State Reconciliation Defects in Infrastructure as Code
Authors: 
Md Mahadi Hassan, John Salvador, Shubhra Kanti Karmaker Santu, 
Akond RahmanAuthors Info & Claims
Article No.: 83, Pages 1865 - 1888
Abstract
In infrastructure as code (IaC), state reconciliation is the process of querying and comparing the infrastructure state prior to changing the infrastructure. As state reconciliation is pivotal to manage IaC-based computing infrastructure at scale, defects related to state reconciliation can create large-scale consequences. A categorization of state reconciliation defects, i.e., defects related to state reconciliation, can aid in understanding the nature of state reconciliation defects. We conduct an empirical study with 5,110 state reconciliation defects where we apply qualitative analysis to categorize state reconciliation defects. From the identified defect categories, we derive heuristics to design prompts for a large language model (LLM), which in turn are used for validation of state reconciliation. From our empirical study, we identify 8 categories of state reconciliation defects, amongst which 3 have not been reported for previously-studied software systems. The most frequently occurring defect category is inventory, i.e., the category of defects that occur when managing infrastructure inventory. Using an LLM with heuristics-based paragraph style prompts, we identify 9 previously unknown state reconciliation defects of which 7 have been accepted as valid defects, and 4 have already been fixed. Based on our findings, we conclude the paper by providing a set of recommendations for researchers and practitioners.
References
[1]
abadger. 2017. jenkins_plugin “params” argument is insecure. https://github.com/ansible/ansible/issues/30874 [Online; accessed 30-March-2024]
[2]
João Agnelo, Nuno Laranjeiro, and Jorge Bernardino. 2020. Using orthogonal defect classification to characterize nosql database defects. Journal of Systems and Software, 159 (2020), 110451.
[3]
Amazon. 2023. Elastic Load Balancing. https://aws.amazon.com/elasticloadbalancing/ [Online; accessed 24-March-2023]
[4]
ansible. 2022. ADB uses Red Hat Ansible Automation Platform to boost infrastructure management. https://www.redhat.com/en/resources/asian-development-bank-case-study [Online; accessed 25-Sep-2023]
[5]
Ansible. 2023. Ansible Documentation. https://docs.ansible.com/ [Online; accessed 19-December-2022]
[6]
ansible. 2023. ansible/ansible. https://github.com/ansible/ansible [Online; accessed 25-Sep-2023]
[7]
ansible/ansible. 2023. Ansible command fails when we try to access it on bastion from remote server. ssh error.Unreachable nodes. https://github.com/ansible/ansible/issues/45898 [Online; accessed 28-March-2023]
[8]
Hilary Arksey and Lisa O’Malley. 2005. Scoping studies: towards a methodological framework. International Journal of Social Research Methodology, 8, 1 (2005), 19–32. https://doi.org/10.1080/1364557032000119616 arxiv:https://doi.org/10.1080/1364557032000119616.
[9]
bcoca. 2016. fixed bad condition hiding results. https://github.com/ansible/ansible/commit/65c373c [Online; accessed 20-March-2023]
[10]
bcoca. 2016. loop to get all load balancers, boto limited to 400 at a time fixes. https://github.com/ansible/ansible/commit/90d084d [Online; accessed 23-March-2023]
[11]
bcoca. 2018. Ensure string types (#42362) * actually enforce string types. https://github.com/ansible/ansible/commit/4a7940c [Online; accessed 10-March-2023]
[12]
bcoca. 2020. fix delegation vars usage (debug still shows inventory_hostname). https://github.com/ansible/ansible/commit/2165f9a [Online; accessed 26-March-2023]
[13]
Mark Burgess. 2011. Testable System Administration. Commun. ACM, 54, 3 (2011), March, 44–49. issn:0001-0782 https://doi.org/10.1145/1897852.1897868
[14]
Junming Cao, Bihuan Chen, Chao Sun, Longjie Hu, Shuaihong Wu, and Xin Peng. 2022. Understanding Performance Problems in Deep Learning Systems. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2022). Association for Computing Machinery, New York, NY, USA. 357–369. isbn:9781450394130 https://doi.org/10.1145/3540250.3549123
[15]
Valeria Cardellini, Michele Colajanni, and Philip S Yu. 1999. Dynamic load balancing on web-server systems. IEEE Internet computing, 3, 3 (1999), 28–39.
