Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Analyzing the Effects of Bugs on Software Interfaces
AU - Natella, R.
AU - Winter, S.
AU - Cotroneo, D.
AU - Suri, Neeraj
PY - 2020/3/1
Y1 - 2020/3/1
N2 - Critical systems that integrate software components (e.g., from third-parties) need to address the risk of residual software defects in these components. Software fault injection is an experimental solution to gauge such risk. Many error models have been proposed for emulating faulty components, such as by injecting error codes and exceptions, or by corrupting data with bit-flips, boundary values, and random values. Even if these error models have been able to find breaches in fragile systems, it is unclear whether these errors are in fact representative of software faults. To pursue this open question, we propose a methodology to analyze how software faults in $C/C_{++}$ software components turn into errors at components' interfaces (interface error propagation), and present an experimental analysis on what, where, and when to inject interface errors. The results point out that the traditional error models, as used so far, do not accurately emulate software faults, but that richer interface errors need to be injected, by: injecting both fail-stop behaviors and data corruptions; targeting larger amounts of corrupted data structures; emulating silent data corruptions not signaled by the component; combining bit-flips, boundary values, and data perturbations. IEEE
AB - Critical systems that integrate software components (e.g., from third-parties) need to address the risk of residual software defects in these components. Software fault injection is an experimental solution to gauge such risk. Many error models have been proposed for emulating faulty components, such as by injecting error codes and exceptions, or by corrupting data with bit-flips, boundary values, and random values. Even if these error models have been able to find breaches in fragile systems, it is unclear whether these errors are in fact representative of software faults. To pursue this open question, we propose a methodology to analyze how software faults in $C/C_{++}$ software components turn into errors at components' interfaces (interface error propagation), and present an experimental analysis on what, where, and when to inject interface errors. The results point out that the traditional error models, as used so far, do not accurately emulate software faults, but that richer interface errors need to be injected, by: injecting both fail-stop behaviors and data corruptions; targeting larger amounts of corrupted data structures; emulating silent data corruptions not signaled by the component; combining bit-flips, boundary values, and data perturbations. IEEE
KW - Computer bugs
KW - Dependability
KW - Error Models
KW - Error Propagation
KW - Fault Injection
KW - Fault tolerance
KW - Perturbation methods
KW - Software
KW - Software Components
KW - Software Fault Tolerance
KW - Testing
KW - Unified modeling language
KW - Computer software
KW - Errors
KW - Fault tolerant computer systems
KW - Perturbation techniques
KW - Software testing
KW - Unified Modeling Language
KW - Error model
KW - Error propagation
KW - Fault injection
KW - Perturbation method
KW - Software component
KW - Software fault tolerances
KW - Program debugging
U2 - 10.1109/TSE.2018.2850755
DO - 10.1109/TSE.2018.2850755
M3 - Journal article
VL - 46
SP - 280
EP - 301
JO - IEEE Transactions on Software Engineering
JF - IEEE Transactions on Software Engineering
SN - 0098-5589
IS - 3
ER -