Principles and Tool Support for Detecting Latent Bugs in Modern Software Systems

Modern software systems are designed for high availability, resilience, and performance. Their scale, however, makes them prone to latent, complex bugs that escape in-house testing. These defects, ranging from subtle concurrency issues to cross-component or cascading faults, to performance bottlenecks, typically surface under rare timing, unusual external events, excessive resource utilization, or unexpected workloads that existing tests seldom detect. Left unchecked, they trigger catastrophic failures, severe outages, and serious data corruption, at multi-billion-dollar remediation costs. As the following chapters will show, current testing infrastructure and bug-finding tools, while useful, often fail to detect such bugs for three key reasons. First, techniques that explore the full state space or apply expensive program analysis do not scale to the complexity of modern systems. Second, lightweight approaches, in contrast, require a prohibitive number of test executions, handcrafted annotations or specialized inputs. Third, the vast majority of these techniques focus on low-level symptoms, thus routinely missing "higher order" bugs that surface from the interaction of code, operational policies, and workloads. To address these limitations, this dissertation proposes a unified paradigm based on two key principles that improve both bug detection coverage and practicality. First, techniques presented in the next chapters actively perturb the program's execution, through thread delays (timing), transient faults (fault injection), or adversarial inputs (test generation), to exercise rare, faulty code paths. These perturbations are guided by semantic analysis derived from lightweight static/dynamic analysis, execution feedback, and AI-assisted heuristics, thereby trading soundness for practicality. Second, techniques described in this dissertation repurpose the extensive test suites that deploy with modern software systems, turning existing tests into bug triggers, without forcing software engineers to craft new tests, which is a tedious and time-consuming task.