skip to main content
research-article

Execution mining

Authors Info & Claims
Published:03 March 2012Publication History
Skip Abstract Section

Abstract

Operating systems represent large pieces of complex software that are carefully tested and broadly deployed. Despite this, developers frequently have little more than their source code to understand how they behave. This static representation of a system results in limited insight into execution dynamics, such as what code is important, how data flows through a system, or how threads interact with one another. We describe Tralfamadore, a system that preserves complete traces of machine execution as an artifact that can be queried and analyzed with a library of simple, reusable operators, making it easy to develop and run new dynamic analyses. We demonstrate the benefits of this approach with several example applications, including a novel unified source and execution browser.

References

  1. C/C+ trace-based debugger based on chronicle and eclipse. http://code.google.com/p/chronomancer/.Google ScholarGoogle Scholar
  2. Vassert programming guide. http://www.vmware.com/pdf/ws65_vassert_programming.pdf.Google ScholarGoogle Scholar
  3. Replay debugging on linux. http://www.vmware.com/pdf/ws7_replay_linux_technote.pdf.Google ScholarGoogle Scholar
  4. H. Agrawal and J. R. Horgan. Dynamic program slicing. In PLDI '90. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. F. Bellard. QEMU, a fast and portable dynamic translator. In USENIX Annual Technical Conference, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. S. Bhansali, W.-K. Chen, S. de Jong, A. Edwards, R. Murray, M. Drinić, D. Mihocka, and J. Chau. Framework for instruction-level tracing and analysis of program executions. In VEE '06. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. P. P. Bungale and C.-K. Luk. Pinos: a programmable framework for whole-system dynamic instrumentation. In Virtual execution environments, 2007. ISBN 978--1--59593--630--1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. J.-D. Choi, B. P. Miller, and R. H. B. Netzer. Techniques for debugging parallel programs with flowback analysis. ACM Transactions on Programming Languages and Systems, 13, 1991. URL http://doi.acm.org/10.1145/115372.115324. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In USENIX Security Symposium, 2004. URL http://portal.acm.org/citation.cfm?id=1251375.1251397. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. Chow, T. Garfinkel, and P. M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In USENIX Annual Technical Conference, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In Operating Systems Design and Implementation, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. S. Goldsmith, R. O'Callahan, and A. Aiken. Relational queries over program traces. In Object-Oriented Programming, Systems, Languages, and Applications, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. R. Hower and M. D. Hill. Rerun: Exploiting episodes for lightweight memory race recording. In International Symposium on Computer Architecture, 2008. URL http://dx.doi.org/10.1109/ISCA.2008.26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Symposium on Operating Systems Principles, 2005. URL http://doi.acm.org/10.1145/1095810.1095820. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. T. King, G. W. Dunlap, and P. M. Chen. Debugging operating systems with time-traveling virtual machines. In USENIX Annual Technical Conference, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. E. Kohler, R. Morris, B. Chen, J. Jannotti, and F. M. Kaashoek. The Click modular router. ACM Transactions on Computer Systems, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. K. P. Lawton. Bochs: A portable PC emulator for unix/x. Linux Journal. ISSN 1075--3583. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. G. Lefebvre, B. Cully, M. J. Feeley, N. C. Hutchinson, and A. Warfield. Tralfamadore: Unifying source code and execution experience (short paper). In EuroSys, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Lewis. Debugging backwards in time. In Workshop on Automated Debugging, 2003.Google ScholarGoogle Scholar
  20. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Programming Language Design and Implementation, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. Martin, B. Livshits, and M. S. Lam. Finding application errors and security flaws using pql: a program query language. In Object-Oriented Programming, Systems, Languages, and Applications, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. P. Montesinos, L. Ceze, and J. Torrellas. DeLorean: Recording and deterministically replaying shared-memory multiprocessor execution efficiently. In International Symposium on Computer Architecture, 2008. URL http://dx.doi.org/10.1109/ISCA.2008.36. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. S. Mysore, B. Mazloom, B. Agrawal, and T. Sherwood. Understanding and visualizing full systems with data flow tomography. In Architectural Support for Programming Languages and Operating Systems, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Programming Language Design and Implementation, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. M. Olszewski, K. Mierle, A. Czajkowski, and A. D. Brown. JIT instrumentation: a novel approach to dynamically instrument operating systems. In EuroSys, 2007. URL http://doi.acm.org/10.1145/1272996.1273000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. S. Park, Y. Zhou, W. Xiong, Z. Yin, R. Kaushik, K. H. Lee, and S. Lu. PRES: probabilistic replay with execution sketching on multiprocessors. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pages 177--192, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--752--3. http://doi.acm.org/10.1145/1629575.1629593. URL http://doi.acm.org/10.1145/1629575.1629593. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. H. Patil, C. Pereira, M. Stallcup, G. Lueck, and J. Cownie. PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs. In Code Generation and Optimization, 2010. URL http://doi.acm.org/10.1145/1772954.1772958. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks, 31 (23--24), 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. G. Pothier, E. Tanter, and J. Piquer. Scalable omniscient debugging. In Object-Oriented Programming, Systems, Languages, and Applications, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. F. Reiss, K. Stockinger, K. Wu, A. Shoshani, and J. M. Hellerstein. Enabling real-time querying of live and historical stream data. In Scientific and Statistical Database Management, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Rosenblum, S. A. Herrod, E. Witchel, and A. Gupta. Complete computer system simulation: The SimOS approach. IEEE Parallel and Distributed Technology, 3, 1995. URL http://dx.doi.org/10.1109/88.473612. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. M. Rosenblum, E. Bugnion, S. Devine, and S. A. Herrod. Using the SimOS machine simulator to study complex computer systems. ACM Transactions on Modeling and Computer Simulation, 7, 1997. URL http://doi.acm.org/10.1145/244804.244807. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, N. James, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In International Conference on Information Systems Security, 2008. http://dx.doi.org/10.1007/978--3--540--89862--7_1. URL http://dx.doi.org/10.1007/978--3--540--89862--7_1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. K. Veeraraghavan, D. Lee, B. Wester, J. Ouyang, P. M. Chen, J. Flinn, and S. Narayanasamy. DoublePlay: parallelizing sequential logging and replay. In Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems, ASPLOS '11, pages 15--26, New York, NY, USA, 2011. ACM. ISBN 978--1--4503-0266--1. http://doi.acm.org/10.1145/1950365.1950370. URL http://doi.acm.org/10.1145/1950365.1950370. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. K. Vonnegut. Slaughterhouse Five. Delacorte, 1969. ISBN 0-385-31208-3.Google ScholarGoogle Scholar
  36. M. Weiser. Program slicing. In International Conference on Software Engineering, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In International Symposium on Computer Architecture, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. Xu, V. Malyugin, J. Sheldon, G. Venkitachalam, and B. Weissman. Retrace: Collecting execution trace with virtual machine deterministic replay. In Modeling, Benchmarking and Simulation, 2007.Google ScholarGoogle Scholar
  39. X. Zhang and R. Gupta. Whole execution traces and their applications. ACM Transactions on Architecture and Code Optimization, 2, 2005. URL http://doi.acm.org/10.1145/1089008.1089012. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Execution mining

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 47, Issue 7
      VEE '12
      July 2012
      229 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2365864
      Issue’s Table of Contents
      • cover image ACM Conferences
        VEE '12: Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
        March 2012
        248 pages
        ISBN:9781450311762
        DOI:10.1145/2151024

      Copyright © 2012 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 3 March 2012

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!