research-article

Open access

State Reconciliation Defects in Infrastructure as Code

Authors:

Md Mahadi Hassan,

Shubhra Kanti Karmaker Santu,

Akond RahmanAuthors Info & Claims

Proceedings of the ACM on Software Engineering, Volume 1, Issue FSE

Article No.: 83, Pages 1865 - 1888

https://doi.org/10.1145/3660790

Published: 12 July 2024 Publication History

Abstract

In infrastructure as code (IaC), state reconciliation is the process of querying and comparing the infrastructure state prior to changing the infrastructure. As state reconciliation is pivotal to manage IaC-based computing infrastructure at scale, defects related to state reconciliation can create large-scale consequences. A categorization of state reconciliation defects, i.e., defects related to state reconciliation, can aid in understanding the nature of state reconciliation defects. We conduct an empirical study with 5,110 state reconciliation defects where we apply qualitative analysis to categorize state reconciliation defects. From the identified defect categories, we derive heuristics to design prompts for a large language model (LLM), which in turn are used for validation of state reconciliation. From our empirical study, we identify 8 categories of state reconciliation defects, amongst which 3 have not been reported for previously-studied software systems. The most frequently occurring defect category is inventory, i.e., the category of defects that occur when managing infrastructure inventory. Using an LLM with heuristics-based paragraph style prompts, we identify 9 previously unknown state reconciliation defects of which 7 have been accepted as valid defects, and 4 have already been fixed. Based on our findings, we conclude the paper by providing a set of recommendations for researchers and practitioners.

References

[1]

abadger. 2017. jenkins_plugin “params” argument is insecure. https://github.com/ansible/ansible/issues/30874 [Online; accessed 30-March-2024]

[2]

João Agnelo, Nuno Laranjeiro, and Jorge Bernardino. 2020. Using orthogonal defect classification to characterize nosql database defects. Journal of Systems and Software, 159 (2020), 110451.

Digital Library

[3]

Amazon. 2023. Elastic Load Balancing. https://aws.amazon.com/elasticloadbalancing/ [Online; accessed 24-March-2023]

[4]

ansible. 2022. ADB uses Red Hat Ansible Automation Platform to boost infrastructure management. https://www.redhat.com/en/resources/asian-development-bank-case-study [Online; accessed 25-Sep-2023]

[5]

Ansible. 2023. Ansible Documentation. https://docs.ansible.com/ [Online; accessed 19-December-2022]

[6]

ansible. 2023. ansible/ansible. https://github.com/ansible/ansible [Online; accessed 25-Sep-2023]

[7]

ansible/ansible. 2023. Ansible command fails when we try to access it on bastion from remote server. ssh error.Unreachable nodes. https://github.com/ansible/ansible/issues/45898 [Online; accessed 28-March-2023]

[8]

Hilary Arksey and Lisa O’Malley. 2005. Scoping studies: towards a methodological framework. International Journal of Social Research Methodology, 8, 1 (2005), 19–32. https://doi.org/10.1080/1364557032000119616 arxiv:https://doi.org/10.1080/1364557032000119616.

[9]

bcoca. 2016. fixed bad condition hiding results. https://github.com/ansible/ansible/commit/65c373c [Online; accessed 20-March-2023]

[10]

bcoca. 2016. loop to get all load balancers, boto limited to 400 at a time fixes. https://github.com/ansible/ansible/commit/90d084d [Online; accessed 23-March-2023]

[11]

bcoca. 2018. Ensure string types (#42362) * actually enforce string types. https://github.com/ansible/ansible/commit/4a7940c [Online; accessed 10-March-2023]

[12]

bcoca. 2020. fix delegation vars usage (debug still shows inventory_hostname). https://github.com/ansible/ansible/commit/2165f9a [Online; accessed 26-March-2023]

[13]

Mark Burgess. 2011. Testable System Administration. Commun. ACM, 54, 3 (2011), March, 44–49. issn:0001-0782 https://doi.org/10.1145/1897852.1897868

Digital Library

[14]

Junming Cao, Bihuan Chen, Chao Sun, Longjie Hu, Shuaihong Wu, and Xin Peng. 2022. Understanding Performance Problems in Deep Learning Systems. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022). Association for Computing Machinery, New York, NY, USA. 357–369. isbn:9781450394130 https://doi.org/10.1145/3540250.3549123

Digital Library

[15]

Valeria Cardellini, Michele Colajanni, and Philip S Yu. 1999. Dynamic load balancing on web-server systems. IEEE Internet computing, 3, 3 (1999), 28–39.

