Improving Robustness and Maintainability of Cloud-Native Applications with Value-Flow Analysis

PhD Thesis Proposal Defence


Title: "Improving Robustness and Maintainability of Cloud-Native Applications
with Value-Flow Analysis"

by

Mr. Wensheng TANG


Abstract:

Industrial systems are complex and dynamic, often consisting of numerous
interconnected components and subsystems. As these systems evolve, their
functional correctness becomes increasingly challenging to maintain, leading to
potential vulnerabilities, reduced productivity, and even financial loss.
Meanwhile, Static analysis, a software analysis technique that examines code
without executing it, has proven to be a valuable tool in software engineering
for identifying defects, vulnerabilities, and performance bottlenecks.
Moreover, many evidences indicate that value-flow analysis, a prevalent static
program analysis approach, is increasingly practical and scalable. However, its
application to detect functional correctness problems in complex industrial
systems is relatively unexplored. This research seeks to bridge this gap by
investigating how static analysis can be effectively applied to enhance the
reliability of industrial systems.

Our first effort centers around a typical modern microservice-powered software
system. Unlike traditional monolithic software, the microservice can be
composed of thousands of subservices that communicate with each other through
remote procedure calls (RPCs). However, the complex mixture may degrade the
system reliability and further affect the correctness of software properties.
Thus, we study a representative industry practice of such a system, WeChat Pay,
a dominant FinTech system that handles billions of requests per day. The
management team demonstrates the difficulty of governing the correctness of the
propagation of thousands of error codes between sub-services. To address the
problem, in this work, we advocate a system-wide value-flow analysis to detect
anomalies effectively on top of the statically inferred correlations of error
codes.

Our second study shifts the focus to another modern software architecture, the
databasebacked applications where the data correctness is additionally enforced
by data constraints. While the data constraints promise system reliability,
they enlarge maintenance efforts of keeping consistency between two artifacts:
data constraints and the built-in checking logic in the application code. To
better assess the problem's severity and investigate possible solutions, we
study such a representative system and related developers inside Ant Group. In
this work, we also propose a value-flow analysis-based solution to retrieve
traceability efficiently and effectively between the two software artifacts.


Date:                   Thursday, 23 November 2023

Time:                   1:00pm - 3:00pm

Venue:                  Room 4472
                        lifts 25/26

Committee Members:      Prof. Charles Zhang (Supervisor)
                        Dr. Shuai Wang (Chairperson)
                        Dr. Dongdong She
                        Dr. Jiasi Shen


**** ALL are Welcome ****