Robustifying Cloud-Native Applications with Scalable Value-Flow Analysis

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering


PhD Thesis Defence


Title: "Robustifying Cloud-Native Applications with Scalable Value-Flow
Analysis"

By

Mr. Wensheng TANG


Abstract:

In the realm of cloud-native applications, ensuring robustness amidst the
complexities of distributed architectures presents a substantial challenge. The
dynamic and interconnected nature of these systems, characterized by
microservices and database-backed infrastructures, necessitates advanced
methodologies for maintaining functional correctness, thereby preventing
vulnerabilities, performance bottlenecks, and potential financial losses. This
thesis aims to address this critical issue by leveraging state-of-the-art
value-flow analysis techniques, specifically tailored to tackle the scalability
challenges and unique robustness issues on vast cloud-native codebases.

Confronting the scalability dilemma head-on, our research innovates by
redesigning valueflow analysis methodologies to enhance parallelism and
efficiency. This advancement enables the handling of tens of millions of lines
of code typical in cloud-native systems and their associated libraries, a task
that traditional static program analysis methods find daunting. By achieving
path-sensitive precision at such a scale, our approach significantly
contributes to the robustification of cloud-native applications, advocating a
new standard in software robustness.

Building upon this foundational solution, the study explores solving robustness
issues within microservice-based software systems, exemplified by WeChat Pay, a
leading FinTech system. In such systems, managing the correctness of status
code propagation among these sub-services poses a longstanding challenge. To
address the problem, in this work, we advocate a system-wide value-flow
analysis to detect anomalies effectively on top of the statically inferred
correlations of status codes, thereby bolstering the system's overall
robustness and addressing a key facet of software property correctness in
complex, service-oriented architectures.

Further, the thesis extends the application of value-flow analysis to
cloud-native, databasebacked applications, as exemplified by practices within
the Ant Group, where the data correctness is additionally enforced by data
constraints. While data constraints promise system robustness, they increase
maintenance efforts to maintain consistency between two artifacts: data
constraints and the built-in checking logic in the application code. To better
assess the problem's severity and investigate possible solutions, we study such
a representative system and related developers inside Ant Group. In this work,
we also propose a specialized value-flow analysis to retrieve traceability
efficiently and effectively between the two software artifacts.


Date:                   Wednesday, 20 March 2024

Time:                   4:00pm - 6:00pm

Venue:                  Room 5501
                        Lifts 25/26

Chairman:               Prof. Yongli MI (CBE)

Committee Members:      Prof. Charles ZHANG (Supervisor)
                        Prof. Shing Chi CHEUNG
                        Prof. Shuai WANG
                        Prof. Jun ZHANG (ECE)
                        Prof. Michael LYU (CUHK)