Digital Library

[16]

Paul Castro, Vatche Ishakian, Vinod Muthusamy, and Aleksander Slominski. 2019. The Rise of Serverless Computing. Commun. ACM, 62, 12 (2019), nov, 44–54. issn:0001-0782 https://doi.org/10.1145/3368454

Digital Library

[17]

Gemma Catolino, Fabio Palomba, Andy Zaidman, and Filomena Ferrucci. 2019. Not All Bugs Are the Same: Understanding, Characterizing, and Classifying Bug Types. J. Syst. Softw., 152, C (2019), jun, 165–181. issn:0164-1212 https://doi.org/10.1016/j.jss.2019.03.002

Digital Library

[18]

Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. 2021. Well-typed programs can go wrong: A study of typing-related bugs in jvm compilers. Proceedings of the ACM on Programming Languages, 5, OOPSLA (2021), 1–30.

[19]

chef. 2009. chef/chef: Chef. https://github.com/chef/chef [Online; accessed 17-Feb-2024]

[20]

Zhenpeng Chen, Huihan Yao, Yiling Lou, Yanbin Cao, Yuanqiang Liu, Haoyu Wang, and Xuanzhe Liu. 2021. An Empirical Study on Deployment Faults of Deep Learning Based Mobile Applications. In Proceedings of the 43rd International Conference on Software Engineering (ICSE ’21). IEEE Press, 674–685. isbn:9781450390859 https://doi.org/10.1109/ICSE43902.2021.00068

Digital Library

[21]

Ram Chillarege, Inderpal Bhandari, Jarir Chaar, Michael Halliday, Diane Moebus, Bonnie Ray, and Man-Yuen Wong. 1992. Orthogonal defect classification-a concept for in-process measurements. IEEE Transactions on Software Engineering, 18, 11 (1992), Nov, 943–956. issn:0098-5589 https://doi.org/10.1109/32.177364

Digital Library

[22]

Marcelo Cinque, Dominico Cotroneo, Raffaele D. Corte, and Antonio Pecchia. 2014. Assessing Direct Monitoring Techniques to Analyze Failures of Critical Industrial Systems. In 2014 IEEE 25th International Symposium on Software Reliability Engineering. 212–222. issn:1071-9458 https://doi.org/10.1109/ISSRE.2014.30

Digital Library

[23]

Domenico Cotroneo, Luigi De Simone, Pietro Liguori, Roberto Natella, and Nematollah Bidokhti. 2019. How Bad Can a Bug Get? An Empirical Analysis of Software Failures in the OpenStack Cloud Computing Platform. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019). Association for Computing Machinery, New York, NY, USA. 200–211. isbn:9781450355728 https://doi.org/10.1145/3338906.3338916

Digital Library

[24]

Domenico Cotroneo, Roberto Pietrantuono, and Stefano Russo. 2013. Testing techniques selection based on ODC fault types and software metrics. Journal of Systems and Software, 86, 6 (2013), 1613–1637.

Digital Library

[25]

Chris Cummins, Pavlos Petoumenos, Alastair Murray, and Hugh Leather. 2018. Compiler Fuzzing through Deep Learning. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018). Association for Computing Machinery, New York, NY, USA. 95–105. isbn:9781450356992 https://doi.org/10.1145/3213846.3213848

Digital Library

[26]

D3DeFi. 2018. zabbix_template: fixed idempotency issues. https://github.com/ansible/ansible/commit/a9aa105 [Online; accessed 21-March-2023]

[27]

dagwieers. 2019. Use locking for concurrent file access. https://github.com/ansible/ansible/commit/e152b277cfc055a3b7bfdaa41db024168ca7a2a [Online; accessed 31-March-2023]

[28]

Stefano Dalla Palma, Dario Di Nucci, Fabio Palomba, and Damian A. Tamburri. 2022. Within-Project Defect Prediction of Infrastructure-as-Code Using Product and Process Metrics. IEEE Transactions on Software Engineering, 48, 6 (2022), 2086–2104. https://doi.org/10.1109/TSE.2021.3051492

Digital Library

[29]

felixfontein. 2019. docker_container: fix port bindings with IPv6 addresses. https://github.com/ansible/ansible/commit/a757310 [Online; accessed 28-March-2023]

[30]

Yu Gao, Wensheng Dou, Feng Qin, Chushu Gao, Dong Wang, Jun Wei, Ruirui Huang, Li Zhou, and Yongming Wu. 2018. An Empirical Study on Crash Recovery Bugs in Large-Scale Distributed Systems. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018). Association for Computing Machinery, New York, NY, USA. 539–550. isbn:9781450355735 https://doi.org/10.1145/3236024.3236030

