SPIDER: A Practical Fuzzing Framework to Uncover Stateful Performance Issues in SDN Controllers

Performance issues in software-defined network (SDN) controllers can have serious impacts on the performance and availability of networks. We specifically consider stateful performance issues, where a sequence of initial input messages drives an SDN controller into a state such that its performance degrades pathologically when processing subsequent messages. We identify key challenges in applying canonical program analysis techniques: large input space of messages (e.g., stateful OpenFlow protocol), complex code base and software architecture (e.g., OSGi framework with dynamic launch), and the semantic dependencies between the internal state and external inputs. We design SPIDER, a practical fuzzing workflow that tackles these challenges and automatically uncovers such issues in SDN controllers. SPIDER's design entails a careful synthesis and extension of semantic fuzzing, performance fuzzing, and static analysis, taken together with domain-specific insights to tackle these challenges. We show that our design workflow is robust across two controllers -- ONOS and OpenDaylight -- with very different internal implementations. Using SPIDER, we were able to identify and confirm multiple stateful performance issues.