skip to main content


Title: Automated Reasoning and Detection of Specious Configuration in Large Systems with Symbolic Execution
Misconfiguration is a major cause of system failures. Prior solutions focus on detecting invalid settings that are introduced by user mistakes. But another type of misconfiguration that continues to haunt production services is specious configuration—settings that are valid but lead to unexpectedly poor performance in production. Such misconfigurations are subtle, so even careful administrators may fail to foresee them. We propose a tool called Violet to detect specious configuration. We realize the crux of specious configuration is that it causes some slow code path to be executed, but the bad performance effect cannot always be triggered. Violet thus takes a novel approach that uses selective symbolic execution to systematically reason about the performance effect of configuration parameters, their combination effect, and the relationship with input. Violet outputs a performance impact model for the automatic detection of poor configuration settings. We applied Violet on four large systems. To evaluate the effectiveness of Violet, we collect 17 real-world specious configuration cases. Violet detects 15 of them. Violet also identifies 11 unknown specious configurations  more » « less
Award ID(s):
1910133
NSF-PAR ID:
10283346
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
14th USENIX Symposium on Operating Systems Design and Implementation
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. null (Ed.)
    Misconfiguration is a major cause of system failures. Prior solutions focus on detecting invalid settings that are introduced by user mistakes. But another type of misconfiguration that continues to haunt production services is specious configuration---settings that are valid but lead to unexpectedly poor performance in production. Such misconfigurations are subtle, so even careful administrators may fail to foresee them. We propose a tool called Violet to detect specious configuration. We realize the crux of specious configuration is that it causes some slow code path to be executed, but the bad performance effect cannot always be triggered. Violet thus takes a novel approach that uses selective symbolic execution to systematically reason about the performance effect of configuration parameters, their combination effect, and the relationship with input. Violet outputs a performance impact model for the automatic detection of poor configuration settings. We applied Violet on four large systems. To evaluate the effectiveness of Violet, we collect 17 real-world specious configuration cases. Violet detects 15 of them. Violet also identifies 11 unknown specious configurations. 
    more » « less
  2. Most IT systems depend on a set of configuration variables (CVs) , expressed as a name/value pair that collectively defines the resource allocation for the system. While the ill effects of misconfiguration or improper resource allocation are well-known, there are no effective a priori metrics to quantify the impact of the configuration on the desired system attributes such as performance, availability, etc. In this paper, we propose a Configuration Health Index (CHI) framework specifically attuned to the performance attribute to capture the influence of CVs on the performance aspects of the system. We show how CHI , which is defined as a configuration scoring system, can take advantage of the domain knowledge and the available (but rather limited) performance data to produce important insights into the configuration settings. We compare the CHI with both well-advertised segmented non-linear models and state-of-the-art data-driven models, and show that the CHI not only consistently provides better results but also avoids the dangers of a pure data drive approach which may predict incorrect behavior or eliminate some essential configuration variables from consideration. 
    more » « less
  3. null (Ed.)
    Software configurability opens the door to misconfiguration vulnerabilities, invalid settings that expose software weaknesses. Misconfiguration is one the top ten most critical security risks and the most common. This paper envisions a world without misconfiguration vulnerabilities through the use of automated reasoning techniques to infer and secure software configurations. Real-world software, however, often lacks an explicit specification of secure configurations, relying on hand-validation by users. Real-world systems comprise many individual highly-configurable software components, making the space of possible configurations for the whole system enormous. To realize our vision and overcome these challenges, we aim to create a rigorous definition of configuration specifications, use formal methods to mechanize the inference and generation of valid configurations, and develop algorithms to automatically secure against misconfiguration. 
    more » « less
  4. null (Ed.)
    Large-scale cloud services deploy hundreds of configuration changes to production systems daily. At such velocity, con- figuration changes have inevitably become prevalent causes of production failures. Existing misconfiguration detection and configuration validation techniques only check configu- ration values. These techniques cannot detect common types of failure-inducing configuration changes, such as those that cause code to fail or those that violate hidden constraints. We present ctests, a new type of tests for detecting failure- inducing configuration changes to prevent production failures. The idea behind ctests is simple—connecting production sys- tem configurations to software tests so that configuration changes can be tested in the context of code affected by the changes. So, ctests can detect configuration changes that ex- pose dormant software bugs and diverse misconfigurations. We show how to generate ctests by transforming the many existing tests in mature systems. The key challenge that we address is the automated identification of test logic and oracles that can be reused in ctests. We generated thousands of ctests from the existing tests in five cloud systems. Our results show that ctests are effective in detecting failure-inducing configuration changes before deployment. We evaluate ctests on real-world failure-inducing configura- tion changes, injected misconfigurations, and deployed con- figuration files from public Docker images. Ctests effectively detect real-world failure-inducing configuration changes and misconfigurations in the deployed files. 
    more » « less
  5. Ultra-violet light emitting diodes (UV-LEDs) and lasers based on the III-Nitride material system are very promising since they enable compact, safe, and efficient solid-state sources of UV light for a range of applications. The primary challenges for UV LEDs are related to the poor conductivity of p-AlGaN layers and the low light extraction efficiency of LED structures. Tunnel junction-based UV LEDs provide a distinct and unique pathway to eliminate several challenges associated with UV LEDs1-4. In this work, we present for the first time, a reversed-polarization (p-down) AlGaN based UV-LED utilizing bottom tunnel junction (BTJ) design. We show that compositional grading enables us to achieve the lowest reported voltage drop of 1.1 V at 20 A/cm2 among transparent AlGaN based tunnel junctions at this Al-composition. Compared to conventional LED design, a p-down structure offers lower voltage drop because the depletion barrier for both holes and electrons is lower due to polarization fields aligning with the depletion field. Furthermore, the bottom tunnel junction also allows us to use polarization grading to realize better p- and n-type doping to improve tunneling transport. The epitaxial structure of the UV-LED was grown by plasma-assisted molecular beam epitaxy (PAMBE) on metal-organic chemical vapor deposition (MOCVD)-grown n-type Al0.3Ga0.7N templates. The transparent TJ was grown using graded n++-Al0.3Ga0.7N→ n++-Al0.4Ga0.6N (Si=3×1020 cm-3) and graded p++-Al0.4Ga0.6N →p++-Al0.3Ga0.7N (Mg=1×1020 cm-3) to take advantage of induced 3D polarization charges. The high number of charges at the tunnel junction region leads to lower depletion width and efficient hole injection to the p-type layer. The UV LED active region consists of three 2.5 nm Al0.2Ga0.8N quantum wells and 7 nm Al0.3Ga0.6N quantum barriers followed by 12 nm of p- Al0.46Ga0.64N electron blocking layer (EBL). The active region was grown on top of the tunnel junction. A similar LED with p-up configuration was also grown to compare the electrical performance. The surface morphology examined by atomic force microscopy (AFM) shows smooth growth features with a surface roughness of 1.9 nm. The dendritic features on the surface are characteristic of high Si doping on the surface. The composition of each layer was extracted from the scan by high resolution x-ray diffraction (HR-XRD). The electrical characteristics of a device show a voltage drop of 4.9 V at 20 A/cm2, which corresponds to a tunnel junction voltage drop of ~ 1.1 V. This is the best lowest voltage for transparent 30% AlGaN tunnel junctions to-date and is comparable with the lowest voltage drop reported previously on non-transparent (InGaN-based) tunnel junctions at similar Al mole fraction AlGaN. On-wafer electroluminescence measurements on patterned light-emitting diodes showed single peak emission wavelength of 325 nm at 100 A/cm2 which corresponds to Al0.2Ga0.8N, confirming that efficient hole injection was achieved within the structure. The device exhibits a wavelength shift from 330 nm to 325 nm with increasing current densities from 10A/cm2 to 100A/cm2. In summary, we have demonstrated a fully transparent bottom AlGaN homojunction tunnel junction that enables p-down reversed polarization ultraviolet light emitting diodes, and has very low voltage drop at the tunnel junction. This work could enable new flexibility in the design of future III-Nitride ultraviolet LEDs and lasers. 
    more » « less