[16]
Paul Castro, Vatche Ishakian, Vinod Muthusamy, and Aleksander Slominski. 2019. The Rise of Serverless Computing. Commun. ACM, 62, 12 (2019), nov, 44–54. issn:0001-0782 https://doi.org/10.1145/3368454
[17]
Gemma Catolino, Fabio Palomba, Andy Zaidman, and Filomena Ferrucci. 2019. Not All Bugs Are the Same: Understanding, Characterizing, and Classifying Bug Types. J. Syst. Softw., 152, C (2019), jun, 165–181. issn:0164-1212 https://doi.org/10.1016/j.jss.2019.03.002
[18]
Stefanos Chaliasos, Thodoris Sotiropoulos, Georgios-Petros Drosos, Charalambos Mitropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. 2021. Well-typed programs can go wrong: A study of typing-related bugs in jvm compilers. Proceedings of the ACM on Programming Languages, 5, OOPSLA (2021), 1–30.
[19]
chef. 2009. chef/chef: Chef. https://github.com/chef/chef [Online; accessed 17-Feb-2024]
[20]
Zhenpeng Chen, Huihan Yao, Yiling Lou, Yanbin Cao, Yuanqiang Liu, Haoyu Wang, and Xuanzhe Liu. 2021. An Empirical Study on Deployment Faults of Deep Learning Based Mobile Applications. In Proceedings of the 43rd International Conference on Software Engineering (ICSE ’21). IEEE Press, 674–685. isbn:9781450390859 https://doi.org/10.1109/ICSE43902.2021.00068
[21]
Ram Chillarege, Inderpal Bhandari, Jarir Chaar, Michael Halliday, Diane Moebus, Bonnie Ray, and Man-Yuen Wong. 1992. Orthogonal defect classification-a concept for in-process measurements. IEEE Transactions on Software Engineering, 18, 11 (1992), Nov, 943–956. issn:0098-5589 https://doi.org/10.1109/32.177364
[22]
Marcelo Cinque, Dominico Cotroneo, Raffaele D. Corte, and Antonio Pecchia. 2014. Assessing Direct Monitoring Techniques to Analyze Failures of Critical Industrial Systems. In 2014 IEEE 25th International Symposium on Software Reliability Engineering. 212–222. issn:1071-9458 https://doi.org/10.1109/ISSRE.2014.30
[23]
Domenico Cotroneo, Luigi De Simone, Pietro Liguori, Roberto Natella, and Nematollah Bidokhti. 2019. How Bad Can a Bug Get? An Empirical Analysis of Software Failures in the OpenStack Cloud Computing Platform. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019). Association for Computing Machinery, New York, NY, USA. 200–211. isbn:9781450355728 https://doi.org/10.1145/3338906.3338916
[24]
Domenico Cotroneo, Roberto Pietrantuono, and Stefano Russo. 2013. Testing techniques selection based on ODC fault types and software metrics. Journal of Systems and Software, 86, 6 (2013), 1613–1637.
[25]
Chris Cummins, Pavlos Petoumenos, Alastair Murray, and Hugh Leather. 2018. Compiler Fuzzing through Deep Learning. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018). Association for Computing Machinery, New York, NY, USA. 95–105. isbn:9781450356992 https://doi.org/10.1145/3213846.3213848
[26]
D3DeFi. 2018. zabbix_template: fixed idempotency issues. https://github.com/ansible/ansible/commit/a9aa105 [Online; accessed 21-March-2023]
[27]
dagwieers. 2019. Use locking for concurrent file access. https://github.com/ansible/ansible/commit/e152b277cfc055a3b7bfdaa41db024168ca7a2a [Online; accessed 31-March-2023]
[28]
Stefano Dalla Palma, Dario Di Nucci, Fabio Palomba, and Damian A. Tamburri. 2022. Within-Project Defect Prediction of Infrastructure-as-Code Using Product and Process Metrics. IEEE Transactions on Software Engineering, 48, 6 (2022), 2086–2104. https://doi.org/10.1109/TSE.2021.3051492
[29]
felixfontein. 2019. docker_container: fix port bindings with IPv6 addresses. https://github.com/ansible/ansible/commit/a757310 [Online; accessed 28-March-2023]
[30]
Yu Gao, Wensheng Dou, Feng Qin, Chushu Gao, Dong Wang, Jun Wei, Ruirui Huang, Li Zhou, and Yongming Wu. 2018. An Empirical Study on Crash Recovery Bugs in Large-Scale Distributed Systems. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018). Association for Computing Machinery, New York, NY, USA. 539–550. isbn:9781450355735 https://doi.org/10.1145/3236024.3236030
[31]
Joshua Garcia, Yang Feng, Junjie Shen, Sumaya Almanee, Yuan Xia, Chen, and Qi Alfred. 2020. A Comprehensive Study of Autonomous Vehicle Bugs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 385–396. isbn:9781450371216 https://doi.org/10.1145/3377811.3380397
[32]
GitHub Advisory Database. 2022. Ansible Insertion of Sensitive Information into Log File vulnerability. https://github.com/advisories/GHSA-588w-w6mv-3cw5 [Online; accessed 31-March-2024]
[33]
hashicorp. 2015. hasicorp/terraform - Terraform. https://github.com/hashicorp/terraform/ [Online; accessed 16-Feb-2024]
[34]
Gary Hickey and Cheryl Kipping. 1996. A multi-stage approach to the coding of data from open-ended questions. Nurse researcher, 4, 1 (1996), 81–91.
