APSEC 2024
Tue 3 - Fri 6 December 2024 China
Runtime misconfiguration can lead to software performance degradation and even cause failure. It is usually caused by invalid parameter values set by users. Developers typically perform sanity checks during the configuration parsing stage to prevent invalid parameter values. However, we discovered that even valid values that pass these checks can also lead to unexpected severe consequences. Our study reveals the underlying reason: the value of runtime configuration parameters may interact with other constants and variables when propagated and used, altering its original effect on software behavior. Consequently, parameter values may no longer be valid when encountering complex runtime environments and workloads. Therefore, it is extremely challenging for users to properly configure the software before it starts running.

This paper presents the first comprehensive and in-depth study (to the best of our knowledge) on how configuration affects software at runtime through the interaction with constants, and variables PCV Interaction. Parameter values represent user intentions, constants embody developer knowledge, and variables are typically defined by the runtime environment and workload. This interaction essentially illustrates how different roles jointly determine software behavior. In this regard, we studied 705 configuration parameters from 10 large-scale software systems. We reveal that a large portion of configuration parameters interact with constants/variables after parsing. We analyzed the interaction patterns and their effects on software runtime behavior. Furthermore, we highlighted the risks of PCV interaction and identified potential issues behind specific interaction patterns. Our findings expose the "double edge" of PCV interaction, providing new insights and motivating the development of new automated techniques to help users configure software appropriately and assist developers in designing better configurations.