Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Experimental Evaluation
Mutation Analysis
Analysis and Discussion
Related Work
Conclusions
References
All Topics
Computer Science
Software Engineering

Automatic Recovery from Runtime Failures

Profile image of Mauro PezzèMauro Pezzè
https://doi.org/10.1109/ICSE.2013.6606624
visibility

description

10 pages

link

1 file

Abstract

We present a technique to make applications resilient to failures. This technique is intended to maintain a faulty application functional in the field while the developers work on permanent and radical fixes. We target field failures in applications built on reusable components. In particular, the technique exploits the intrinsic redundancy of those components by identifying workarounds consisting of alternative uses of the faulty components that avoid the failure. The technique is currently implemented for Java applications but makes little or no assumptions about the nature of the application, and works without interrupting the execution flow of the application and without restarting its components. We demonstrate and evaluate this technique on four mid-size applications and two popular libraries of reusable components affected by real and seeded faults. In these cases the technique is effective, maintaining the application fully functional with between 19% and 48% of the failure-...

Related papers

Achieving fault-tolerant software with rejuvenation and reconfiguration
william yurcik

IEEE Software, 2001

View PDFchevron_right
Adaptive runtime fault management for service instances in component-based software applications
Johan Lukkien

IET Software, 2007

The Trust4All project aims to define an open, component-based framework for the middleware layer in high-volume embedded appliances that enables robust and reliable operation, upgrading and extension. To improve the availability of each individual application in a Trust4All system, a runtime configurable fault management mechanism (FMM) is proposed, which detects deviations from given service specifications by intercepting interface calls. When repair is necessary, FMM picks a repair action that incurs the best tradeoff between the success rate and the cost of repair. Considering that it is rather difficult to obtain sufficient information about third party components during their early stage of usage, FMM is designed to be able to accumulate knowledge and adapts its capability accordingly.

View PDFchevron_right
Automatic recovery from software failure
Paul Robertson

Communications of the ACM, 2006

View PDFchevron_right
JAGR: An Autonomous Self-Recovering Application Server
Steve Zhang

2003

This paper demonstrates that the dependability of generic, evolving J2EE applications can be enhanced through a combination of a few recovery-oriented techniques. Our goal is to reduce downtime by automatically and efficiently recovering from a broad class of transient software failures without having to modify applications. We describe here the integration of three new techniques into JBoss, an open-source J2EE application server. The resulting system is JAGR-JBoss with Application-Generic Recovery-a self-recovering execution platform.

View PDFchevron_right
A Self-Healing Approach for Object-Oriented Applications
Frances Brazier

16th International Workshop on Database and Expert Systems Applications (DEXA'05), 2005

In this paper, we present our approach and architecture for fault diagnosis and self-healing of interpreted objectoriented applications. By combining aspect-oriented programming, program analysis, artificial intelligence, and machine learning techniques, we advocate that our approach can heal a significant number of failures of real interpreted object-oriented applications.

View PDFchevron_right
Self-healing strategies for component integration faults
Mauro Pezze'

2008 23rd IEEE/ACM International Conference on Automated Software Engineering - Workshops, 2008

Software systems increasingly integrate Off-The-Shelf (OTS) components. However, due to the lack of knowledge about the reused OTS components, this integration is fragile and can cause in the field a lot of failures that result in dramatic consequences for users and service providers, e.g. loss of data, functionalities, money and reputation. As a consequence, dynamic and automatic fixing of integration problems in systems that include OTS components can be extremely beneficial to increase their reliability and mitigate these risks. In this paper, we present a technique for enhancing component-based systems with capabilities to self-heal common integration faults by using a predetermined set of healing strategies. The set of faults that can be healed has been determined from the analysis of the most frequent integration bugs experienced by users according to data in bug repositories available on Internet. An implementation based on AOP techniques shows the viability of this technique to heal faults in real case studies.

View PDFchevron_right
Proactive Self-Adaptation for Improving the Reliability of Mission-Critical, Embedded, and Mobile Software
Roshanak Roshandel

IEEE Transactions on Software Engineering, 2013

Embedded and mobile software systems are marked with a high degree of unpredictability and dynamism in the execution context. At the same time, such systems are often mission-critical, meaning that they need to satisfy strict reliability requirements. Most current software reliability analysis approaches are not suitable for these types of software systems, as they do not take the changes in the execution context of the system into account. We propose an approach geared to such systems which continuously furnishes refined reliability predictions at runtime by incorporating various sources of information, including the execution context of the system. The reliability predictions are leveraged to proactively place the software in the (near-)optimal configuration with respect to changing conditions. Our approach considers two representative architectural reconfiguration decisions that impact the system's reliability: reallocation of components to processes and changing the number of component replicas. We have realized the approach as part of a framework intended for mission-critical settings, called REsilient SItuated SofTware system (RESIST), and evaluated it using a mobile emergency response system.

