PWL NY: Simple Testing Can Prevent Most Critical Failures

Simple Testing Can Prevent Most Critical Failures: An Analysis of
Production Failures in Distributed Data-Intensive Systems Papers We Love New York - June 2016

Caitie McCaffrey @caitie Distributed Systems Engineer CaitieM.com

Analyzed Failures in Real World Systems

“A majority (77%) of failures require more than one input
event to manifest, but most of the failures (90%) require no more than 3” Complexity of Failures

“The speciﬁc order of events is important in 88% of
the failures that require multiple events Complexity of Failures

“3 Nodes or less can reproduce 98% of Failures” Complexity
of Failures

Unit Tests “A majority of production failures (77%) can be
reproduced by a unit test”

Top Down Fault Injection & State Space Exploration is Expensive

Logging • 76% of the failures print explicit failure- related
error messages • For 84% of the failures, all of the triggering events are logged • Logs are noisy: each failure prints 824 log messages (median)

Catastrophic Failures

Error Handling • 92% of failures were the result of
incorrect handling of non-fatal errors • 58% of faults could have been detected via simple testing • 35% of failures caused by bad practices in error handling code

• Error Handling Code is simply empty or only contains
a Log statement • Error Handler aborts cluster on an overly general exception • Error Handler contains comments like FIXME or TODO Bad Practices

Aspirator Performs static analysis of Java bytecode to detect: •
error handler is empty • error handler over-catches exceptions and aborts • error handler contains phrases like “TODO” or “FIXME”

• 500 New Bugs & Bad Practices • 115 Fasle
Positives • 171 bugs reported • 143 bugs conﬁrmed or ﬁxed Aspirator Results

-developer “I fail to see the reason to handle every
exception” Developer Reactions

“It is often much harder to reason about the correctness
of a system’s abnormal path than its normal execution path ”

Moving Forward • Use a tool like Aspirator that is
capable of identifying trivial bugs • Enforce code reviews of error handling code • High code coverage on error handling code

Questions @caitie

PWL NY: Simple Testing Can Prevent Most Critica...

PWL NY: Simple Testing Can Prevent Most Critical Failures

Caitie McCaffrey

More Decks by Caitie McCaffrey

Other Decks in Technology

Featured

Transcript

Simple Testing Can Prevent Most Critical Failures: An Analysis of

Caitie McCaffrey @caitie Distributed Systems Engineer CaitieM.com

Analyzed Failures in Real World Systems

“A majority (77%) of failures require more than one input

“The speciﬁc order of events is important in 88% of

“3 Nodes or less can reproduce 98% of Failures” Complexity

Unit Tests “A majority of production failures (77%) can be

Top Down Fault Injection & State Space Exploration is Expensive

Logging • 76% of the failures print explicit failure- related

Catastrophic Failures

Error Handling • 92% of failures were the result of

• Error Handling Code is simply empty or only contains

Aspirator Performs static analysis of Java bytecode to detect: •

• 500 New Bugs & Bad Practices • 115 Fasle

-developer “I fail to see the reason to handle every

“It is often much harder to reason about the correctness

Moving Forward • Use a tool like Aspirator that is

Questions @caitie