skip to main content
research-article
Public Access

Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis

Published:19 March 2018Publication History
Skip Abstract Section

Abstract

Dynamic analysis tools, such as those that detect data-races, verify memory safety, and identify information flow, have become a vital part of testing and debugging complex software systems. While these tools are powerful, their slow speed often limits how effectively they can be deployed in practice. Hybrid analysis speeds up these tools by using static analysis to decrease the work performed during dynamic analysis. In this paper we argue that current hybrid analysis is needlessly hampered by an incorrect assumption that preserving the soundness of dynamic analysis requires an underlying sound static analysis. We observe that, even with unsound static analysis, it is possible to achieve sound dynamic analysis for the executions which fall within the set of states statically considered. This leads us to a new approach, called optimistic hybrid analysis. We first profile a small set of executions and generate a set of likely invariants that hold true during most, but not necessarily all, executions. Next, we apply a much more precise, but unsound, static analysis that assumes these invariants hold true. Finally, we run the resulting dynamic analysis speculatively while verifying whether the assumed invariants hold true during that particular execution; if not, the program is reexecuted with a traditional hybrid analysis. Optimistic hybrid analysis is as precise and sound as traditional dynamic analysis, but is typically much faster because (1) unsound static analysis can speed up dynamic analysis much more than sound static analysis can and (2) verifications rarely fail. We apply optimistic hybrid analysis to race detection and program slicing and achieve 1.8x over a state-of-the-art race detector (FastTrack) optimized with traditional hybrid analysis and 8.3x over a hybrid backward slicer (Giri).