[35]
Nargiz Humbatova, Gunel Jahangirova, Gabriele Bavota, Vincenzo Riccio, Andrea Stocco, and Paolo Tonella. 2020. Taxonomy of Real Faults in Deep Learning Systems. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 1110–1121. isbn:9781450371216 https://doi.org/10.1145/3377811.3380395
[36]
Waldemar Hummer, Florian Rosenberg, Fábio Oliveira, and Tamar Eilam. 2013. Testing idempotence for infrastructure as code. In ACM/IFIP/USENIX International Conference on Distributed Systems Platforms and Open Distributed Processing. 368–388.
[37]
IEEE. 2010. IEEE Standard Classification for Software Anomalies. IEEE Std 1044-2009 (Revision of IEEE Std 1044-1993), Jan, 1–23. https://doi.org/10.1109/IEEESTD.2010.5399061
[38]
Md Johirul Islam, Giang Nguyen, Rangeet Pan, and Hridesh Rajan. 2019. A Comprehensive Study on Deep Learning Bug Characteristics. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2019). Association for Computing Machinery, New York, NY, USA. 510–520. isbn:9781450355728 https://doi.org/10.1145/3338906.3338955
[39]
Li Jia, Hao Zhong, Xiaoyin Wang, Linpeng Huang, and Xuansheng Lu. 2021. The symptoms, causes, and repairs of bugs inside a deep learning library. Journal of Systems and Software, 177 (2021), 110935.
[40]
Jill R. 2021. Fix to return data when using lambda_info module. https://github.com/ansible/ansible/commit/6fa070e82 [Online; accessed 25-March-2023]
[41]
Jim Gu. 2018. yaml callback fails on python3. https://github.com/ansible/ansible/commit/5839f07 [Online; accessed 19-March-2023]
[42]
Klaus Krippendorff. 2018. Content analysis: An introduction to its methodology. Sage publications.