Digital Library

[31]

Joshua Garcia, Yang Feng, Junjie Shen, Sumaya Almanee, Yuan Xia, Chen, and Qi Alfred. 2020. A Comprehensive Study of Autonomous Vehicle Bugs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 385–396. isbn:9781450371216 https://doi.org/10.1145/3377811.3380397

Digital Library

[32]

GitHub Advisory Database. 2022. Ansible Insertion of Sensitive Information into Log File vulnerability. https://github.com/advisories/GHSA-588w-w6mv-3cw5 [Online; accessed 31-March-2024]

[33]

hashicorp. 2015. hasicorp/terraform - Terraform. https://github.com/hashicorp/terraform/ [Online; accessed 16-Feb-2024]

[34]

Gary Hickey and Cheryl Kipping. 1996. A multi-stage approach to the coding of data from open-ended questions. Nurse researcher, 4, 1 (1996), 81–91.

[35]

Nargiz Humbatova, Gunel Jahangirova, Gabriele Bavota, Vincenzo Riccio, Andrea Stocco, and Paolo Tonella. 2020. Taxonomy of Real Faults in Deep Learning Systems. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 1110–1121. isbn:9781450371216 https://doi.org/10.1145/3377811.3380395

Digital Library

[36]

Waldemar Hummer, Florian Rosenberg, Fábio Oliveira, and Tamar Eilam. 2013. Testing idempotence for infrastructure as code. In ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing. 368–388.

[37]

IEEE. 2010. IEEE Standard Classification for Software Anomalies. IEEE Std 1044-2009 (Revision of IEEE Std 1044-1993), Jan, 1–23. https://doi.org/10.1109/IEEESTD.2010.5399061

[38]

Md Johirul Islam, Giang Nguyen, Rangeet Pan, and Hridesh Rajan. 2019. A Comprehensive Study on Deep Learning Bug Characteristics. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019). Association for Computing Machinery, New York, NY, USA. 510–520. isbn:9781450355728 https://doi.org/10.1145/3338906.3338955

Digital Library

[39]

Li Jia, Hao Zhong, Xiaoyin Wang, Linpeng Huang, and Xuansheng Lu. 2021. The symptoms, causes, and repairs of bugs inside a deep learning library. Journal of Systems and Software, 177 (2021), 110935.

[40]

Jill R. 2021. Fix to return data when using lambda_info module. https://github.com/ansible/ansible/commit/6fa070e82 [Online; accessed 25-March-2023]

[41]

Jim Gu. 2018. yaml callback fails on python3. https://github.com/ansible/ansible/commit/5839f07 [Online; accessed 19-March-2023]

[42]

Klaus Krippendorff. 2018. Content analysis: An introduction to its methodology. Sage publications.

[43]

Stephanie Lin, Jacob Hilton, and Owain Evans. 2022. TruthfulQA: Measuring How Models Mimic Human Falsehoods. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). Association for Computational Linguistics, Dublin, Ireland. 3214–3252. https://doi.org/10.18653/v1/2022.acl-long.229

[44]

Pengfei Liu, Weizhe Yuan, Jinlan Fu, Zhengbao Jiang, Hiroaki Hayashi, and Graham Neubig. 2023. Pre-Train, Prompt, and Predict: A Systematic Survey of Prompting Methods in Natural Language Processing. ACM Comput. Surv., 55, 9 (2023), Article 195, jan, 35 pages. issn:0360-0300 https://doi.org/10.1145/3560815

Digital Library

[45]

Amir Makhshari and Ali Mesbah. 2021. IoT Bugs and Development Challenges. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). 460–472. https://doi.org/10.1109/ICSE43902.2021.00051

Digital Library

[46]

marcusphi. 2013. want to be able to use a variable for the value of ignore_errors. https://github.com/ansible/ansible/issues/4892 [Online; accessed 18-Feb-2024]

[47]

mkrizek. 2021. yum: avoid storing unnecessary cache data. https://github.com/ansible/ansible/commit/461f30c [Online; accessed 25-March-2023]

[48]

mmeintker-tc. 2023. Terraform ignores skip_credentials_validation flag for s3 backend with custom endpoint. https://github.com/hashicorp/terraform/issues/33983 [Online; accessed 15-Feb-2024]

