Networked distributed systems power our world as the hidden drivers of nearly every modern system ranging from simple smartphone apps over complex internet services to our critical infrastructure. Their failure can cause severe economic and sometimes even human losses. Yet, many root causes seem almost trivial to avoid; in practice complexity of real-world code and little knowledge beyond abstraction boundaries makes developers unaware. To find resilience bugs, one must anticipate that faults may happen at any time and in every situation. Doing so for every possibility results in an excessive number of cases to consider. However, many of the injected faults will result in the same application behavior and are actually equivalent. In fact, it would be enough to inject faults in a way to trigger equivalent behavior only once. Symbolic Execution (SE), an automated software analysis technique, has shown to find such equivalent behavior efficiently in software for input (e.g., file contents, network packets, or user input). Here, research has devised methods to find these equivalence classes that tame the space of possibilities; yet, their application to Fault Injection (FI) is largely unexplored. With CAREFUL, we will develop Symbolic Fault Analysis (SFA), a novel holistic method for finding resilience bugs with full coverage of behavior due to input and externally rooted faults. We inject faults at abstraction boundaries during SE, using models that distinguish between faults and input. The key enabler for SFA, and thus focus of the proposed project, is taming the inherent complexity resulting from the combination of SE and FI: With Symbolic Fault Reduction (SFR), we will devise methods to effectively tackle path explosion using, among others, event independence and fault semantics. Taming the complexity is critical for a holistic method and the only path towards truly resilient complex software-based systems.

DFG Programme Priority Programmes

Subproject of SPP 2378:  Resilience in Connected Worlds – Mastering Failures, Overload, Attacks, and the Unexpected