{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:24:01Z","timestamp":1773840241879,"version":"3.50.1"},"reference-count":76,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA","license":[{"start":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T00:00:00Z","timestamp":1634256000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CCF-1715387, CCF-1553168, CNS-1565208, SHF-1816615, CNS-1956007, CCF-2029049, CNS-2130560"],"award-info":[{"award-number":["CCF-1715387, CCF-1553168, CNS-1565208, SHF-1816615, CNS-1956007, CCF-2029049, CNS-2130560"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2021,10,20]]},"abstract":"The behavior of large systems is guided by their configurations: users set parameters in the configuration file to dictate which corresponding part of the system code is executed. However, it is often the case that, although some parameters are set in the configuration file, they do not influence the system runtime behavior, thus failing to meet the user\u2019s intent. Moreover, such misconfigurations rarely lead to an error message or raising an exception. We introduce the notion of silent misconfigurations which are prohibitively hard to identify due to (1) lack of feedback and (2) complex interactions between configurations and code.<\/jats:p>\n This paper presents ConfigX, the first tool for the detection of silent misconfigurations. The main challenge is to understand the complex interactions between configurations and the code that they affected. Our goal is to derive a specification describing non-trivial interactions between the configuration parameters that lead to silent misconfigurations. To this end, ConfigX uses static analysis to determine which parts of the system code are associated with configuration parameters. ConfigX then infers the connections between configuration parameters by analyzing their associated code blocks. We design customized control- and data-flow analysis to derive a specification of configurations. Additionally, we conduct reachability analysis to eliminate spurious rules to reduce false positives. Upon evaluation on five real-world datasets across three widely-used systems, Apache, vsftpd, and PostgreSQL, ConfigX detected more than 2200 silent misconfigurations. We additionally conducted a user study where we ran ConfigX on misconfigurations reported on user forums by real-world users. ConfigX easily detected issues and suggested repairs for those misconfigurations. Our solutions were accepted and confirmed in the interaction with the users, who originally posted the problems.<\/jats:p>","DOI":"10.1145\/3485517","type":"journal-article","created":{"date-parts":[[2021,10,15]],"date-time":"2021-10-15T19:18:28Z","timestamp":1634325508000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Static detection of silent misconfigurations with deep interaction analysis"],"prefix":"10.1145","volume":"5","author":[{"given":"Jialu","family":"Zhang","sequence":"first","affiliation":[{"name":"Yale University, USA"}]},{"given":"Ruzica","family":"Piskac","sequence":"additional","affiliation":[{"name":"Yale University, USA"}]},{"given":"Ennan","family":"Zhai","sequence":"additional","affiliation":[{"name":"Alibaba Group, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4443-8170","authenticated-orcid":false,"given":"Tianyin","family":"Xu","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,10,15]]},"reference":[{"key":"e_1_2_2_1_1","unstructured":"2012. Silent misconfiguration: Advanced Ordering. https:\/\/stackoverflow.com\/questions\/9943042\/htaccess-order-deny-allow-deny 2012. Silent misconfiguration: Advanced Ordering. https:\/\/stackoverflow.com\/questions\/9943042\/htaccess-order-deny-allow-deny"},{"key":"e_1_2_2_2_1","volume-title":"Microsoft service outage on November 20th","year":"2014"},{"key":"e_1_2_2_3_1","unstructured":"2014. Silent misconfiguration: Implicit Overwrite. https:\/\/stackoverflow.com\/questions\/21338450\/conditional-request-not-honored-in-includes 2014. Silent misconfiguration: Implicit Overwrite. https:\/\/stackoverflow.com\/questions\/21338450\/conditional-request-not-honored-in-includes"},{"key":"e_1_2_2_4_1","volume-title":"Amazon service outage on February 28th","year":"2017"},{"key":"e_1_2_2_5_1","volume-title":"Google service outage on July 17th","year":"2018"},{"key":"e_1_2_2_6_1","unstructured":"2021. Apache. https:\/\/httpd.apache.org 2021. Apache. https:\/\/httpd.apache.org"},{"key":"e_1_2_2_7_1","unstructured":"2021. Apache User Manual. https:\/\/httpd.apache.org\/docs\/ 2021. Apache User Manual. https:\/\/httpd.apache.org\/docs\/"},{"key":"e_1_2_2_8_1","unstructured":"2021. PostgreSQL. https:\/\/www.postgresql.org 