View PDFchevron_right
Failure Resilience for Device Drivers
Andrew S Tanenbaum

37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), 2007

Studies have shown that device drivers and extensions contain 3-7 times more bugs than other code and thus are more likely to fail. Therefore, we present a failure-resilient operating system that can recover from dead device drivers and other critical components-primarily through monitoring and replacing malfunctioning components on the fly-transparent to applications and without user intervention. This paper focuses on the post-mortem recovery procedure. We explain the working of our defect detection mechanism, the policy-driven recovery procedure, and post-restart reintegration of components. Furthermore, we discuss the concrete steps taken to recover from network, block device, and character device driver failures. Finally, we evaluate our recovery mechanism using performance measurements, software fault-injection, and an analysis of the reengineering effort.

View PDFchevron_right
Healing Web applications through automatic workarounds
Mauro Pezze'

2008

We develop the notion of automatic workaround in the context of Web applications. A workaround is a sequence of operations, applied to a failing component, that is equivalent to the failing sequence in terms of its intended effect, but that does not result in a failure. We argue that workarounds exist in modular systems because components often offer redundant interfaces and implementations, which in turn admit several equivalent sequences of operations. In this paper, we focus on Web applications because these are good and relevant examples of component-based (or serviceoriented) applications. Web applications also have attractive technical properties that make them particularly amenable to the deployment of automatic workarounds. We propose an architecture where a self-healing proxy applies automatic workarounds to a Web application server. We also propose a method to generate equivalent sequences and to represent and select them at run-time as automatic workarounds. We validate the proposed architecture in four case studies in which we deploy automatic workarounds to handle four known This work has been supported by the project PerSeoS funded by the Swiss National Fund.

View PDFchevron_right
Recoverable class loaders for a fast restart of Java applications
Владимир Николов

Mobile Networks and Applications, 2009

This paper proposes recoverable class loaders to enable a fast start-up and recovery of Java applications. In contrast to traditional snapshot approaches that create full system images, our approach creates partial snapshots that contain a static part of the execution state of a Java application. It is the state of the class loaders and their associated class objects, which are recovered and used for restart. This is especially useful in the context of mobile devices and mobile services. In the first case it allows to shutdown applications for power-management reasons as their restart takes less time, so power management does not disturb users. In the second case services can be much faster rebooted to cure software faults such as memory leaks. Thus, users will notice a substantially reduced downtime.

View PDFchevron_right

References (34)

