Abstract
Dynamic analysis tools, such as those that detect data-races, verify memory safety, and identify information flow, have become a vital part of testing and debugging complex software systems. While these tools are powerful, their slow speed often limits how effectively they can be deployed in practice. Hybrid analysis speeds up these tools by using static analysis to decrease the work performed during dynamic analysis. In this paper we argue that current hybrid analysis is needlessly hampered by an incorrect assumption that preserving the soundness of dynamic analysis requires an underlying sound static analysis. We observe that, even with unsound static analysis, it is possible to achieve sound dynamic analysis for the executions which fall within the set of states statically considered. This leads us to a new approach, called optimistic hybrid analysis. We first profile a small set of executions and generate a set of likely invariants that hold true during most, but not necessarily all, executions. Next, we apply a much more precise, but unsound, static analysis that assumes these invariants hold true. Finally, we run the resulting dynamic analysis speculatively while verifying whether the assumed invariants hold true during that particular execution; if not, the program is reexecuted with a traditional hybrid analysis. Optimistic hybrid analysis is as precise and sound as traditional dynamic analysis, but is typically much faster because (1) unsound static analysis can speed up dynamic analysis much more than sound static analysis can and (2) verifications rarely fail. We apply optimistic hybrid analysis to race detection and program slicing and achieve 1.8x over a state-of-the-art race detector (FastTrack) optimized with traditional hybrid analysis and 8.3x over a hybrid backward slicer (Giri).
- VimGolf. http://vimgolf.com, 2016. Accessed: 2016-07--31.Google Scholar
- Project Gutenbveg. (n.d.). http://www.gutenberg.org, 2017. Accessed: 2017-04--12.Google Scholar
- SvgCuts. http://svgcuts.com, 2017. Accessed: 2017-07--28.Google Scholar
- Agrawal, H., Horgan, J. R., London, S., and Wong, W. E. Fault localization using execution slices and dataflow tests. In Software Reliability Engineering, 1995. Proceedings., Sixth International Symposium on (1995), IEEE, pp. 143--151.Google Scholar
Cross Ref
- Andersen, L. O. Program analysis and specialization for the c programming language. In PhD thesis, DIKU, University of Copenhagen (1994).Google Scholar
- Berndl, M., Lhoták, O., Qian, F., Hendren, L., and Umanee, N. Points-to analysis using bdds. In ACM SIGPLAN Notices (2003), vol. 38, ACM, pp. 103--114. Google Scholar
Digital Library
- Blackburn, S. M., Garner, R., Hoffman, C., Khan, A. M., McKinley, K. S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S. Z., Hirzel, M., Hosking, A., Jump, M., Lee, H., Moss, J. E. B., Phansalkar, A., Stefanoviç, D., VanDrunen, T., von Dincklage, D., and Wiedermann, B. The DaCapo benchmarks: Java benchmarking development and analysis. In OOPSLA '06: Proceedings of the 21st annual ACM SIGPLAN conference on Object-Oriented Programing, Systems, Languages, and Applications (New York, NY, USA, Oct. 2006), ACM Press, pp. 169--190. Google Scholar
Digital Library
- Bond, M. D., and McKinley, K. S. Probabilistic calling context. In ACM SIGPLAN Notices (2007), vol. 42, ACM, pp. 97--112. Google Scholar
Digital Library
- Brace, K. S., Rudell, R. L., and Bryant, R. E. Efficient implementation of a bdd package. In Proceedings of the 27th ACM/IEEE Design Automation Conference (New York, NY, USA, 1990), DAC '90, ACM, pp. 40--45. Google Scholar
Digital Library
- Burke, M. G., Choi, J.-D., Fink, S., Grove, D., Hind, M., Sarkar, V., Serrano, M. J., Sreedhar, V. C., Srinivasan, H., and Whaley, J. The jalapeno dynamic optimizing compiler for java. In Proceedings of the ACM 1999 conference on Java Grande (1999), ACM, pp. 129--141. Google Scholar
Digital Library
- Calder, B., Feller, P., and Eustace, A. Value profiling. In Proceedings of the 30th Annual ACM/IEEE International Symposium on Microarchitecture (Washington, DC, USA, 1997), MICRO 30, IEEE Computer Society, pp. 259--269. Google Scholar
Digital Library
- Chambers, C., and Ungar, D. Customization: Optimizing compiler technology for self, a dynamically-typed object-oriented programming language. SIGPLAN Not. 24, 7 (June 1989), 146--160. Google Scholar
Digital Library
- Chang, W., Streiff, B., and Lin, C. Efficient and extensible security enforcement using dynamic data flow analysis. In Proceedings of the 15th ACM Conference on Computer and Communications Security (New York, NY, USA, 2008), CCS '08, ACM, pp. 39--50. Google Scholar
Digital Library
- Choi, J.-D., Lee, K., Loginov, A., O'Callahan, R., Sarkar, V., and Sridharan, M. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (Berlin, Germany, June 2002). Google Scholar
Digital Library
- Csallner, C., Smaragdakis, Y., and Xie, T. Dsd-crasher: A hybrid analysis tool for bug finding. ACM Trans. Softw. Eng. Methodol. 17, 2 (May 2008), 8:1--8:37. Google Scholar
Digital Library
- Devecsery, D., Chow, M., Dou, X., Flinn, J., and Chen, P. M. Eidetic systems. In Proceedings of the 11th Symposium on Operating Systems Design and Implementation (Broomfield, CO, October 2014). Google Scholar
Digital Library