[49]

mscherer. 2016. Do not leak mail password by error. https://github.com/ansible/ansible/commit/b8706a1 [Online; accessed 31-March-2023]

[50]

NIST. 2023. infrastructure as code. https://csrc.nist.gov/glossary/term/infrastructure_as_code [Online; accessed 25-Sep-2023]

[51]

Ruben Opdebeeck, Ahmed Zerouali, and Coen De Roover. 2023. Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort? In 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR). 534–545. https://doi.org/10.1109/MSR59073.2023.00079

[52]

OpenAI. 2023. GPT-4 Technical Report. arxiv:2303.08774 arXiv:2303.08774 [cs]

[53]

Akond Rahman, Dibyendu Brinto Bose, Raunak Shakya, and Rahul Pandita. 2023. Come for Syntax, Stay for Speed, Understand Defects: An Empirical Study of Defects in Julia Programs. Empirical Software Engineering, 28, 93 (2023), 33.

[54]

Akond Rahman, Effat Farhana, Chris Parnin, and Laurie Williams. 2020. Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 752–764. isbn:9781450371216 https://doi.org/10.1145/3377811.3380409 pre-print: https://akondrahman.github.io/papers/icse20_acid.pdf

Digital Library

[55]

Akond Rahman, Md Mahdi Hassan, and John Salvador. 2023. Artifact for Paper. 10.6084/m9.figshare.24129996.v1 [Online; accessed 19-April-2024]

[56]

Akond Rahman, Md Mahdi Hassan, and John Salvador. 2024. Verifiability Package for Paper. 10.6084/m9.figshare.24129996.v1 [Online; accessed 15-April-2024]

[57]

Akond Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams. 2018. A systematic mapping study of infrastructure as code research. Information and Software Technology, issn:0950-5849 https://doi.org/10.1016/j.infsof.2018.12.004

[58]

Akond Rahman and Chris Parnin. 2023. Detecting and Characterizing Propagation of Security Weaknesses in Puppet-Based Infrastructure Management. IEEE Transactions on Software Engineering, 49, 6 (2023), 3536–3553. https://doi.org/10.1109/TSE.2023.3265962

Digital Library

[59]

Akond Rahman, Shazibul Islam Shamim, Dibyendu Brinto Bose, and Rahul Pandita. 2023. Security Misconfigurations in Open Source Kubernetes Manifests: An Empirical Study. ACM Trans. Softw. Eng. Methodol., 32, 4 (2023), Article 99, May, 36 pages. issn:1049-331X https://doi.org/10.1145/3579639

Digital Library

[60]

rahulgoel1. 2021. Yum package idempotency fixes. https://github.com/chef/chef/issues/12382 [Online; accessed 12-Feb-2024]

[61]

Baishakhi Ray, Daryl Posnett, Vladimir Filkov, and Premkumar Devanbu. 2014. A Large Scale Study of Programming Languages and Code Quality in Github. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, New York, NY, USA. 155–165. isbn:978-1-4503-3056-5 https://doi.org/10.1145/2635868.2635922

Digital Library

[62]

RedHat. 2022. Customer Case Study - NEC. https://www.ansible.com/hubfs/pdf/Ansible-Case-Study-NEC.pdf [Online; accessed 12-Sep-2023]

[63]

RedHat. 2022. Customer Case Study - NetApp. https://www.ansible.com/hubfs/2018_Content/RH-netapp-case-study.pdf [Online; accessed 02-Sep-2023]

[64]

Sofia Reis, Rui Abreu, Marcelo d’Amorim, and Daniel Fortunato. 2023. Leveraging Practitioners’ Feedback to Improve a Security Linter. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE ’22). Association for Computing Machinery, New York, NY, USA. Article 66, 12 pages. isbn:9781450394758 https://doi.org/10.1145/3551349.3560419

Digital Library

[65]

resmo. 2016. cloudstack: fix state=expunged in cs_instance. https://github.com/ansible/ansible/commit/4020ebaecff [Online; accessed 29-March-2023]

[66]

Rick Elrod. 2020. sysctl/openbsd fact fixes. https://github.com/ansible/ansible/commit/7094849 [Online; accessed 24-March-2023]

[67]

Baptiste Rozière, Jonas Gehring, Fabian Gloeckle, Sten Sootla, Itai Gat, Xiaoqing Ellen, Yossi Adi, Jingyu Liu, Tal Remez, Jérémy Rapin, Artyom Kozhevnikov, Ivan Evtimov, Joanna Bitton, Manish Bhatt, Cristian Canton Ferrer, Aaron Grattafiori, Wenhan Xiong, Alexandre Défossez, Jade Copet, Faisal Azhar, Hugo Touvron, Louis Martin, Nicolas Usunier, Thomas Scialom, and Gabriel Synnaeve. 2023. Code Llama: Open Foundation Models for Code.