2021. PostgreSQL. https:\/\/www.postgresql.org"},{"key":"e_1_2_2_9_1","unstructured":"2021. Server Fault. https:\/\/serverfault.com 2021. Server Fault. https:\/\/serverfault.com"},{"key":"e_1_2_2_10_1","unstructured":"2021. Stack Overflow. https:\/\/stackoverflow.com 2021. Stack Overflow. https:\/\/stackoverflow.com"},{"key":"e_1_2_2_11_1","unstructured":"2021. vsftpd. https:\/\/security.appspot.com\/vsftpd.htmlg 2021. vsftpd. https:\/\/security.appspot.com\/vsftpd.htmlg"},{"key":"e_1_2_2_12_1","volume-title":"X-ray: Automating root-cause diagnosis of performance anomalies in production software. In [10th]OSDIUSENIX Symposium on Operating Systems Design and Implementation.","author":"Attariyan Mona","year":"2012"},{"key":"e_1_2_2_13_1","unstructured":"Mona Attariyan and Jason Flinn. 2010. Automating configuration troubleshooting with dynamic information flow analysis. In [9th]OSDIUSENIX Symposium on Operating Systems Design and Implementation. Mona Attariyan and Jason Flinn. 2010. Automating configuration troubleshooting with dynamic information flow analysis. In [9th]OSDIUSENIX Symposium on Operating Systems Design and Implementation."},{"key":"e_1_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1952982.1952984"},{"key":"e_1_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409728"},{"key":"e_1_2_2_16_1","doi-asserted-by":"crossref","unstructured":"Qingrong Chen Teng Wang Owolabi Legunsen Shanshan Li and Tianyin Xu. 2020. Understanding and Discovering Software Configuration Dependencies in Cloud and Datacenter Systems. In In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE\u201920). Virtual Event. Qingrong Chen Teng Wang Owolabi Legunsen Shanshan Li and Tianyin Xu. 2020. Understanding and Discovering Software Configuration Dependencies in Cloud and Datacenter Systems. In In Proceedings of the 2020 ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE\u201920). Virtual Event.","DOI":"10.1145\/3368089.3409727"},{"key":"e_1_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464810"},{"key":"e_1_2_2_18_1","volume-title":"Proceedings of the 19th USENIX Security Symposium.","author":"Das Tathagata","year":"2010"},{"key":"e_1_2_2_19_1","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"de Moura Leonardo"},{"key":"e_1_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.2015.7332463"},{"key":"e_1_2_2_21_1","volume-title":"ConfigFix: Interactive Configuration Conflict Resolution for the Linux Kernel. CoRR, abs\/2012.15342","author":"Franz Patrick","year":"2020"},{"key":"e_1_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ECOOP.2017.12"},{"key":"e_1_2_2_23_1","volume-title":"Fatma Bilgen Cetin, and Shivnath Babu","author":"Herodotou Herodotos","year":"2011"},{"key":"e_1_2_2_24_1","volume-title":"Automated Reasoning and Detection of Specious Configuration in Large Systems with Symbolic Execution. In 14th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2020","author":"Hu Yigong","year":"2020"},{"key":"e_1_2_2_25_1","doi-asserted-by":"crossref","unstructured":"Peng Huang William J. Bolosky Abhishek Singh and Yuanyuan Zhou. 2015. ConfValley: A systematic configuration validation framework for cloud services. In [10th]EuroSysEuropean Conference on Computer Systems. Peng Huang William J. Bolosky Abhishek Singh and Yuanyuan Zhou. 2015. ConfValley: A systematic configuration validation framework for cloud services. In [10th]EuroSysEuropean Conference on Computer Systems.","DOI":"10.1145\/2741948.2741963"},{"key":"e_1_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115661"},{"key":"e_1_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236074"},{"key":"e_1_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3393691.3394215"},{"key":"e_1_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2004.1281665"},{"key":"e_1_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3342195.3387520"},{"key":"e_1_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2642937.2643001"},{"key":"e_1_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2756048"},{"key":"e_1_2_2_33_1","unstructured":"Justin Mason. 2011. Against The Use Of Programming Languages in Configuration Files. http:\/\/taint.org\/2011\/02\/18\/001527a.html Justin Mason. 2011. Against The Use Of Programming Languages in Configuration Files. http:\/\/taint.org\/2011\/02\/18\/001527a.html"},{"key":"e_1_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3422392.3422409"},{"key":"e_1_2_2_35_1","volume-title":"Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI\u201920)","author":"Mehta Sonu","year":"2020"},{"key":"e_1_2_2_36_1","doi-asserted-by":"crossref","unstructured":"Jens Meinicke Chu-Pan Wong Bogdan Vasilescu and Christian K\u00e4stner. 