[43]
Stephanie Lin, Jacob Hilton, and Owain Evans. 2022. TruthfulQA: Measuring How Models Mimic Human Falsehoods. In Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). Association for Computational Linguistics, Dublin, Ireland. 3214–3252. https://doi.org/10.18653/v1/2022.acl-long.229
[44]
Pengfei Liu, Weizhe Yuan, Jinlan Fu, Zhengbao Jiang, Hiroaki Hayashi, and Graham Neubig. 2023. Pre-Train, Prompt, and Predict: A Systematic Survey of Prompting Methods in Natural Language Processing. ACM Comput. Surv., 55, 9 (2023), Article 195, jan, 35 pages. issn:0360-0300 https://doi.org/10.1145/3560815
[45]
Amir Makhshari and Ali Mesbah. 2021. IoT Bugs and Development Challenges. In 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE). 460–472. https://doi.org/10.1109/ICSE43902.2021.00051
[46]
marcusphi. 2013. want to be able to use a variable for the value of ignore_errors. https://github.com/ansible/ansible/issues/4892 [Online; accessed 18-Feb-2024]
[47]
mkrizek. 2021. yum: avoid storing unnecessary cache data. https://github.com/ansible/ansible/commit/461f30c [Online; accessed 25-March-2023]
[48]
mmeintker-tc. 2023. Terraform ignores skip_credentials_validation flag for s3 backend with custom endpoint. https://github.com/hashicorp/terraform/issues/33983 [Online; accessed 15-Feb-2024]
[49]
mscherer. 2016. Do not leak mail password by error. https://github.com/ansible/ansible/commit/b8706a1 [Online; accessed 31-March-2023]
[50]
NIST. 2023. infrastructure as code. https://csrc.nist.gov/glossary/term/infrastructure_as_code [Online; accessed 25-Sep-2023]
[51]
Ruben Opdebeeck, Ahmed Zerouali, and Coen De Roover. 2023. Control and Data Flow in Security Smell Detection for Infrastructure as Code: Is It Worth the Effort? In 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR). 534–545. https://doi.org/10.1109/MSR59073.2023.00079
[52]
OpenAI. 2023. GPT-4 Technical Report. arxiv:2303.08774 arXiv:2303.08774 [cs]
[53]
Akond Rahman, Dibyendu Brinto Bose, Raunak Shakya, and Rahul Pandita. 2023. Come for Syntax, Stay for Speed, Understand Defects: An Empirical Study of Defects in Julia Programs. Empirical Software Engineering, 28, 93 (2023), 33.
[54]
Akond Rahman, Effat Farhana, Chris Parnin, and Laurie Williams. 2020. Gang of Eight: A Defect Taxonomy for Infrastructure as Code Scripts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 752–764. isbn:9781450371216 https://doi.org/10.1145/3377811.3380409 pre-print: https://akondrahman.github.io/papers/icse20_acid.pdf
[55]
Akond Rahman, Md Mahdi Hassan, and John Salvador. 2023. Artifact for Paper. 10.6084/m9.figshare.24129996.v1 [Online; accessed 19-April-2024]
[56]
Akond Rahman, Md Mahdi Hassan, and John Salvador. 2024. Verifiability Package for Paper. 10.6084/m9.figshare.24129996.v1 [Online; accessed 15-April-2024]
[57]
Akond Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams. 2018. A systematic mapping study of infrastructure as code research. Information and Software Technology, issn:0950-5849 https://doi.org/10.1016/j.infsof.2018.12.004
[58]
Akond Rahman and Chris Parnin. 2023. Detecting and Characterizing Propagation of Security Weaknesses in Puppet-Based Infrastructure Management. IEEE Transactions on Software Engineering, 49, 6 (2023), 3536–3553. https://doi.org/10.1109/TSE.2023.3265962
[59]
Akond Rahman, Shazibul Islam Shamim, Dibyendu Brinto Bose, and Rahul Pandita. 2023. Security Misconfigurations in Open Source Kubernetes Manifests: An Empirical Study. ACM Trans. Softw. Eng. Methodol., 32, 4 (2023), Article 99, May, 36 pages. issn:1049-331X https://doi.org/10.1145/3579639
[60]
rahulgoel1. 2021. Yum package idempotency fixes. https://github.com/chef/chef/issues/12382 [Online; accessed 12-Feb-2024]
[61]
Baishakhi Ray, Daryl Posnett, Vladimir Filkov, and Premkumar Devanbu. 2014. A Large Scale Study of Programming Languages and Code Quality in Github. In Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2014). ACM, New York, NY, USA. 155–165. isbn:978-1-4503-3056-5 https://doi.org/10.1145/2635868.2635922
[62]
RedHat. 2022. Customer Case Study - NEC. https://www.ansible.com/hubfs/pdf/Ansible-Case-Study-NEC.pdf [Online; accessed 12-Sep-2023]
[63]
RedHat. 2022. Customer Case Study - NetApp. https://www.ansible.com/hubfs/2018_Content/RH-netapp-case-study.pdf [Online; accessed 02-Sep-2023]
[64]
Sofia Reis, Rui Abreu, Marcelo d’Amorim, and Daniel Fortunato. 2023. Leveraging Practitioners’ Feedback to Improve a Security Linter. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE ’22). Association for Computing Machinery, New York, NY, USA. Article 66, 12 pages. isbn:9781450394758 https://doi.org/10.1145/3551349.3560419
[65]
resmo. 2016. cloudstack: fix state=expunged in cs_instance. https://github.com/ansible/ansible/commit/4020ebaecff [Online; accessed 29-March-2023]
[66]
Rick Elrod. 2020. sysctl/openbsd fact fixes. https://github.com/ansible/ansible/commit/7094849 [Online; accessed 24-March-2023]
[67]
Baptiste Rozière, Jonas Gehring, Fabian Gloeckle, Sten Sootla, Itai Gat, Xiaoqing Ellen, Yossi Adi, Jingyu Liu, Tal Remez, Jérémy Rapin, Artyom Kozhevnikov, Ivan Evtimov, Joanna Bitton, Manish Bhatt, Cristian Canton Ferrer, Aaron Grattafiori, Wenhan Xiong, Alexandre Défossez, Jade Copet, Faisal Azhar, Hugo Touvron, Louis Martin, Nicolas Usunier, Thomas Scialom, and Gabriel Synnaeve. 2023. Code Llama: Open Foundation Models for Code.