[68]

Nuno Saavedra and João F. Ferreira. 2023. GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE ’22). Association for Computing Machinery, New York, NY, USA. Article 47, 12 pages. isbn:9781450394758 https://doi.org/10.1145/3551349.3556945

Digital Library

[69]

Johnny Saldaña. 2015. The coding manual for qualitative researchers. Sage.

[70]

Shubhra Kanti Karmaker Santu and Dongji Feng. 2023. TELeR: A General Taxonomy of LLM Prompts for Benchmarking Complex Tasks. arxiv:2305.11430.

[71]

Carolyn B. Seaman, Forrest Shull, Myrna Regardie, Denis Elbert, Raimund L. Feldmann, Yuepu Guo, and Sally Godfrey. 2008. Defect Categorization: Making Use of a Decade of Widely Varying Historical Data. In Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM ’08). Association for Computing Machinery, New York, NY, USA. 149–157. isbn:9781595939715 https://doi.org/10.1145/1414004.1414030

Digital Library

[72]

seventieskid. 2022. Invalid index - Output from a conditional resource contained in a module. https://github.com/hashicorp/terraform/issues/32044 [Online; accessed 09-Feb-2024]

[73]

Rian Shambaugh, Aaron Weiss, and Arjun Guha. 2016. Rehearsal: A Configuration Verification Tool for Puppet. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’16). Association for Computing Machinery, New York, NY, USA. 416–430. isbn:9781450342612 https://doi.org/10.1145/2908080.2908083

Digital Library

[74]

Tushar Sharma, Marios Fragkoulis, and Diomidis Spinellis. 2016. Does Your Configuration Code Smell? In Proceedings of the 13th International Conference on Mining Software Repositories (MSR ’16). ACM, New York, NY, USA. 189–200. isbn:978-1-4503-4186-8 https://doi.org/10.1145/2901739.2901761

Digital Library

[75]

Qingchao Shen, Haoyang Ma, Junjie Chen, Yongqiang Tian, Shing-Chi Cheung, and Xiang Chen. 2021. A Comprehensive Study of Deep Learning Compiler Bugs. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021). Association for Computing Machinery, New York, NY, USA. 968–980. isbn:9781450385626 https://doi.org/10.1145/3468264.3468591

Digital Library

[76]

sivel. 2022. Resolve perf issue with async callback events. https://github.com/ansible/ansible/commit/96ce480 [Online; accessed 25-March-2023]

[77]

Thodoris Sotiropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. 2020. Practical Fault Detection in Puppet Programs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 26–37. isbn:9781450371216 https://doi.org/10.1145/3377811.3380384

Digital Library

[78]

Lin Tan, Chen Liu, Zhenmin Li, Xuanhui Wang, Yuanyuan Zhou, and Chengxiang Zhai. 2014. Bug characteristics in open source software. Empirical software engineering, 19 (2014), 1665–1705.

[79]

Christopher Theisen, Kim Herzig, Patrick Morrison, Brendan Murphy, and Laurie Williams. 2015. Approximating Attack Surfaces with Stack Traces. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. 2, 199–208. https://doi.org/10.1109/ICSE.2015.148

[80]

ttdgcp. 2018. Chef14: broken powershell version check. https://github.com/chef/chef/issues/7166 [Online; accessed 11-Feb-2024]

[81]

Cornelis J Van Rijsbergen, Stephen Edward Robertson, and Martin F Porter. 1980. New models in probabilistic information retrieval. 5587, British Library Research and Development Department London.

[82]

Dinghua Wang, Shuqing Li, Guanping Xiao, Yepang Liu, and Yulei Sui. 2021. An Exploratory Study of Autopilot Software Bugs in Unmanned Aerial Vehicles. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021). Association for Computing Machinery, New York, NY, USA. 20–31. isbn:9781450385626 https://doi.org/10.1145/3468264.3468559

Digital Library

[83]

Tao Wang, Qingxin Xu, Xiaoning Chang, Wensheng Dou, Jiaxin Zhu, Jinhui Xie, Yuetang Deng, Jianbo Yang, Jiaheng Yang, Jun Wei, and Tao Huang. 2022. Characterizing and Detecting Bugs in WeChat Mini-Programs. In Proceedings of the 44th International Conference on Software Engineering (ICSE ’22). Association for Computing Machinery, New York, NY, USA. 363–375. isbn:9781450392211 https://doi.org/10.1145/3510003.3510114

