ConfTainter: Static Taint Analysis For Configuration OptionsRecorded talk
The prevalence and severity of software configuration-induced issues have driven the design and development of a number of detection and diagnosis techniques. Many of these techniques need to perform static taint analysis on configuration-related variables to analyze the data flow, control flow, and execution paths given by configuration options. However, existing taint analysis or static slicer tools are not suitable for configuration analysis due to the complex effects of configuration on program behaviors.
In this experience paper, we conducted an empirical study on the propagation policy of configuration options. We concluded four rules of how configurations affect program behaviors, among which implicit data-flow and control-flow propagation are often ignored by existing tools. We report our experience designing and implementing a taint analysis infrastructure for configurations, ConfTainter. It can support various kinds of configuration analysis, e.g., explicit or implicit analysis for data or control flow. Based on the infrastructure, researchers and developers can easily implement analysis techniques for different configuration- related targets, e.g., misconfiguration detection. We evaluated the effectiveness of ConfTainter on 5 popular open-source systems. The result shows that the accuracy rate of data- and control-flow analysis is 96.1% and 97.7%, and the recall rate is 94.2% and 95.5%, respectively. We also apply ConfTainter to two types of configuration-related tasks: misconfiguration detection and configuration-related bug detection. The result shows that ConfTainter is highly applicable for configuration- related tasks with a few lines of code.
Tue 12 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00 | Cloud and Distributed Systems 2Research Papers / Tool Demonstrations / Journal-first Papers / Industry Showcase (Papers) at Plenary Room 2 Chair(s): Tim Menzies North Carolina State University | ||
13:30 12mTalk | EXPRESS 2.0: An Intelligent Service Management Framework for AIoT Systems in the Edge Tool Demonstrations Jia Xu School of Computer Science and Technology, Anhui University, Xiao Liu School of Information Technology, Deakin University, Wuzhen Pan School of Computer Science and Technology, Anhui University, Xuejun Li School of Computer Science and Technology, Anhui University, Aiting Yao School of Computer Science and Technology, Anhui University, Yun Yang Swinburne University of Technology Media Attached | ||
13:42 12mTalk | Prism: Revealing Hidden Functional Clusters of Massive Instances in Cloud Systems Research Papers Jinyang Liu The Chinese University of Hong Kong, Zhihan Jiang The Chinese University of Hong Kong, Jiazhen Gu Chinese University of Hong Kong, Junjie Huang The Chinese University of Hong Kong, Zhuangbin Chen School of Software Engineering, Sun Yat-sen University, Cong Feng Computing and Networking Innovation Lab, Huawei Cloud Computing Technology Co., Ltd, Zengyin Yang Computing and Networking Innovation Lab, Huawei Cloud Computing Technology Co., Ltd, Yongqiang Yang Huawei Technologies, Michael Lyu The Chinese University of Hong Kong Pre-print File Attached | ||
13:54 12mTalk | FaaSLight: General Application-Level Cold-Start Latency Optimization for Function-as-a-Service in Serverless Computing Journal-first Papers Xuanzhe Liu Peking University, Jinfeng Wen Peking University, Zhenpeng Chen University College London, Ding Li Peking University, Junkai Chen Peking University, China, Yi Liu Peking University, Haoyu Wang Huazhong University of Science and Technology, Xin Jin Peking University File Attached | ||
14:06 12mTalk | RocketHA: A High Availability Design Paradigm for Distributed Log-Based Storage System Industry Showcase (Papers) Juntao Ji Alibaba Cloud Computing Co. Ltd., Rongtong Jin Alibaba Cloud Computing Co. Ltd., Yubao Fu Alibaba Cloud Computing Co. Ltd., Yinyou Gu Alibaba Cloud Computing Co. Ltd., Tsung-han Tsai Alibaba Cloud Computing Co. Ltd., Qingshan Lin Alibaba Cloud Computing Co. Ltd. | ||
14:18 12mTalk | Rise of Distributed Deep Learning Training in the Big Model Era: From a Software Engineering Perspective Journal-first Papers Xuanzhe Liu Peking University, Diandian Gu Peking University, Zhenpeng Chen University College London, Jinfeng Wen Peking University, Zili Zhang Peking University, Yun Ma Peking University, Haoyu Wang Huazhong University of Science and Technology, Xin Jin Peking University Link to publication | ||
14:30 12mTalk | ConfTainter: Static Taint Analysis For Configuration OptionsRecorded talk Research Papers Teng Wang National University of Defense Technology, Haochen He National University of Defense Technology, Xiaodong Liu National University of Defense Technology, Shanshan Li National University of Defense Technology, Zhouyang Jia National University of Defense Technology, Yu Jiang Tsinghua University, Qing Liao Harbin Institute of Technology, Wang Li National University of Defense Technology Pre-print Media Attached | ||