[68]
Nuno Saavedra and João F. Ferreira. 2023. GLITCH: Automated Polyglot Security Smell Detection in Infrastructure as Code. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE ’22). Association for Computing Machinery, New York, NY, USA. Article 47, 12 pages. isbn:9781450394758 https://doi.org/10.1145/3551349.3556945
[69]
Johnny Saldaña. 2015. The coding manual for qualitative researchers. Sage.
[70]
Shubhra Kanti Karmaker Santu and Dongji Feng. 2023. TELeR: A General Taxonomy of LLM Prompts for Benchmarking Complex Tasks. arxiv:2305.11430.
[71]
Carolyn B. Seaman, Forrest Shull, Myrna Regardie, Denis Elbert, Raimund L. Feldmann, Yuepu Guo, and Sally Godfrey. 2008. Defect Categorization: Making Use of a Decade of Widely Varying Historical Data. In Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM ’08). Association for Computing Machinery, New York, NY, USA. 149–157. isbn:9781595939715 https://doi.org/10.1145/1414004.1414030
[72]
seventieskid. 2022. Invalid index - Output from a conditional resource contained in a module. https://github.com/hashicorp/terraform/issues/32044 [Online; accessed 09-Feb-2024]
[73]
Rian Shambaugh, Aaron Weiss, and Arjun Guha. 2016. Rehearsal: A Configuration Verification Tool for Puppet. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’16). Association for Computing Machinery, New York, NY, USA. 416–430. isbn:9781450342612 https://doi.org/10.1145/2908080.2908083
[74]
Tushar Sharma, Marios Fragkoulis, and Diomidis Spinellis. 2016. Does Your Configuration Code Smell? In Proceedings of the 13th International Conference on Mining Software Repositories (MSR ’16). ACM, New York, NY, USA. 189–200. isbn:978-1-4503-4186-8 https://doi.org/10.1145/2901739.2901761
[75]
Qingchao Shen, Haoyang Ma, Junjie Chen, Yongqiang Tian, Shing-Chi Cheung, and Xiang Chen. 2021. A Comprehensive Study of Deep Learning Compiler Bugs. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021). Association for Computing Machinery, New York, NY, USA. 968–980. isbn:9781450385626 https://doi.org/10.1145/3468264.3468591
[76]
sivel. 2022. Resolve perf issue with async callback events. https://github.com/ansible/ansible/commit/96ce480 [Online; accessed 25-March-2023]
[77]
Thodoris Sotiropoulos, Dimitris Mitropoulos, and Diomidis Spinellis. 2020. Practical Fault Detection in Puppet Programs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 26–37. isbn:9781450371216 https://doi.org/10.1145/3377811.3380384
[78]
Lin Tan, Chen Liu, Zhenmin Li, Xuanhui Wang, Yuanyuan Zhou, and Chengxiang Zhai. 2014. Bug characteristics in open source software. Empirical software engineering, 19 (2014), 1665–1705.
[79]
Christopher Theisen, Kim Herzig, Patrick Morrison, Brendan Murphy, and Laurie Williams. 2015. Approximating Attack Surfaces with Stack Traces. In 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering. 2, 199–208. https://doi.org/10.1109/ICSE.2015.148
[80]
ttdgcp. 2018. Chef14: broken powershell version check. https://github.com/chef/chef/issues/7166 [Online; accessed 11-Feb-2024]
[81]
Cornelis J Van Rijsbergen, Stephen Edward Robertson, and Martin F Porter. 1980. New models in probabilistic information retrieval. 5587, British Library Research and Development Department London.