Digital Library

[84]

Burak Yetistiren, Isik Ozsoy, and Eray Tuzun. 2022. Assessing the Quality of GitHub Copilot’s Code Generation. In Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2022). Association for Computing Machinery, New York, NY, USA. 62–71. isbn:9781450398602 https://doi.org/10.1145/3558489.3559072

Digital Library

[85]

Zabbix. 2018. Monitoring and Integration Solutions. https://www.zabbix.com/integrations?cat=monitoring_systems [Online; accessed 22-March-2023]

[86]

Fiorella Zampetti, Ritu Kapur, Massimiliano Di Penta, and Sebastiano Panichella. 2022. An empirical characterization of software bugs in open-source cyber-physical systems. Journal of Systems and Software, 192 (2022), 111425.

Digital Library

[87]

zenbot. 2016. Don’t assume a task with non-dict loop results has been skipped.). https://github.com/ansible/ansible/commit/85868e07a9a4641c845ad1be3d036e716ff89bad [Online; accessed 27-March-2023]

[88]

Ru Zhang, Wencong Xiao, Hongyu Zhang, Yu Liu, Haoxiang Lin, and Mao Yang. 2020. An Empirical Study on Program Failures of Deep Learning Jobs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 1159–1170. isbn:9781450371216 https://doi.org/10.1145/3377811.3380362

Digital Library

[89]

Wei Zheng, Chen Feng, Tingting Yu, Xibing Yang, and Xiaoxue Wu. 2019. Towards understanding bugs in an open source cloud management stack: An empirical study of OpenStack software bugs. Journal of Systems and Software, 151 (2019), 210–223.

Digital Library

[90]

Zim Kalinowski. 2018. fix for security group description crash. https://github.com/ansible/ansible/commit/5d2c23e2a3ec9ed81a4cbb8bd6bf28785fbadf4d [Online; accessed 30-March-2023]

Cited By

Drosos GSotiropoulos TAlexopoulos GMitropoulos DSu Z(2024)When Your Infrastructure Is a Buggy Program: Understanding Faults in Infrastructure as Code EcosystemsProceedings of the ACM on Programming Languages10.1145/36897998:OOPSLA2(2490-2520)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689799
Xu QGao YWei JChristakis MPradel M(2024)An Empirical Study on Kubernetes Operator BugsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680396(1746-1758)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680396

Index Terms

State Reconciliation Defects in Infrastructure as Code
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Empirical software validation
      2. Software defect analysis

Recommendations

Gang of eight: a defect taxonomy for infrastructure as code scripts
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

Defects in infrastructure as code (IaC) scripts can have serious consequences, for example, creating large-scale system outages. A taxonomy of IaC defects can be useful for understanding the nature of defects, and identifying activities needed to fix and ...
Infrastructure as code for dynamic deployments
ESEC/FSE 2022: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Modern DevOps organizations require a high degree of automation to achieve software stability at frequent changes. Further, there is a need for flexible, timely reconfiguration of the infrastructure, e.g., to use pay-per-use infrastructure efficiently ...
Source code properties of defective infrastructure as code scripts
Abstract Context
In continuous deployment, software and services are rapidly deployed to end-users using an automated deployment pipeline. Defects in infrastructure as code (IaC) scripts can hinder the reliability of the automated ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Software Engineering

Proceedings of the ACM on Software Engineering Volume 1, Issue FSE

July 2024

2770 pages

EISSN:2994-970X

DOI:10.1145/3554322

Editor:
Luciano Baresi
Politecnico di Milano, Italy

Issue’s Table of Contents

Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2024

Published in PACMSE Volume 1, Issue FSE

Badges

Artifacts Available / v1.1

Author Tags

Qualifiers

Research-article

Funding Sources

U.S. National Science Foundation
National Science Foundation
National Security Agency

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
371
Total Downloads

Downloads (Last 12 months)371
Downloads (Last 6 weeks)59

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Drosos GSotiropoulos TAlexopoulos GMitropoulos DSu Z(2024)When Your Infrastructure Is a Buggy Program: Understanding Faults in Infrastructure as Code EcosystemsProceedings of the ACM on Programming Languages10.1145/36897998:OOPSLA2(2490-2520)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689799
Xu QGao YWei JChristakis MPradel M(2024)An Empirical Study on Kubernetes Operator BugsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680396(1746-1758)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680396

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents