two-level storage hierarchy is adopted in the rescue point database for applications running on different virtual machines to share error handling information to reduce the redundancy and to more effectively and quickly recover from future faults caused by the same bugs. A Linux prototype is implemented and evaluated using four web server applications that contain various types of bugs. Our experimental results show that SHelp can make server applications to recover from these bugs in just a few seconds with modest performance overhead.

Kyriakos Poyias,Emilio Tuosto

DOI: https://doi.org/10.48550/arXiv.1310.4574

2013-10-17

Software Engineering

Abstract:We propose a monitoring mechanism for recording the evolution of systems after certain computations, maintaining the history in a tree-like structure. Technically, we develop the monitoring mechanism in a variant of ADR (after Architectural Design Rewriting), a rule-based formal framework for modelling the evolution of architectures of systems. The hierarchical nature of ADR allows us to take full advantage of the tree-like structure of the monitoring mechanism. We exploit this mechanism to formally define new rewriting mechanisms for ADR reconfiguration rules. Also, by monitoring the evolution we propose a way of identifying which part of a system has been affected when unexpected run-time behaviours emerge. Moreover, we propose a methodology to suggest reconfigurations that could potentially lead the system in a non-erroneous state.

Xingyu Xing,Lihao Liu,Junyi Chen,Lu Xiong,Yanjun Huang,Zhuoping Yu

DOI: https://doi.org/10.1177/09544070231176934

2024-01-01

Abstract:Robustness of the decision-making system is essential to safe driving, especially under the environment with inevitable defective information due to the limitations of the perception and positioning modules. The traditional fault-injection approach is widely used in robustness tests, but it mainly focuses on the endogenous fault instead of the exogenous errors of systems. In this paper, a robustness verification method based on error injection is proposed for the decision-making system against exogenous data errors. First, an error model is designed to generate potential data errors for different environment information. Then, an error injection framework with high versatility is proposed to support different decision-making systems and virtual test platforms. In addition, an optimization algorithm called LAMBDA is introduced to adaptively design experiments aiming to realize a quick search of safety-critical errors. Furthermore, an error injection tool is developed to conduct the verification test automatically. The proposed approach is verified on a city autopilot system under typical hazardous scenarios by the error injection tool, and the tolerance boundary of the system can be obtained as well. Compared to random-based and traditional optimization algorithms, the LAMBDA algorithm is able to quickly achieve a higher coverage for safety-critical errors. Although the approach is proposed for the decision-making module, it is can be easily extended to others, such as planning and control.

Gang Huang,Hong Mei,Fu-Qing Yang

DOI: https://doi.org/10.1007/s10515-006-7738-4

IF: 1.677

2006-01-01

Automated Software Engineering

Abstract:Recently, more attention is paid to the researches and practices on how to use software architecture in software maintenance and evolution to reduce their complexity and cost. The key in such architecture-based maintenance and evolution is to recover software architecture from existing systems. Almost all studies on architecture recovery focus on analyzing the source code and other documents. Such recovered software architecture can hardly capture runtime states and behaviors of the system. At the same time, current work pays little attention on how to change the system directly via manipulating the recovered software architecture. This paper presents a novel approach to recovering software architecture from component based systems at runtime and changing the runtime systems via manipulating the recovered software architecture. Containing much more details than the designed software architecture, the recovered software architecture can accurately and thoroughly describe the actual states and behaviors of the runtime system. It can be described formally with the extension of traditional architecture description language, which enables the recovered software architecture to absorb the semantics embedded in the designed software architecture. The recovered software architecture can be represented as multiple views so as to help different users to control the complexity from different concerns. Based on the reflective ability of the component framework, the recovered software architecture is up-to-date at any time and changes made on it will immediately lead to the corresponding changes in the runtime system. The approach presented in this paper is demonstrated on PKUAS, a reflective J2EE (Java 2 Platform Enterprise Edition) application server, and the performance is also evaluated.

Beihang University,Liu Yi,Xu Jun,Qian Depei

DOI: https://doi.org/10.1007/s11704-020-0190-y

IF: 2.6688

2021-01-01

Frontiers of Computer Science

Abstract:As the mean-time-between-failures (MTBF) continues to decline with the increasing number of components on large-scale high performance computing (HPC) systems, program failures might occur during the execution period with high probability. Ensuring successful execution of the HPC programs has become an issue that the unprivileged users should be concerned. From the user perspective, if the program failure cannot be detected and handled in time, it would waste resources and delay the progress of program execution. Unfortunately, the unprivileged users are unable to perform program state checking due to execution control by the job management system as well as the limited privilege. Currently, automated tools for supporting user-level failure detection and auto-recovery of parallel programs in HPC systems are missing. This paper proposes an innovative method for the unprivileged user to achieve failure detection of job execution and automatic resubmission of failed jobs. The state checker in our method is encapsulated as an independent job to reduce interference with the user jobs. In addition, we propose a dual-checker mechanism to improve the robustness of our approach. We implement the proposed method as a tool named automatic re-launcher (ARL) and evaluate it on the Tianhe-2 system. Experiment results show that ARL can detect the execution failures effectively on Tianhe-2 system. In addition, the communication and performance overhead caused by ARL is negligible. The good scalability of ARL makes it applicable for large-scale HPC systems.

Chao Chen,Greg Eisenhauer,Santosh Pande

DOI: https://doi.org/10.1109/tpds.2021.3096055

IF: 5.3

2022-04-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Due to the system scaling, transient errors caused by external noise, e.g., heat fluxes and particle strikes, have become a growing concern for the current and upcoming exa-scale high-performance-computing (HPC) systems. Applications running on these systems are expected to experience transient errors more frequently than ever before, which will either lead them to generate incorrect outputs or cause them to crash. However, since such errors are still quite rare as compared to no-fault cases, desirable solutions call for low/no-overhead systems that do not compromise the performance under no-fault conditions and also allow very fast fault recovery to minimize downtime. In this article, we present IterPro, a light-weight compiler-assisted resilience technique to quickly and accurately recover processes from transient-error-induced crashes. During the compilation of applications, IterPro constructs a set of recovery kernels for crash-prone instructions. These recovery kernels are executed to repair the corrupted process states on-the-fly upon occurrences of errors, enabling applications to continue their executions instead of being terminated. When constructing recovery kernels, IterPro exploits side effects introduced by induction variable based code optimization techniques based on loop unrolling and strength reduction to improve its recovery capability. To this end, two new code transformation passes are introduced to expose the side effects for resilience purposes. We evaluated IterPro with 4 scientific workloads as well as the NPB benchmarks suite. During their normal execution, IterPro incurs almost zero runtime overhead and a small, fixed 27MB memory overhead. Meanwhile, IterPro can recover on an average 83.55 percent of crash-causing errors within dozens of milliseconds with negligible downtime. We also evaluated IterPro with parallel jobs running on 3072 cores and showed that IterPro can successfully mask the impact of crash-causing errors by providing almost uninterrupted execution. Finally, we present our preliminary evaluation result for BLAS, which shows that IterPro is capable of recovering failures in libraries with a very high coverage rate of 83 percent and negligible overheads. With such an effective recovery mechanism, IterPro could tremendously mitigate the overheads and resource requirements of the resilience subsystem in future exa-scale systems.

computer science, theory & methods,engineering, electrical & electronic

Sinan Wang,Yibo Wang,Xian Zhan,Ying Wang,Yepang Liu,Xiapu Luo,Shing-Chi Cheung

DOI: https://doi.org/10.48550/arXiv.2201.12542

2022-01-29

Abstract:The Android platform introduces the runtime permission model in version 6.0. The new model greatly improves data privacy and user experience, but brings new challenges for app developers. First, it allows users to freely revoke granted permissions. Hence, developers cannot assume that the permissions granted to an app would keep being granted. Instead, they should make their apps carefully check the permission status before invoking dangerous APIs. Second, the permission specification keeps evolving, bringing new types of compatibility issues into the ecosystem. To understand the impact of the challenges, we conducted an empirical study on 13,352 popular Google Play apps. We found that 86.0% apps used dangerous APIs asynchronously after permission management and 61.2% apps used evolving dangerous APIs. If an app does not properly handle permission revocations or platform differences, unexpected runtime issues may happen and even cause app crashes. We call such Android Runtime Permission issues as ARP bugs. Unfortunately, existing runtime permission issue detection tools cannot effectively deal with the ARP bugs induced by asynchronous permission management and permission specification evolution. To fill the gap, we designed a static analyzer, Aper, that performs reaching definition and dominator analysis on Android apps to detect the two types of ARP bugs. To compare Aper with existing tools, we built a benchmark, ARPfix, from 60 real ARP bugs. Our experiment results show that Aper significantly outperforms two academic tools, ARPDroid and RevDroid, and an industrial tool, Lint, on ARPfix, with an average improvement of 46.3% on F1-score. In addition, Aper successfully found 34 ARP bugs in 214 opensource Android apps, most of which can result in abnormal app behaviors (such as app crashes) according to our manual validation.

Software Engineering

Sonal Mahajan,Mukul R. Prasad

DOI: https://doi.org/10.48550/arXiv.2202.04762

2022-02-10

Abstract:Runtime Exceptions (REs) are an important class of bugs that occur frequently during code development. Traditional Automatic Program Repair (APR) tools are of limited use in this "in-development" use case, since they require a test-suite to be available as a patching oracle. Thus, developers typically tend to manually resolve their in-development REs, often by referring to technical forums, such as Stack Overflow (SO). To automate this manual process we extend our previous work, MAESTRO, to provide real-time assistance to developers for repairing Java REs by recommending a relevant patch-suggesting SO post and synthesizing a repair patch from this post to fix the RE in the developer's code. MAESTRO exploits a library of Runtime Exception Patterns (REPs) semi-automatically mined from SO posts, through a relatively inexpensive, one-time, incremental process. An REP is an abstracted sequence of statements that triggers a given RE. REPs are used to index SO posts, retrieve a post most relevant to the RE instance exhibited by a developer's code and then mediate the process of extracting a concrete repair from the SO post, abstracting out post-specific details, and concretizing the repair to the developer's buggy code. We evaluate MAESTRO on a published RE benchmark comprised of 78 instances. MAESTRO is able to generate a correct repair patch at the top position in 27% of the cases, within the top-3 in 40% of the cases and overall return a useful artifact in 81% of the cases. Further, the use of REPs proves instrumental to all aspects of MAESTRO's performance, from ranking and searching of SO posts to synthesizing patches from a given post. In particular, 45% of correct patches generated by MAESTRO could not be produced by a baseline technique not using REPs, even when provided with MAESTRO's SO-post ranking. MAESTRO is also fast, needing around 1 second, on average, to generate its output.