References

  1. VimGolf. http://vimgolf.com, 2016. Accessed: 2016-07--31.Google ScholarGoogle Scholar
  2. Project Gutenbveg. (n.d.). http://www.gutenberg.org, 2017. Accessed: 2017-04--12.Google ScholarGoogle Scholar
  3. SvgCuts. http://svgcuts.com, 2017. Accessed: 2017-07--28.Google ScholarGoogle Scholar
  4. Agrawal, H., Horgan, J. R., London, S., and Wong, W. E. Fault localization using execution slices and dataflow tests. In Software Reliability Engineering, 1995. Proceedings., Sixth International Symposium on (1995), IEEE, pp. 143--151.Google ScholarGoogle ScholarCross RefCross Ref
  5. Andersen, L. O. Program analysis and specialization for the c programming language. In PhD thesis, DIKU, University of Copenhagen (1994).Google ScholarGoogle Scholar
  6. Berndl, M., Lhoták, O., Qian, F., Hendren, L., and Umanee, N. Points-to analysis using bdds. In ACM SIGPLAN Notices (2003), vol. 38, ACM, pp. 103--114. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Blackburn, S. M., Garner, R., Hoffman, C., Khan, A. M., McKinley, K. S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S. Z., Hirzel, M., Hosking, A., Jump, M., Lee, H., Moss, J. E. B., Phansalkar, A., Stefanoviç, D., VanDrunen, T., von Dincklage, D., and Wiedermann, B. The DaCapo benchmarks: Java benchmarking development and analysis. In OOPSLA '06: Proceedings of the 21st annual ACM SIGPLAN conference on Object-Oriented Programing, Systems, Languages, and Applications (New York, NY, USA, Oct. 2006), ACM Press, pp. 169--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Bond, M. D., and McKinley, K. S. Probabilistic calling context. In ACM SIGPLAN Notices (2007), vol. 42, ACM, pp. 97--112. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Brace, K. S., Rudell, R. L., and Bryant, R. E. Efficient implementation of a bdd package. In Proceedings of the 27th ACM/IEEE Design Automation Conference (New York, NY, USA, 1990), DAC '90, ACM, pp. 40--45. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Burke, M. G., Choi, J.-D., Fink, S., Grove, D., Hind, M., Sarkar, V., Serrano, M. J., Sreedhar, V. C., Srinivasan, H., and Whaley, J. The jalapeno dynamic optimizing compiler for java. In Proceedings of the ACM 1999 conference on Java Grande (1999), ACM, pp. 129--141. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Calder, B., Feller, P., and Eustace, A. Value profiling. In Proceedings of the 30th Annual ACM/IEEE International Symposium on Microarchitecture (Washington, DC, USA, 1997), MICRO 30, IEEE Computer Society, pp. 259--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Chambers, C., and Ungar, D. Customization: Optimizing compiler technology for self, a dynamically-typed object-oriented programming language. SIGPLAN Not. 24, 7 (June 1989), 146--160. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Chang, W., Streiff, B., and Lin, C. Efficient and extensible security enforcement using dynamic data flow analysis. In Proceedings of the 15th ACM Conference on Computer and Communications Security (New York, NY, USA, 2008), CCS '08, ACM, pp. 39--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Choi, J.-D., Lee, K., Loginov, A., O'Callahan, R., Sarkar, V., and Sridharan, M. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (Berlin, Germany, June 2002). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Csallner, C., Smaragdakis, Y., and Xie, T. Dsd-crasher: A hybrid analysis tool for bug finding. ACM Trans. Softw. Eng. Methodol. 17, 2 (May 2008), 8:1--8:37. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Devecsery, D., Chow, M., Dou, X., Flinn, J., and Chen, P. M. Eidetic systems. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation (Broomfield, CO, October 2014). Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Dufour, B., Ryder, B. G., and Sevitsky, G. Blended analysis for performance understanding of framework-based applications. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (New York, NY, USA, 2007), ISSTA '07, ACM, pp. 118--128. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Dufour, B., Ryder, B. G., and Sevitsky, G. A scalable technique for characterizing the usage of temporaries in framework-intensive java applications. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (New York, NY, USA, 2008), SIGSOFT '08/FSE-16, ACM, pp. 59--70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Elmas, T., Qadeer, S., and Tasiran, S. Goldilocks: A race and transaction-aware Java runtime. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (2007), pp. 245--255. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Enck, W., Gilbert, P., gon Chun, B., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (Vancouver, BC, October 2010). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Ernst, M. D. Static and dynamic analysis: Synergy and duality. In IN WODA 2003: ICSE WORKSHOP ON DYNAMIC ANALYSIS (2003), pp. 24--27.Google ScholarGoogle Scholar
  22. Ernst, M. D., Cockrell, J., Griswold, W. G., and Notkin, D. Dynamically discovering likely program invariants to support program evolution. In Proceedings of the 21st International Conference on Software Engineering (New York, NY, USA, 1999), ICSE '99, ACM, pp. 213--224. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Flanagan, C., and Freund, S. FastTrack: Efficient and precise dynamic race detection. In Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation (Dublin, Ireland, June 2009), pp. 121--133. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Flanagan, C., and Freund, S. N. The roadrunner dynamic analysis framework for concurrent programs. In Proceedings of the 9th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (New York, NY, USA, 2010), PASTE '10, ACM, pp. 1--8. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Gupta, N., He, H., Zhang, X., and Gupta, R. Locating faulty code using failure-inducing chops. In Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering (2005), ACM, pp. 263--272. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Gupta, R., Soffa, M. L., and Howard, J. Hybrid slicing: Integrating dynamic information with static analysis. ACM Trans. Softw. Eng. Methodol. 6, 4 (Oct. 1997), 370--397. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Guyer, S. Z., and Lin, C. Client-driven pointer analysis. In Proceedings of the 10th International Conference on Static Analysis (Berlin, Heidelberg, 2003), SAS'03, Springer-Verlag, pp. 214--236. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Hangal, S., and Lam, M. S. Tracking down software bugs using automatic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering (May 2002), pp. 291--301. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Hardekopf, B., and Lin, C. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In ACM SIGPLAN Notices (2007), vol. 42, ACM, pp. 290--299. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Hardekopf, B., and Lin, C. Exploiting pointer and location equivalence to optimize pointer analysis. In International Static Analysis Symposium (2007), Springer, pp. 265--280. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Kim, T., Chandra, R., and Zeldovich, N. Efficient patch-based auditing for Web application vulnerabilities. In Proceedings of the 10th Symposium on Operating Systems Design and Implementation (Hollywood, CA, October 2012). Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Kinder, J., and Kravchenko, D. Alternating control flow reconstruction. In Proceedings of the 13th International Conference on Verification, Model Checking, and Abstract Interpretation (Berlin, Heidelberg, 2012), VMCAI'12, Springer-Verlag, pp. 267--282. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Lee, D., Chen, P. M., Flinn, J., and Narayanasamy, S. Chimera: Hybrid program analysis for determinism. In Proceedings of the ACM SIGPLAN 2012 Conference on Programming Language Design and Implementation (Beijing, China, June 2012). Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Livshits, B., Sridharan, M., Smaragdakis, Y., Lhoták, O., Amaral, J. N., Chang, B.-Y. E., Guyer, S. Z., Khedker, U. P., Møller, A., and Vardoulakis, D. In defense of soundiness: A manifesto. Commun. ACM 58, 2 (Jan. 2015), 44--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Mangal, R., Zhang, X., Nori, A. V., and Naik, M. A user-guided approach to program analysis. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (New York, NY, USA, 2015), ESEC/FSE 2015, ACM, pp. 462--473. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Mock, M., Atkinson, D. C., Chambers, C., and Eggers, S. J. Improving program slicing with dynamic points-to data. In Proceedings of the 10th ACM SIGSOFT Symposium on Foundations of Software Engineering (New York, NY, USA, 2002), SIGSOFT '02/FSE-10, ACM, pp. 71--80. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Mock, M., Das, M., Chambers, C., and Eggers, S. J. Dynamic points-to sets: A comparison with static analyses and potential applications in program understanding and optimization. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering (2001), ACM, pp. 66--72. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Myers, A. C. JFlow: Practical mostly-static information flow control. In Proceedings of the ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation (San Antonio, TX, January 1999), pp. 228--241. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Nagarakatte, S., Zhao, J., Martin, M. M., and Zdancewic, S. Cets: Compiler enforced temporal safety for c. SIGPLAN Not. 45, 8 (June 2010), 31--40. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Naik, M., Aiken, A., and Whaley, J. Effective static race detection for java. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (New York, NY, USA, 2006), PLDI '06, ACM, pp. 308--319. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Necula, G. C., McPeak, S., and Weimer, W. Ccured: Type-safe retrofitting of legacy code. SIGPLAN Not. 37, 1 (Jan. 2002), 128--139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Nethercote, N., and Seward, J. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (San Diego, CA, June 2007). Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Nimmer, J. W., and Ernst, M. D. Invariant inference for static checking:. In Proceedings of the 10th ACM SIGSOFT Symposium on Foundations of Software Engineering (New York, NY, USA, 2002), SIGSOFT '02/FSE-10, ACM, pp. 11--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Rhodes, D., Flanagan, C., and Freund, S. N. Bigfoot: Static check placement for dynamic race detection. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (New York, NY, USA, 2017), PLDI 2017, ACM, pp. 141--156. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Sahoo, S. K., Criswell, J., Geigle, C., and Adve, V. Using likely invariants for automated software fault localization. ACM SIGPLAN Notices 48, 4 (2013), 139--152. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems 15, 4 (November 1997), 391--411. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Sengupta, A., Biswas, S., Zhang, M., Bond, M. D., and Kulkarni, M. Hybrid static--dynamic analysis for statically bounded region serializability. In ACM SIGPLAN Notices (2015), vol. 50, ACM, pp. 561--575. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. Smith, L. A., Bull, J. M., and Obdrzálek, J. A parallel java grande benchmark suite. In Proceedings of the 2001 ACM/IEEE Conference on Supercomputing (New York, NY, USA, 2001), SC '01, ACM, pp. 8--8. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Steffan, J. G., and Mowry, T. C. The potential for using thread-level data speculation to facilitate automatic parallelization. In Proceedings of the 25th International Symposium on Computer Architecture (February 1998), pp. 2--13. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Voung, J. W., Jhala, R., and Lerner, S. Relay: static race detection on millions of lines of code. In Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering (Dubrovnik, Croatia, 2007), pp. 205--214. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Wei, S., and Ryder, B. G. Practical blended taint analysis for javascript. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (New York, NY, USA, 2013), ISSTA 2013, ACM, pp. 336--346. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. Weiser, M. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (Piscataway, NJ, USA, 1981), ICSE '81, IEEE Press, pp. 439--449. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Zhu, J. Towards scalable flow and context sensitive pointer analysis. In Design Automation Conference, 2005. Proceedings. 42nd (June 2005), pp. 831--836. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!