Home Page Publications Tools Teaching Links

Motivations

With the recent growing of software complexity, software faults (i.e., bugs) represent a major cause of failures in computer systems. In spite of software engineering practices, it is unfeasible to develop bug-free software. Therefore, fault tolerance algorithms and mechanisms are needed in dependable systems to cope with residual software faults. The injection of software faults consists in the deliberate insertion of bugs in a software component for:

1. *Validation of Fault-Tolerance Mechanisms: developers can evaluate how well fault-tolerance mechanisms (e.g., input checks, exception handling) deal with software faults;
   

1. *Risk Assessment: experimental analysis of the impact of software faults on failure modes of a complex system or software (e.g., for the validation of safety properties);
   

1. *Dependability Benchmarking: comparison of different systems or design choices with respect to dependability measures (e.g., robustness).
   

Software fault injection is a more difficult problem than hardware fault injection, since bugs can be arbitrarily complex. Therefore, we focus software fault injection on the most frequent bugs occurring in real-world programs (drawn from open bug repositories). Examples of frequent bugs are:

1. *Missing control flow construct (e.g., if(...) { ... } else { ... } )
   

2. *Wrong boolean predicate (e.g., if( (A && B) || C) { ... } )
   

3. *Wrong or missing function invocation (e.g., v = func( intvar otherintvar ) )
   

Tool Description

The tool can be used to inject bugs in C/C++ programs for dependability assessment purposes. The tool statically analyzes the target program, and builds an internal representation (i.e., an Abstract Syntax Tree) of the source code. Then, it automatically locates fault locations in the source code, in order to realistically emulate software faults. Finally, the tool creates a set of ".patch" files, each containing a faulty version of the code. This process is summarized in the following figure:

The tool has been successfully used with complex C and C++ programs, such as the Apache Web Server, the MySQL DBMS, and the Linux and RTEMS operating systems. The tool currently runs on Linux. The faulty code generated by the tool is platform-independent (it can be compiled wherever the original, non-faulty code can).

Getting the tool

The tool is freely available for educational and research purposes. To obtain the current version of the tool, please send me an e-mail (see contact info on the home page), indicating your affiliation, your research interests, and the reason for your interest on the SAFE tool.

References

1. *On Fault Representativeness of Software Fault Injection
   

2. R. Natella, D. Cotroneo, J. Duraes, H. Madeira
   

3. IEEE Transactions on Software Engineering (TSE), in press (PrePrint)
   

4. [ DOI: http://dx.doi.org/10.1109/TSE.2011.124 ] [ PDF ]