2020. Exploring Differences and Commonalities between Feature Flags and Configuration Options. In ICSE SEIP. Jens Meinicke Chu-Pan Wong Bogdan Vasilescu and Christian K\u00e4stner. 2020. Exploring Differences and Commonalities between Feature Flags and Configuration Options. In ICSE SEIP.","DOI":"10.1145\/3377813.3381366"},{"key":"e_1_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319166"},{"key":"e_1_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/2568225.2568283"},{"key":"e_1_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2015.2415793"},{"key":"e_1_2_2_40_1","volume-title":"Transfer Learning with Bellwethers to find Good Configurations. CoRR, abs\/1803.03900","author":"Nair Vivek","year":"2018"},{"key":"e_1_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.14778\/2824032.2824079"},{"key":"e_1_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985812"},{"key":"e_1_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2011.6100053"},{"key":"e_1_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133888"},{"key":"e_1_2_2_45_1","doi-asserted-by":"crossref","unstructured":"Mark Santolucito Ennan Zhai and Ruzica Piskac. 2016. Probabilistic Automated Language Learning for Configuration Files. In [28th]CAVComputer Aided Verification. Mark Santolucito Ennan Zhai and Ruzica Piskac. 2016. Probabilistic Automated Language Learning for Configuration Files. In [28th]CAVComputer Aided Verification.","DOI":"10.1007\/978-3-319-41540-6_5"},{"key":"e_1_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908083"},{"key":"e_1_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2901761"},{"key":"e_1_2_2_48_1","volume-title":"Says It Has Resolved \u201cServer Configuration","author":"Spangler Todd","year":"2019"},{"key":"e_1_2_2_49_1","volume-title":"'43239190","year":"2017"},{"key":"e_1_2_2_50_1","volume-title":"'6070335","year":"2011"},{"key":"e_1_2_2_51_1","unstructured":"Ya-Yunn Su Mona Attariyan and Jason Flinn. 2007. AutoBash: Improving configuration management with operating systems. In [21st]SOSPACM Symposium on Operating Systems Principles. Ya-Yunn Su Mona Attariyan and Jason Flinn. 2007. AutoBash: Improving configuration management with operating systems. In [21st]SOSPACM Symposium on Operating Systems Principles."},{"key":"e_1_2_2_52_1","volume-title":"Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201920)","author":"Sun Xudong","year":"2020"},{"key":"e_1_2_2_53_1","volume-title":"Ryan Beckett, Ennan Zhai, Matt Brown, Todd D. Millstein, Yuval Tamir, and George Varghese.","author":"Tang Alan","year":"2021"},{"key":"e_1_2_2_54_1","volume-title":"Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference (USENIX ATC\u201914)","author":"Tartler Reinhard","year":"2014"},{"key":"e_1_2_2_55_1","volume-title":"Qiaobo Ye, Chunsheng Wang, Xin Wu, Zhiming Ji, Yihong Sang, Ming Zhang, Da Yu, Chen Tian, Haitao Zheng, and Ben Y. Zhao.","author":"Tian Bingchuan","year":"2019"},{"key":"e_1_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3035918.3064029"},{"key":"e_1_2_2_57_1","volume-title":"Proceedings of the 6th USENIX Conference on Operating Systems Design and Implementation (OSDI\u201904)","author":"Wang Helen J.","year":"2004"},{"key":"e_1_2_2_58_1","volume-title":"Proceedings of the 17th Large Installation Systems Administration Conference (LISA\u201903)","author":"Wang Yi-Min","year":"2003"},{"key":"e_1_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115673"},{"key":"e_1_2_2_60_1","volume-title":"2020 USENIX Annual Technical Conference, USENIX ATC 2020","author":"Xiang Chengcheng","year":"2020"},{"key":"e_1_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363191"},{"key":"e_1_2_2_62_1","unstructured":"Tianyin Xu. 2017. Misconfiguration dataset. https:\/\/github.com\/tianyin\/configuration_datasets Tianyin Xu. 2017. Misconfiguration dataset. https:\/\/github.com\/tianyin\/configuration_datasets"},{"key":"e_1_2_2_63_1","unstructured":"Tianyin Xu Long Jin Xuepeng Fan Yuanyuan Zhou Shankar Pasupathy and Rukma Talwadker. 2015. Hey you have given me too many knobs!: understanding and dealing with over-designed configuration in system software. In [10th]ESEC\/FSEJoint Meeting on Foundations of Software Engineering. Tianyin Xu Long Jin Xuepeng Fan Yuanyuan Zhou Shankar Pasupathy and Rukma Talwadker. 2015. Hey you have given me too many knobs!: understanding and dealing with over-designed configuration in system software. In [10th]ESEC\/FSEJoint Meeting on Foundations of Software Engineering."},{"key":"e_1_2_2_64_1","unstructured":"Tianyin Xu Xinxin Jin Peng Huang Yuanyuan Zhou Shan Lu Long Jin and Shankar Pasupathy. 