  1. D. A. Patterson, G. Gibson, and R. H. Katz, "A case for redundant arrays of inexpensive disks (RAID)," SIGMOD Record, vol. 17, no. 3, 1988.
  2. A. Avizienis, "The N-version approach to fault-tolerant software," IEEE Transactions on Software Engineering, vol. 11, no. 12, 1985.
  3. B. Randell, "System structure for software fault tolerance," in Proceed- ings of the International Conference on Reliable software, 1975.
  4. B. Demsky and M. Rinard, "Automatic detection and repair of errors in data structures," in Proceedings of the 18th Conference on Object- oriented Programming, Systems, Languages, and Applications, 2003.
  5. I. Hussain and C. Csallner, "DSDSR: a tool that uses dynamic symbolic execution for data structure repair," in Proceedings of the 8th Interna- tional Workshop on Dynamic Analysis, 2010.
  6. B. J. Garvin, M. B. Cohen, and M. B. Dwyer, "Using feature locality: can we leverage history to avoid failures during reconfiguration?" in Proceedings of the 8th Workshop on Assurances for Self-Adaptive Systems, 2011.
  7. M. Carbin, S. Misailovic, and M. Kling, "Detecting and escaping infinite loops with Jolt," in Proceedings of the 25th European Conference on Object-Oriented Programming, 2011.
  8. J. H. Perkins, G. Sullivan, W.-f.
  9. Wong, Y. Zibin, M. D. Ernst, M. Rinard, S. Kim, S. Larsen, S. Amarasinghe, J. Bachrach, M. Carbin, C. Pacheco, F. Sherwood, and S. Sidiroglou, "Automatically patching errors in deployed software," in Proceedings of the 22nd International Symposium on Operating Systems Principles, 2009.
  10. G. Candea, S. Kawamoto, Y. Fujiki, G. Friedman, and A. Fox, "Microreboot-a technique for cheap recovery," in Proceedings of the 6th Symposium on Operating Systems Design & Implementation, 2004.
  11. F. Qin, J. Tucek, Y. Zhou, and J. Sundaresan, "Rx: Treating bugs as allergies-a safe method to survive software failures," ACM Transac- tions on Computer Systems, vol. 25, no. 3, 2007.
  12. H. Chang, L. Mariani, and M. Pezzè, "In-field healing of integration problems with COTS components," in Proceedings of the 31st Interna- tional Conference on Software Engineering, 2009.
  13. B. Cabral and P. Marques, "A transactional model for automatic excep- tion handling," Computer Languages, Systems and Structures, vol. 37, no. 1, 2011.
  14. A. Carzaniga, A. Gorla, N. Perino, and M. Pezzè, "Automatic workarounds for Web applications," in Proceedings of the 18th Interna- tional Symposium on the Foundations of Software Engineering, 2010.
  15. M. Kim, V. Sazawal, D. Notkin, and G. Murphy, "An empirical study of code clone genealogies," in Proceedings of the 10th Conference on the Foundations of Software Engineering, 2005.
  16. T. Kamiya, S. Kusumoto, and K. Inoue, "CCFinder: a multilinguistic token-based code clone detection system for large scale source code," IEEE Transactions on Software Engineering, vol. 28, no. 7, 2002.
  17. A. Hindle, E. Barr, Z. Su, P. Devanbu, and M. Gabel, "On the "naturalness" of software," in Proceedings of the 34th International Conference on Software Engineering, 2012.
  18. L. Jiang and Z. Su, "Automatic mining of functionally equivalent code fragments via random testing," in Proceedings of the 18th International Symposium on Software testing and analysis, 2009.
  19. R. Just, F. Schweiggert, and G. M. Kapfhammer, "MAJOR: An efficient and extensible tool for mutation analysis in a java compiler," in 2011 26th International Conference on Automated Software Engineering, 2011.
  20. M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin, "Dynamically discovering likely program invariants to support program evolution," IEEE Transactions on Software Engineering, vol. 27, no. 2, 2001.
  21. J.-C. Laprie, C. Béounes, and K. Kanoun, "Definition and analysis of hardware-and software-fault-tolerant architectures," Computer, vol. 23, no. 7, 1990.
  22. P. E. Ammann and J. C. Knight, "Data diversity: An approach to software fault tolerance," IEEE Transactions on Computers, vol. 37, no. 4, 1988.
  23. P. Popov, S. Riddle, A. Romanovsky, and L. Strigini, "On systematic design of protectors for employing OTS items," in Proceedings of the 27th Euromicro Conference, 2001.
  24. F. Cristian, "Exception handling and software fault tolerance," IEEE Transactions on Computers, vol. 31, no. 6, 1982.
  25. Y. Huang, C. Kintala, N. Kolettis, and N. Fulton, "Software rejuve- nation: analysis, module and applications," in Proceedings of the 25th International Symposium on Fault-Tolerant Computing, 1995.
  26. M. Elnozahy, L. Alvisi, Y.-M. Wang, and D. B. Johnson, "A survey of rollback-recovery protocols in message-passing systems," ACM Comput- ing Surveys, vol. 34, no. 3, 2002.
  27. B. Elkarablieh, I. Garcia, Y. L. Suen, and S. Khurshid, "Assertion-based repair of complex data structures," in Proceedings of the 22th IEEE Conference on Automated Software Engineering, 2007.
  28. H. Samimi, M. Schäfer, S. Artzi, T. Millstein, F. Tip, and L. Hendren, "Automated repair of HTML generation errors in PHP applications using string constraint solving," in Proceedings of the 34th International Conference on Software Engineering, 2012.
  29. F. Long, V. Ganesh, M. Carbin, S. Sidiroglou, and M. Rinard, "Au- tomatic input rectification," in Proceedings of the 34th International Conference on Software Engineering, 2012.
  30. D. Harmanci, V. Gramoli, and P. Felber, "Atomic boxes: coordinated exception handling with transactional memory," in Proceedings of the 25th European Conference on Object-Oriented Programming, 2011.
  31. V. Dallmeier, A. Zeller, and B. Meyer, "Generating fixes from object be- havior anomalies," in Proceedings of the 24th International Conference on Automated Software Engineering, 2009.
  32. W. Weimer, T. Nguyen, C. L. Goues, and S. Forrest, "Automatically finding patches using genetic programming," in Proceedings of the 31st International Conference on Software Engineering, 2009.
  33. A. Arcuri and X. Yao, "A novel co-evolutionary approach to automatic software bug fixing," in Proceedings of 11th IEEE Congress on Evolu- tionary Computation, 2008.
  34. Y. Wei, Y. Pei, C. A. Furia, L. S. Silva, S. Buchholz, B. Meyer, and A. Zeller, "Automated fixing of programs with contracts," in Proceedings of the 19th International Symposium on Software Testing and Analysis, 2010.

