Anthony Saieva and Gail Kaiser. Update with Care: Testing Candidate Bug Fixes and Integrating Selective Updates through Binary Rewriting. The Journal of Systems & Software (JSS), 191(111381), September 2022. https://doi.org/10.1016/j.jss.2022.111381.
Enterprise software updates depend on the interaction between user and developer organizations. This interaction becomes especially complex when a single developer organization writes software that services hundreds of different user organizations. Miscommunication during patching and deployment efforts lead to insecure or malfunctioning software installations. While developers oversee the code, the update process starts and ends outside their control. Since developer test suites may fail to capture buggy behavior finding and fixing these bugs starts with user generated bug reports and 3rd party disclosures. The process ends when the fixed code is deployed in production. Any friction between user, and developer results in a delay patching critical bugs.
Two common causes for friction are a failure to replicate user specific circumstances that cause buggy behavior and incompatible software releases that break critical functionality. Existing test generation techniques are insufficient. They fail to test candidate patches for post-deployment bugs and to test whether the new release adversely effects customer workloads. With existing test generation and deployment techniques, users cannot choose (nor validate) compatible portions of new versions and retain their previous version’s functionality.
We present two new technologies to alleviate this friction. First, Test Generation for Ad Hoc Circumstances transforms buggy executions into test cases. Second, Binary Patch Decomposition allows users to select the compatible pieces of update releases. By sharing specific context around buggy behavior and developers can create specific test cases that demonstrate if their fixes are appropriate. When fixes are distributed by including extra context users can incorporate only updates that guarantee compatibility between buggy and fixed versions.
We use change analysis in combination with binary rewriting to transform the old executable and buggy execution into a test case including the developer’s prospective changes that let us generate and run targeted tests for the candidate patch. We also provide analogous support to users, to selectively validate and patch their production environments with only the desired bug-fixes from new version releases.
This paper presents a new patching workflow that allows developers to validate prospective patches and users to select which updates they would like to apply, along with two new technologies that make it possible. We demonstrate our technique constructs tests cases more effectively and more efficiently than traditional test case generation on a collection of real world bugs compared to traditional test generation techniques, and provides the ability for flexible updates in real world scenarios.
@article{attune-journal,
title = {{Update with care: Testing candidate bug fixes and integrating selective updates through binary rewriting}},
journal = {Journal of Systems and Software (JSS)},
volume = {191},
pages = {111381},
year = {2022},
month = {September},
issn = {0164-1212},
doi = {https://doi.org/10.1016/j.jss.2022.111381},
url = {https://www.sciencedirect.com/science/article/pii/S0164121222001054},
author = {Anthony Saieva and Gail Kaiser},
keywords = {Test generation, Change analysis, Binary analysis, Binary rewriting},
}