TY - GEN
T1 - Early detection of configuration errors to reduce failure damage
AU - Xu, Tianyin
AU - Jin, Xinxin
AU - Huang, Peng
AU - Zhou, Yuanyuan
AU - Lu, Shan
AU - Jin, Long
AU - Pasupathy, Shankar
N1 - Funding Information:
We greatly appreciate the anonymous reviewers and our shepherd, Peter M. Chen, for their insightful comments and feedback. We thank the Opera group, the UCSD Systems and Networking group, and Shelby Thomas for useful discussions and paper proofreading. Tao Cai participated in the implementation of PCHECK. Liqiong Yang contributed to the study of RAS related configuration parameters. Yuanyuan Zhou's group is supported in part by NSF grants (CCR-1526966, CCR-1321006), and a gift grant from Facebook, and supports from NetApp. Shan Lu's research is supported in part by NSF grants (IIS-1546543, CNS-1563956, CNS-1514256, CCF-1514189, CCF-1439091), and generous supports from Alfred P. Sloan Foundation and Google Faculty Research Award.
Funding Information:
We greatly appreciate the anonymous reviewers and our shepherd, Peter M. Chen, for their insightful comments and feedback. We thank the Opera group, the UCSD Systems and Networking group, and Shelby Thomas for useful discussions and paper proofreading. Tao Cai participated in the implementation of PCHECK. Liqiong Yang contributed to the study of RAS related configuration parameters. Yuanyuan Zhou’s group is supported in part by NSF grants (CCR-1526966, CCR-1321006), and a gift grant from Facebook, and supports from NetApp. Shan Lu’s research is supported in part by NSF grants (IIS-1546543, CNS-1563956, CNS-1514256, CCF-1514189, CCF-1439091), and generous supports from Alfred P. Sloan Foundation and Google Faculty Research Award.
Publisher Copyright:
© 2016 by The USENIX Association All Rights Reserved.
PY - 2016
Y1 - 2016
N2 - Early detection is the key to minimizing failure damage induced by configuration errors, especially those errors in configurations that control failure handling and fault tolerance. Since such configurations are not needed for initialization, many systems do not check their settings early (e.g., at startup time). Consequently, the errors become latent until their manifestations cause severe damage, such as breaking the failure handling. Such latent errors are likely to escape from sysadmins' observation and testing, and be deployed to production at scale. Our study shows that many of today's mature, widely-used software systems are subject to latent configuration errors (referred to as LC errors) in their critically important configurations-those related to the system's reliability, availability, and serviceability. One root cause is that many (14.0%-93.2%) of these configurations do not have any special code for checking the correctness of their settings at the system's initialization time. To help software systems detect LC errors early, we present a tool named PCHECK that analyzes the source code and automatically generates configuration checking code (called checkers). The checkers emulate the late execution that uses configuration values, and detect LC errors if the error manifestations are captured during the emulated execution. Our results show that PCHECK can help systems detect 75+% of real-world LC errors at the initialization phase, including 37 new LC errors that have not been exposed before. Compared with existing detection tools, it can detect 31% more LC errors.
AB - Early detection is the key to minimizing failure damage induced by configuration errors, especially those errors in configurations that control failure handling and fault tolerance. Since such configurations are not needed for initialization, many systems do not check their settings early (e.g., at startup time). Consequently, the errors become latent until their manifestations cause severe damage, such as breaking the failure handling. Such latent errors are likely to escape from sysadmins' observation and testing, and be deployed to production at scale. Our study shows that many of today's mature, widely-used software systems are subject to latent configuration errors (referred to as LC errors) in their critically important configurations-those related to the system's reliability, availability, and serviceability. One root cause is that many (14.0%-93.2%) of these configurations do not have any special code for checking the correctness of their settings at the system's initialization time. To help software systems detect LC errors early, we present a tool named PCHECK that analyzes the source code and automatically generates configuration checking code (called checkers). The checkers emulate the late execution that uses configuration values, and detect LC errors if the error manifestations are captured during the emulated execution. Our results show that PCHECK can help systems detect 75+% of real-world LC errors at the initialization phase, including 37 new LC errors that have not been exposed before. Compared with existing detection tools, it can detect 31% more LC errors.
UR - http://www.scopus.com/inward/record.url?scp=85077005425&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85077005425&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85077005425
T3 - Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016
SP - 619
EP - 634
BT - Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016
PB - USENIX Association
T2 - 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016
Y2 - 2 November 2016 through 4 November 2016
ER -