Intrinsic Software Redundancyfor Self-Healing Software Systems and Automated Oracle Generation

Alessandra GorlaIMDEA Software Institute - Spain

Paolo TonellaFondazione Bruno Kessler - Italy

Antonio Carzaniga, Alberto Goffi, Andrea Mattavelli, Nicolò Perino, Mauro Pezzè

Università della Svizzera italiana (USI) - Switzerland

A system is redundant when it is able to perform equivalent functionalities by executing different code.“

Software Redundancy

“ lead to same states

compute same results

Software Redundancy

A system is redundant when it is able to perform equivalent functionalities by executing different code.

Intrinsic Software Redundancy

Intrinsic Software Redundancy

MultiMap m = new MultiMap();//…//check if element is already in mapif (m.contains(x))

Google Guava

Intrinsic Software Redundancy

MultiMap m = new MultiMap();//…//check if element is already in mapif (m.contains(x)) if (m.elementSet().contains(x)) if (m.count(x) > 0)

Google Guava

MultiMap m = new MultiMap();//…//check if element is already in mapif (m.contains(x)) if (m.elementSet().contains(x)) if (m.count(x) > 0)

0 LOC

Intrinsic Software Redundancy

Google Guava

Joda-Time

4700equivalences

GraphStream

SWT

Intrinsic Software Redundancy

+

Exploiting the Intrinsic Redundancy of Software

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

Application state space

A

B

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

Application state space

A

B

Fault

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

Application state space

A

B

Failure detection

Fault

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

Application state space

A

B

Failure detection

Checkpoint /Restore

Fault

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

Application state space

A

B

Fault

Failure detection

Checkpoint /Restore

Redundancy for Self-Healing

Workaround

Automatic Recovery from Runtime Failures [ICSE 2013]

Application state space

A

B

Fault

Failure detection

Checkpoint /Restore

Redundancy for Self-Healing

Equivalentintended behavior

Differentactual execution

Workaround

Automatic Recovery from Runtime Failures [ICSE 2013]

JodaTimeGuava

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

JodaTime

Mutants

Guava

Carrot2Caliper Closure compiler

Redundancy for Self-Healing

347

87

50

148

Automatic Recovery from Runtime Failures [ICSE 2013]

FB2PDF

JodaTime

Mutants 347

67Successfullyrecovered

FB2PDF

Guava

Carrot2Caliper Closure compiler

87

24

50

24

148

6427% 48% 43% 19%

Redundancy for Self-HealingAutomatic Recovery from Runtime Failures [ICSE 2013]

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

test() { … put(k,v); …}

test()

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

test() { … put(k,v); …}

test()

put

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

test() { … put(k,v); …}

put ≡ putAlltest()

put

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

test()

putAll

test() { … put(k,v); …}

put

put ≡ putAll

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

test()

putAllput

put ≡ putAlltest() { … put(k,v); …}

≡?

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

test()

putAllput

≡?

Cross-Checking Oracle

test() { … put(k,v); …}

put ≡ putAll

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Cross-Checking vs Implicit OraclesM

utat

ion

Scor

e

0%

20%

40%

60%

80%

100%

Implicit oracles Both Cross-checking oracles

Google Guava Joda-Time GraphStream

Cross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Cross-Checking vs Developers’ OraclesM

utat

ion

Scor

e

0%

20%

40%

60%

80%

100%

Developers Both Cross-checking oracles

Google Guava Joda-Time GraphStream

Cross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Mut

atio

n Sc

ore

0%

20%

40%

60%

80%

100%

Developers Both Cross-checking oracles

Cross-Checking vs Developers’ Oracles

Google Guava Joda-Time GraphStream

Cross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Intrinsic Software Redundancy

test()

putAllput

≡?

Cross-Checking Oracle

test() { … put(k,v); …}

put ≡ putAll

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Application state space

A

B

Fault

Failure detection

Checkpoint /Restore

Redundancy for Self-Healing

Workaround

Automatic Recovery from Runtime Failures [ICSE 2013]

Intrinsic Software Redundancy

test()

putAllput

≡?

Cross-Checking Oracle

test() { … put(k,v); …}

put ≡ putAll

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Application state space

A

B

Fault

Failure detection

Checkpoint /Restore

Redundancy for Self-Healing

Workaround

Automatic Recovery from Runtime Failures [ICSE 2013]

Main cost: manual identification of equivalences

Automatic Synthesis of EquivalencesSearch-Based Synthesis of Equivalent Method Sequences [FSE 2014]

pop()

int el = s.peek();int index = s.size();index = index - 1;s.remove(index);return el;

Automatic Synthesis of EquivalencesSearch-Based Synthesis of Equivalent Method Sequences [FSE 2014]

pop()

int el = s.peek();int index = s.size();index = index - 1;s.remove(index);return el;

Automatic Synthesis of Equivalences

TestsStack s = new Stack();s.push(1);s.push(1);Object ret = s.pop();

Stack s = new Stack();s.push(-4);Object ret = s.pop();

Search-Based Synthesis of Equivalent Method Sequences [FSE 2014]

pop()

Search-based

Automatic Synthesis of Equivalences

Search-based

int el = s.peek();int index = s.size();index = index - 1;s.remove(index);return el;

Stack s = new Stack();s.push(1);s.push(1);Object ret = s.pop();

Stack s = new Stack();s.push(-4);Object ret = s.pop();

Tests

Search-Based Synthesis of Equivalent Method Sequences [FSE 2014]

pop()

Search-based

Automatic Synthesis of Equivalences

Search-based

int el = s.peek();int index = s.size();index = index - 1;s.remove(index);return el;Counterexample

Stack s = new Stack();s.push(1);s.push(1);Object ret = s.pop();

Stack s = new Stack();s.push(-4);Object ret = s.pop();

Tests

Search-Based Synthesis of Equivalent Method Sequences [FSE 2014]

90.5%

Automatic Synthesis of Equivalences

Automatic

Manual

Search-Based Synthesis of Equivalent Method Sequences [FSE 2014]

Automatic Synthesis of Equivalences

90.5%

Automatic

Manual

Search-Based Synthesis of Equivalent Method Sequences [FSE 2014]

A system is redundant when it is able to perform equivalent functionalities by executing different code.“

Software Redundancy

“Software Redundancy

How to measure?

A system is redundant when it is able to perform equivalent functionalities by executing different code.

What?

“Software Redundancy

How to measure?

A system is redundant when it is able to perform equivalent functionalities by executing different code.

What? When?

“Software Redundancy

REDUNDANCY = f ( , )

A system is redundant when it is able to perform equivalent functionalities by executing different code.

How to measure?

MeasuringSoftware Redundancy

@ ICSE 2015May 20th, Analysis I

pop()

Search-based

Automatic Synthesis of Equivalences

Search-based

int el = s.peek();int index = s.size();index = index - 1;s.remove(index);return el;Counterexample

Stack s = new Stack();s.push(1);s.push(1);Object ret = s.pop();

Stack s = new Stack();s.push(-4);Object ret = s.pop();

Tests

Search-Based Synthesis of Equivalent Method Sequences [FSE 2014]

test()

putAllput

≡?

Cross-Checking Oracle

test() { … put(k,v); …}

put ≡ putAll

Redundancy as Test OracleCross-Checking Oracles from Intrinsic Software Redundancy [ICSE 2014]

Application state space

A

B

Fault

Failure detection

Checkpoint /Restore

Redundancy for Self-Healing

Workaround

Automatic Recovery from Runtime Failures [ICSE 2013]

Joda-Time

4700equivalences

GraphStream

SWT

Intrinsic Software Redundancy

+

star.inf.usi.ch