[82]
Dinghua Wang, Shuqing Li, Guanping Xiao, Yepang Liu, and Yulei Sui. 2021. An Exploratory Study of Autopilot Software Bugs in Unmanned Aerial Vehicles. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021). Association for Computing Machinery, New York, NY, USA. 20–31. isbn:9781450385626 https://doi.org/10.1145/3468264.3468559
[83]
Tao Wang, Qingxin Xu, Xiaoning Chang, Wensheng Dou, Jiaxin Zhu, Jinhui Xie, Yuetang Deng, Jianbo Yang, Jiaheng Yang, Jun Wei, and Tao Huang. 2022. Characterizing and Detecting Bugs in WeChat Mini-Programs. In Proceedings of the 44th International Conference on Software Engineering (ICSE ’22). Association for Computing Machinery, New York, NY, USA. 363–375. isbn:9781450392211 https://doi.org/10.1145/3510003.3510114
[84]
Burak Yetistiren, Isik Ozsoy, and Eray Tuzun. 2022. Assessing the Quality of GitHub Copilot’s Code Generation. In Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering (PROMISE 2022). Association for Computing Machinery, New York, NY, USA. 62–71. isbn:9781450398602 https://doi.org/10.1145/3558489.3559072
[85]
Zabbix. 2018. Monitoring and Integration Solutions. https://www.zabbix.com/integrations?cat=monitoring_systems [Online; accessed 22-March-2023]
[86]
Fiorella Zampetti, Ritu Kapur, Massimiliano Di Penta, and Sebastiano Panichella. 2022. An empirical characterization of software bugs in open-source cyber-physical systems. Journal of Systems and Software, 192 (2022), 111425.
[87]
zenbot. 2016. Don’t assume a task with non-dict loop results has been skipped.). https://github.com/ansible/ansible/commit/85868e07a9a4641c845ad1be3d036e716ff89bad [Online; accessed 27-March-2023]
[88]
Ru Zhang, Wencong Xiao, Hongyu Zhang, Yu Liu, Haoxiang Lin, and Mao Yang. 2020. An Empirical Study on Program Failures of Deep Learning Jobs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 1159–1170. isbn:9781450371216 https://doi.org/10.1145/3377811.3380362
[89]
Wei Zheng, Chen Feng, Tingting Yu, Xibing Yang, and Xiaoxue Wu. 2019. Towards understanding bugs in an open source cloud management stack: An empirical study of OpenStack software bugs. Journal of Systems and Software, 151 (2019), 210–223.
[90]
Zim Kalinowski. 2018. fix for security group description crash. https://github.com/ansible/ansible/commit/5d2c23e2a3ec9ed81a4cbb8bd6bf28785fbadf4d [Online; accessed 30-March-2023]
Index Terms
- State Reconciliation Defects in Infrastructure as Code
Recommendations
Gang of eight: a defect taxonomy for infrastructure as code scripts
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software EngineeringDefects in infrastructure as code (IaC) scripts can have serious consequences, for example, creating large-scale system outages. A taxonomy of IaC defects can be useful for understanding the nature of defects, and identifying activities needed to fix and ...
Source code properties of defective infrastructure as code scripts
Abstract ContextIn continuous deployment, software and services are rapidly deployed to end-users using an automated deployment pipeline. Defects in infrastructure as code (IaC) scripts can hinder the reliability of the automated ...
Testing practices for infrastructure as code
LANGETI 2020: Proceedings of the 1st ACM SIGSOFT International Workshop on Languages and Tools for Next-Generation TestingInfrastructure as code (IaC) helps practitioners to rapidly deploy software services to end-users. Despite reported benefits, IaC scripts are susceptible to defects. Defects in IaC scripts can cause serious consequences, for example, creating large-...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
July 2024
2770 pages
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 12 July 2024
Published in PACMSE Volume 1, Issue FSE
Badges
Author Tags
Qualifiers
- Research-article
Funding Sources
- U.S. National Science Foundation
- National Science Foundation
- National Security Agency
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 83Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)65
Reflects downloads up to 04 Sep 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in