2016. Early detection of configuration errors to reduce failure damage. In [12th]OSDIUSENIX Symposium on Operating Systems Design and Implementation. Tianyin Xu Xinxin Jin Peng Huang Yuanyuan Zhou Shan Lu Long Jin and Shankar Pasupathy. 2016. Early detection of configuration errors to reduce failure damage. In [12th]OSDIUSENIX Symposium on Operating Systems Design and Implementation."},{"key":"e_1_2_2_65_1","volume-title":"Configuration Testing: Testing Configuration Values as Code and with Code. CoRR, abs\/1905.12195","author":"Xu Tianyin","year":"2020"},{"key":"e_1_2_2_66_1","unstructured":"Tianyin Xu Vineet Pandey and Scott Klemmer. 2016. An HCI View of Configuration Problems. arXiv:1601.01747 Jan.. Tianyin Xu Vineet Pandey and Scott Klemmer. 2016. An HCI View of Configuration Problems. arXiv:1601.01747 Jan.."},{"key":"e_1_2_2_67_1","unstructured":"Tianyin Xu Jiaqi Zhang Peng Huang Jing Zheng Tianwei Sheng Ding Yuan Yuanyuan Zhou and Shankar Pasupathy. 2013. Do not blame users for misconfigurations. In [24th]SOSPACM Symposium on Operating Systems Principles. Tianyin Xu Jiaqi Zhang Peng Huang Jing Zheng Tianwei Sheng Ding Yuan Yuanyuan Zhou and Shankar Pasupathy. 2013. Do not blame users for misconfigurations. In [24th]SOSPACM Symposium on Operating Systems Principles."},{"key":"e_1_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2791577"},{"key":"e_1_2_2_69_1","volume-title":"Bingchuan Tian, Qiaobo Ye, Chunsheng Wang, Xin Wu, Tianchen Guo, Cheng Jin, Duncheng She, Qing Ma, Biao Cheng, Hui Xu, Ming Zhang, Zhiliang Wang, and Rodrigo Fonseca.","author":"Ye Fangdan","year":"2020"},{"key":"e_1_2_2_70_1","unstructured":"Zuoning Yin Xiao Ma Jing Zheng Yuanyuan Zhou Lakshmi N. Bairavasundaram and Shankar Pasupathy. 2011. An empirical study on configuration errors in commercial and open source systems. In [23rd]SOSPACM Symposium on Operating Systems Principles. Zuoning Yin Xiao Ma Jing Zheng Yuanyuan Zhou Lakshmi N. Bairavasundaram and Shankar Pasupathy. 2011. An empirical study on configuration errors in commercial and open source systems. In [23rd]SOSPACM Symposium on Operating Systems Principles."},{"key":"e_1_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/1217935.1217972"},{"key":"e_1_2_2_72_1","volume-title":"USENIX ATCUSENIX Annual Technical Conference.","author":"Yuan Ding","year":"2011"},{"key":"e_1_2_2_73_1","unstructured":"Ennan Zhai Ang Chen Ruzica Piskac Mahesh Balakrishnan Bingchuan Tian Bo Song and Haoliang Zhang. 2020. Check before You Change: Preventing Correlated Failures in Service Updates. In [17th]NSDIUSENIX Symposium on Networked Systems Design and Implementation. Ennan Zhai Ang Chen Ruzica Piskac Mahesh Balakrishnan Bingchuan Tian Bo Song and Haoliang Zhang. 2020. Check before You Change: Preventing Correlated Failures in Service Updates. In [17th]NSDIUSENIX Symposium on Networked Systems Design and Implementation."},{"key":"e_1_2_2_74_1","doi-asserted-by":"crossref","unstructured":"Jiaqi Zhang Lakshminarayanan Renganarayana Xiaolan Zhang Niyu Ge Vasanth Bala Tianyin Xu and Yuanyuan Zhou. 2014. EnCore: Exploiting system environment and correlation information for misconfiguration detection. In ASPLOSArchitectural Support for Programming Languages and Operating Systems. Jiaqi Zhang Lakshminarayanan Renganarayana Xiaolan Zhang Niyu Ge Vasanth Bala Tianyin Xu and Yuanyuan Zhou. 2014. EnCore: Exploiting system environment and correlation information for misconfiguration detection. In ASPLOSArchitectural Support for Programming Languages and Operating Systems.","DOI":"10.1145\/2541940.2541983"},{"key":"e_1_2_2_75_1","volume-title":"Proceedings of the 35th International Conference on Software Engineering (ICSE\u201913)","author":"Zhang Sai"},{"key":"e_1_2_2_76_1","volume-title":"An Evolutionary Study of Configuration Design and Implementation in Cloud Systems. In In Proceedings of the 43rd International Conference on Software Engineering (ICSE\u201921)","author":"Zhang Yuanliang","year":"2021"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485517","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485517","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3485517","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:40Z","timestamp":1750191520000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3485517"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,15]]},"references-count":76,"journal-issue":{"issue":"OOPSLA","published-print":{"date-parts":[[2021,10,20]]}},"alternative-id":["10.1145\/3485517"],"URL":"https:\/\/doi.org\/10.1145\/3485517","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,15]]},"assertion":[{"value":"2021-10-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}