Fault injection is a technique to measure the robustness of a program to errors by introducing faults into the program under test. Following a fault injection experiment, Error Propagation Analysis (EPA) is deployed to understand how errors affect a program's execution. EPA typically compares the traces of a fault-free (golden) run with those from a faulty run of the program. While this suffices for deterministic programs, EPA approaches are unsound for multithreaded programs with non-deterministic golden runs. In this paper, we propose Invariant Propagation Analysis (IPA) as the use of automatically inferred likely invariants ("invariants" in the following) in lieu of golden traces for conducting EPA in multithreaded programs. We evaluate the stability and fault coverage of invariants derived by IPA through fault injection experiments across six different fault types and six representative programs that can be executed with varying numbers of threads. We find that stable invariants can be inferred in all cases, but their fault coverage depends on the application and the fault type. We also find that fault coverage for multithreaded executions with IPA can be even higher than for traditional singlethreaded EPA, which emphasizes that IPA results cannot be trivially extrapolated from traditional EPA results.

翻译：故障注入是一种通过在测试程序中引入故障来测量程序对错误鲁棒性的技术。在故障注入实验之后，采用错误传播分析（EPA）来理解错误如何影响程序的执行。EPA通常将无故障（黄金）运行的踪迹与程序的有故障运行踪迹进行比较。虽然这对于确定性程序是足够的，但对于具有非确定性黄金运行的多线程程序，EPA方法是不完备的。在本文中，我们提出不变式传播分析（IPA），即使用自动推断的似然不变式（下文简称“不变式”）代替黄金踪迹来对多线程程序进行EPA。我们通过跨六种不同故障类型和六个可随线程数变化执行的代表性程序的故障注入实验，评估了由IPA推导出的不变式的稳定性和故障覆盖率。我们发现，在所有情况下都能推断出稳定的不变式，但其故障覆盖率取决于应用程序和故障类型。我们还发现，使用IPA的多线程执行故障覆盖率甚至可能高于传统的单线程EPA，这强调了IPA结果不能简单地从传统EPA结果中外推而来。