Software Engineering

Zi-ying Dai,Xiao-guang Mao,Li-qian Chen,Yan Lei

DOI: https://doi.org/10.1631/jzus.c1300352

2014-01-01

Abstract:Despite the availability of garbage collectors, programmers must manually manage non-memory finite system resources such as file descriptors. Resource leaks can gradually consume all available resources and cause programs to raise resource exhaustion exceptions. However, programmers commonly provide no effective recovery approach for resource exhaustion exceptions, which often causes programs to halt without completing their tasks. In this paper, we propose to automatically recover programs from resource exhaustion exceptions caused by resource leaks. We transform programs to catch resource exhaustion exceptions, collect leaked resources, and then retry the failure code. A resource collector is designed to identify leaked resources and safely release them. We implement our approach for Java programs. Experimental results show that our approach can successfully handle resource exhaustion exceptions caused by reported resource leaks and allow programs to complete their tasks with an average execution time increase of 2.52% and negligible bytecode size increase.

Zi-ying DAI,Xiao-guang MAO,Li-qian CHEN,Yan LEI

2014-01-01

Abstract:Despite the availability of garbage collectors, programmers must manually manage non-memory finite system resources such as file descriptors. Resource leaks can gradually consume all available resources and cause programs to raise resource exhaustion exceptions. However, programmers commonly provide no effective recovery for resource exhaustion exceptions, which often can cause programs to halt without completing their tasks. In this paper, we propose to automatically recover programs from resource exhaustion exceptions caused by resource leaks. We transform programs so that they can catch resource exhaustion exceptions, collect leaked resources, and then retry failed code. A resource collector is designed to identify leaked resources and safely release them. We implement our approach for Java programs. Experimental results show that our approach can successfully handle resource exhaustion exceptions caused by reported resource leaks and allow programs to continue to complete their tasks with an average execution time increase of 2.52% and negligible byte-code size increases.

Yuntong Zhang,Andreea Costea,Ridwan Shariffdeen,Davin McCall,Abhik Roychoudhury

2023-08-01

Abstract:Automated Program Repair (APR) techniques typically rely on a given test-suite to guide the repair process. Apart from the need to provide test oracles, this makes the produced patches prone to test data over-fitting. In this work, instead of relying on test cases, we show how to automatically repair memory safety issues, by leveraging static analysis (specifically Incorrectness Separation Logic) to guide repair. Our proposed approach learns what a desirable patch is by inspecting how close a patch is to fixing the bug based on the feedback from incorrectness separation logic based static analysis (specifically the Pulse analyser), and turning this information into a distribution of probabilities over context free grammars. Furthermore, instead of focusing on heuristics for reducing the search space of patches, we make repair scalable by creating classes of equivalent patches according to the effect they have on the symbolic heap, and then invoking the validation oracle only once per class of patch equivalence. This allows us to efficiently discover repairs even in the presence of a large pool of patch candidates offered by our generic patch synthesis mechanism. Experimental evaluation of our approach was conducted by repairing real world memory errors in OpenSSL, swoole and other subjects. The evaluation results show the scalability and efficacy of our approach in automatically producing high quality patches.

Software Engineering

Nikunj Gupta,Jackson R. Mayo,Adrian S. Lemoine,Hartmut Kaiser

DOI: https://doi.org/10.48550/arXiv.2010.10930

2020-10-20

Abstract:Exceptions and errors occurring within mission critical applications due to hardware failures have a high cost. With the emerging Next Generation Platforms (NGPs), the rate of hardware failures will likely increase. Therefore, designing our applications to be resilient is a critical concern in order to retain the reliability of results while meeting the constraints on power budgets. In this paper, we discuss software resilience in AMTs at both local and distributed scale. We choose HPX to prototype our resiliency designs. We implement two resiliency APIs that we expose to the application developers, namely task replication and task replay. Task replication repeats a task n-times and executes them asynchronously. Task replay reschedules a task up to n-times until a valid output is returned. Furthermore, we expose algorithm based fault tolerance (ABFT) using user provided predicates (e.g., checksums) to validate the returned results. We benchmark the resiliency scheme for both synthetic and real world applications at local and distributed scale and show that most of the added execution time arises from the replay, replication or data movement of the tasks and not the boilerplate code added to achieve resilience.

Distributed, Parallel, and Cluster Computing