Related papers

ACHIEVING COST-EFFECTIVE SOFTWARE RELIABILITY THROUGH SELF-HEALING
Mauro Pezzè

2010

Heterogeneity, mobility, complexity and new application domains raise new software reliability issues that cannot be met cost-effectively only with classic software engineering approaches. Self-healing systems can successfully address these problems, thus increasing software reliability while reducing maintenance costs. Self-healing systems must be able to automatically identify runtime failures, locate faults, and find a way to bring the system back to an acceptable behavior.

View PDFchevron_right
Towards self-healing smartphone software via automated patching
Tanzirul Azim

Proceedings of the 29th ACM/IEEE international conference on Automated software engineering, 2014

Frequent app bugs and low tolerance for loss of functionality create an impetus for self-healing smartphone software. We take a step towards this via on-the-fly error detection and automated patching. Specifically, we add failure detection and recovery to Android by detecting crashes and "sealing off" the crashing part of the app to avoid future crashes. In the detection stage, our system dynamically analyzes app execution to detect certain exceptional situations. In the recovery stage, we use bytecode rewriting to alter app behavior as to avoid such situations in the future. When using our implementation, apps can resume operation (albeit with limited functionality) instead of repeatedly crashing. Our approach does not require access to app source code or any system (e.g., kernel-level) modification. Experiments on several real-world, popular Android apps and bugs show that our approach manages to recover the apps from crashes effectively, timely, and without introducing overhead.

View PDFchevron_right
Exception handlers for healing component-based systems
Mauro Pezze'

ACM Transactions on Software Engineering and Methodology, 2013

To design effective exception handlers, developers must predict at design time the exceptional events that may occur at runtime, and must implement the corresponding handlers on the basis of their predictions. Designing exception handlers for component-based software systems is particularly difficult because the information required to build handlers is distributed between component and application developers. Component developers know the internal details of the components but ignore the applications, while application developers own the applications but cannot access the details required to implement handlers in components. This article addresses the problem of automatically healing the infield failures that are caused by faulty integration of OTS components. In the article, we propose a technique and a methodology to decouple the tasks of component and application developers, who will be able to share information asynchronously and independently, and communicate implicitly by dev...

View PDFchevron_right
Self-Healing for Mobile Applications
Alin Zamfiroiu

Journal of Mobile, Embedded and Distributed Systems, 2012

The reliability and security of a software application are two of the most important software quality characteristics because they describe the ability of the software to run without failures and to protect user data. Mobile applications concur with desktop applications in terms of rich interfaces and functionalities and are becoming one the most used type of software applications. Based on the “anytime, anywhere” paradigm, mobile applications must provide special measures to avoid failures and to preserve a high level ...

View PDFchevron_right
Self-healing by means of runtime execution profiling
Mohammad Fuad

2011

A self-healing application brings itself into a stable state after a failure put the software into an unstable state. For such self-healing software application, finding fix for a previously unseen fault is a grand challenge. Asking the user to provide fixes for every fault is bad for productivity, especially when the users are non-savvy in technical aspect of computing. If failure scenarios come into existence, the user wants the runtime environment to handle those situations autonomically. This paper presents a new technique of finding self-healing actions by matching afault scenario to already established fault models. By profiling and capturing runtime parameters and execution pathWays, stable execution models are established and later are used to match with an unstable execution scenario. Experimentation and results are presented that showed that even with additional overheads; this technique can prove beneficial for autonomically healing faults and reliving system administrators from mundane troubleshooting situations.

View PDFchevron_right

Related topics

  • Object Oriented Programming
  • Software Maintenance

    • Cited by

    Automated Workarounds from Java Program Specifications Based on SAT Solving
    Marcelo Frias

    Lecture Notes in Computer Science, 2017

    The failures that bugs in software lead to can sometimes be bypassed by the so called workarounds: when a (faulty) routine fails, alternative routines that the system offers can be used in place of the failing one, to circumvent the failure. Previous works have exploited this workarounds notion to automatically recover from runtime failures in some application domains. However, existing approaches that compute workarounds automatically either require the user to manually build an abstract model of the software under consideration, or to provide equivalent sequences of operations from which workarounds are computed, diminishing the automation of workaround-based system recovery. In this paper, we present two techniques that automatically compute workarounds from Java code equipped with formal specifications, avoiding abstract software models and user provided equivalences. These techniques employ SAT solving to compute workarounds on concrete program state characterizations. The first employs SAT solving to compute traditional workarounds, while the second directly exploits SAT solving to circumvent a failing method, building a state that mimics the (correct) behaviour of this failing routine. Our experiments, based on case studies involving implementations of collections and a library for date arithmetic, enable us to show that the techniques can effectively compute workarounds from complex contracts in an important number of cases, in time that makes them feasible to be used for run time repairs.

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved