Abstract
Operating systems represent large pieces of complex software that are carefully tested and broadly deployed. Despite this, developers frequently have little more than their source code to understand how they behave. This static representation of a system results in limited insight into execution dynamics, such as what code is important, how data flows through a system, or how threads interact with one another. We describe Tralfamadore, a system that preserves complete traces of machine execution as an artifact that can be queried and analyzed with a library of simple, reusable operators, making it easy to develop and run new dynamic analyses. We demonstrate the benefits of this approach with several example applications, including a novel unified source and execution browser.
- C/C+ trace-based debugger based on chronicle and eclipse. http://code.google.com/p/chronomancer/.Google Scholar
- Vassert programming guide. http://www.vmware.com/pdf/ws65_vassert_programming.pdf.Google Scholar
- Replay debugging on linux. http://www.vmware.com/pdf/ws7_replay_linux_technote.pdf.Google Scholar
- H. Agrawal and J. R. Horgan. Dynamic program slicing. In PLDI '90. Google Scholar
Digital Library
- F. Bellard. QEMU, a fast and portable dynamic translator. In USENIX Annual Technical Conference, 2005. Google Scholar
Digital Library
- S. Bhansali, W.-K. Chen, S. de Jong, A. Edwards, R. Murray, M. Drinić, D. Mihocka, and J. Chau. Framework for instruction-level tracing and analysis of program executions. In VEE '06. Google Scholar
Digital Library
- P. P. Bungale and C.-K. Luk. Pinos: a programmable framework for whole-system dynamic instrumentation. In Virtual execution environments, 2007. ISBN 978--1--59593--630--1. Google Scholar
Digital Library
- J.-D. Choi, B. P. Miller, and R. H. B. Netzer. Techniques for debugging parallel programs with flowback analysis. ACM Transactions on Programming Languages and Systems, 13, 1991. URL http://doi.acm.org/10.1145/115372.115324. Google Scholar
Digital Library
- J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In USENIX Security Symposium, 2004. URL http://portal.acm.org/citation.cfm?id=1251375.1251397. Google Scholar
Digital Library
- J. Chow, T. Garfinkel, and P. M. Chen. Decoupling dynamic program analysis from execution in virtual environments. In USENIX Annual Technical Conference, 2008. Google Scholar
Digital Library
- G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. Revirt: enabling intrusion analysis through virtual-machine logging and replay. In Operating Systems Design and Implementation, 2002. Google Scholar
Digital Library
- S. Goldsmith, R. O'Callahan, and A. Aiken. Relational queries over program traces. In Object-Oriented Programming, Systems, Languages, and Applications, 2005. Google Scholar
Digital Library
- D. R. Hower and M. D. Hill. Rerun: Exploiting episodes for lightweight memory race recording. In International Symposium on Computer Architecture, 2008. URL http://dx.doi.org/10.1109/ISCA.2008.26. Google Scholar
Digital Library
- A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Symposium on Operating Systems Principles, 2005. URL http://doi.acm.org/10.1145/1095810.1095820. Google Scholar
Digital Library
- S. T. King, G. W. Dunlap, and P. M. Chen. Debugging operating systems with time-traveling virtual machines. In USENIX Annual Technical Conference, 2005. Google Scholar
Digital Library
- E. Kohler, R. Morris, B. Chen, J. Jannotti, and F. M. Kaashoek. The Click modular router. ACM Transactions on Computer Systems, 2000. Google Scholar
Digital Library
- K. P. Lawton. Bochs: A portable PC emulator for unix/x. Linux Journal. ISSN 1075--3583. Google Scholar
Digital Library
- G. Lefebvre, B. Cully, M. J. Feeley, N. C. Hutchinson, and A. Warfield. Tralfamadore: Unifying source code and execution experience (short paper). In EuroSys, 2009. Google Scholar
Digital Library
- B. Lewis. Debugging backwards in time. In Workshop on Automated Debugging, 2003.Google Scholar
- C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In Programming Language Design and Implementation, 2005. Google Scholar
Digital Library
- M. Martin, B. Livshits, and M. S. Lam. Finding application errors and security flaws using pql: a program query language. In Object-Oriented Programming, Systems, Languages, and Applications, 2005. Google Scholar
Digital Library
- P. Montesinos, L. Ceze, and J. Torrellas. DeLorean: Recording and deterministically replaying shared-memory multiprocessor execution efficiently. In International Symposium on Computer Architecture, 2008. URL http://dx.doi.org/10.1109/ISCA.2008.36. Google Scholar
Digital Library
- S. Mysore, B. Mazloom, B. Agrawal, and T. Sherwood. Understanding and visualizing full systems with data flow tomography. In Architectural Support for Programming Languages and Operating Systems, 2008. Google Scholar
Digital Library
- N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. In Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- M. Olszewski, K. Mierle, A. Czajkowski, and A. D. Brown. JIT instrumentation: a novel approach to dynamically instrument operating systems. In EuroSys, 2007. URL http://doi.acm.org/10.1145/1272996.1273000. Google Scholar
Digital Library
- S. Park, Y. Zhou, W. Xiong, Z. Yin, R. Kaushik, K. H. Lee, and S. Lu. PRES: probabilistic replay with execution sketching on multiprocessors. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pages 177--192, New York, NY, USA, 2009. ACM. ISBN 978--1--60558--752--3. http://doi.acm.org/10.1145/1629575.1629593. URL http://doi.acm.org/10.1145/1629575.1629593. Google Scholar
Digital Library
- H. Patil, C. Pereira, M. Stallcup, G. Lueck, and J. Cownie. PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs. In Code Generation and Optimization, 2010. URL http://doi.acm.org/10.1145/1772954.1772958. Google Scholar
Digital Library
- V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks, 31 (23--24), 1999. Google Scholar
Digital Library
- G. Pothier, E. Tanter, and J. Piquer. Scalable omniscient debugging. In Object-Oriented Programming, Systems, Languages, and Applications, 2007. Google Scholar
Digital Library
- F. Reiss, K. Stockinger, K. Wu, A. Shoshani, and J. M. Hellerstein. Enabling real-time querying of live and historical stream data. In Scientific and Statistical Database Management, 2007. Google Scholar
Digital Library
- M. Rosenblum, S. A. Herrod, E. Witchel, and A. Gupta. Complete computer system simulation: The SimOS approach. IEEE Parallel and Distributed Technology, 3, 1995. URL http://dx.doi.org/10.1109/88.473612. Google Scholar
Digital Library
- M. Rosenblum, E. Bugnion, S. Devine, and S. A. Herrod. Using the SimOS machine simulator to study complex computer systems. ACM Transactions on Modeling and Computer Simulation, 7, 1997. URL http://doi.acm.org/10.1145/244804.244807. Google Scholar
Digital Library
- D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, N. James, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In International Conference on Information Systems Security, 2008. http://dx.doi.org/10.1007/978--3--540--89862--7_1. URL http://dx.doi.org/10.1007/978--3--540--89862--7_1. Google Scholar
Digital Library
- K. Veeraraghavan, D. Lee, B. Wester, J. Ouyang, P. M. Chen, J. Flinn, and S. Narayanasamy. DoublePlay: parallelizing sequential logging and replay. In Proceedings of the sixteenth international conference on Architectural support for programming languages and operating systems, ASPLOS '11, pages 15--26, New York, NY, USA, 2011. ACM. ISBN 978--1--4503-0266--1. http://doi.acm.org/10.1145/1950365.1950370. URL http://doi.acm.org/10.1145/1950365.1950370. Google Scholar
Digital Library
- K. Vonnegut. Slaughterhouse Five. Delacorte, 1969. ISBN 0-385-31208-3.Google Scholar
- M. Weiser. Program slicing. In International Conference on Software Engineering, 1981. Google Scholar
Digital Library
- M. Xu, R. Bodik, and M. D. Hill. A "flight data recorder" for enabling full-system multiprocessor deterministic replay. In International Symposium on Computer Architecture, 2003. Google Scholar
Digital Library
- M. Xu, V. Malyugin, J. Sheldon, G. Venkitachalam, and B. Weissman. Retrace: Collecting execution trace with virtual machine deterministic replay. In Modeling, Benchmarking and Simulation, 2007.Google Scholar
- X. Zhang and R. Gupta. Whole execution traces and their applications. ACM Transactions on Architecture and Code Optimization, 2, 2005. URL http://doi.acm.org/10.1145/1089008.1089012. Google Scholar
Digital Library
Index Terms
Execution mining
Recommendations
A novel approach for untrusted code execution
ICICS'07: Proceedings of the 9th international conference on Information and communications securityIn this paper, we present a new approach called Secure Virtual Execution Environment (SVEE) which enables users to "try out" untrusted software without the fear of damaging the system in any manner. A key feature of SVEE is that it implements the OS ...
A Secure Virtual Execution Environment for Untrusted Code
Information Security and Cryptology - ICISC 2007AbstractThis paper proposes a Secure Virtual Execution Environment called Pollux for untrusted code. Pollux achieves both the OS isolation and the functionality benefits provided by the isolated untrusted applications. It accomplishes the OS isolation by ...
Enabling Instantaneous Relocation of Virtual Machines with a Lightweight VMM Extension
CCGRID '10: Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid ComputingWe are developing an efficient resource management system with aggressive virtual machine (VM) relocation among physical nodes in a data center. Existing live migration technology, however, requires a long time to change the execution host of a VM, it ...







Comments