- Dufour, B., Ryder, B. G., and Sevitsky, G. Blended analysis for performance understanding of framework-based applications. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (New York, NY, USA, 2007), ISSTA '07, ACM, pp. 118--128. Google Scholar
Digital Library
- Dufour, B., Ryder, B. G., and Sevitsky, G. A scalable technique for characterizing the usage of temporaries in framework-intensive java applications. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering (New York, NY, USA, 2008), SIGSOFT '08/FSE-16, ACM, pp. 59--70. Google Scholar
Digital Library
- Elmas, T., Qadeer, S., and Tasiran, S. Goldilocks: A race and transaction-aware Java runtime. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (2007), pp. 245--255. Google Scholar
Digital Library
- Enck, W., Gilbert, P., gon Chun, B., Cox, L. P., Jung, J., McDaniel, P., and Sheth, A. N. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (Vancouver, BC, October 2010). Google Scholar
Digital Library
- Ernst, M. D. Static and dynamic analysis: Synergy and duality. In IN WODA 2003: ICSE WORKSHOP ON DYNAMIC ANALYSIS (2003), pp. 24--27.Google Scholar
- Ernst, M. D., Cockrell, J., Griswold, W. G., and Notkin, D. Dynamically discovering likely program invariants to support program evolution. In Proceedings of the 21st International Conference on Software Engineering (New York, NY, USA, 1999), ICSE '99, ACM, pp. 213--224. Google Scholar
Digital Library
- Flanagan, C., and Freund, S. FastTrack: Efficient and precise dynamic race detection. In Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation (Dublin, Ireland, June 2009), pp. 121--133. Google Scholar
Digital Library
- Flanagan, C., and Freund, S. N. The roadrunner dynamic analysis framework for concurrent programs. In Proceedings of the 9th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (New York, NY, USA, 2010), PASTE '10, ACM, pp. 1--8. Google Scholar
Digital Library
- Gupta, N., He, H., Zhang, X., and Gupta, R. Locating faulty code using failure-inducing chops. In Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering (2005), ACM, pp. 263--272. Google Scholar
Digital Library
- Gupta, R., Soffa, M. L., and Howard, J. Hybrid slicing: Integrating dynamic information with static analysis. ACM Trans. Softw. Eng. Methodol. 6, 4 (Oct. 1997), 370--397. Google Scholar
Digital Library
- Guyer, S. Z., and Lin, C. Client-driven pointer analysis. In Proceedings of the 10th International Conference on Static Analysis (Berlin, Heidelberg, 2003), SAS'03, Springer-Verlag, pp. 214--236. Google Scholar
Digital Library
- Hangal, S., and Lam, M. S. Tracking down software bugs using automatic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering (May 2002), pp. 291--301. Google Scholar
Digital Library
- Hardekopf, B., and Lin, C. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In ACM SIGPLAN Notices (2007), vol. 42, ACM, pp. 290--299. Google Scholar
Digital Library
- Hardekopf, B., and Lin, C. Exploiting pointer and location equivalence to optimize pointer analysis. In International Static Analysis Symposium (2007), Springer, pp. 265--280. Google Scholar
Digital Library
- Kim, T., Chandra, R., and Zeldovich, N. Efficient patch-based auditing for Web application vulnerabilities. In Proceedings of the 10th Symposium on Operating Systems Design and Implementation (Hollywood, CA, October 2012). Google Scholar
Digital Library
- Kinder, J., and Kravchenko, D. Alternating control flow reconstruction. In Proceedings of the 13th International Conference on Verification, Model Checking, and Abstract Interpretation (Berlin, Heidelberg, 2012), VMCAI'12, Springer-Verlag, pp. 267--282. Google Scholar
Digital Library
- Lee, D., Chen, P. M., Flinn, J., and Narayanasamy, S. Chimera: Hybrid program analysis for determinism. In Proceedings of the ACM SIGPLAN 2012 Conference on Programming Language Design and Implementation (Beijing, China, June 2012). Google Scholar
Digital Library
- Livshits, B., Sridharan, M., Smaragdakis, Y., Lhoták, O., Amaral, J. N., Chang, B.-Y. E., Guyer, S. Z., Khedker, U. P., Møller, A., and Vardoulakis, D. In defense of soundiness: A manifesto. Commun. ACM 58, 2 (Jan. 2015), 44--46. Google Scholar
Digital Library
- Mangal, R., Zhang, X., Nori, A. V., and Naik, M. A user-guided approach to program analysis. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (New York, NY, USA, 2015), ESEC/FSE 2015, ACM, pp. 462--473. Google Scholar
Digital Library
- Mock, M., Atkinson, D. C., Chambers, C., and Eggers, S. J. Improving program slicing with dynamic points-to data. In Proceedings of the 10th ACM SIGSOFT Symposium on Foundations of Software Engineering (New York, NY, USA, 2002), SIGSOFT '02/FSE-10, ACM, pp. 71--80. Google Scholar
Digital Library
- Mock, M., Das, M., Chambers, C., and Eggers, S. J. Dynamic points-to sets: A comparison with static analyses and potential applications in program understanding and optimization. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering (2001), ACM, pp. 66--72. Google Scholar
Digital Library
- Myers, A. C. JFlow: Practical mostly-static information flow control. In Proceedings of the ACM SIGPLAN 1999 Conference on Programming Language Design and Implementation (San Antonio, TX, January 1999), pp. 228--241. Google Scholar
Digital Library
- Nagarakatte, S., Zhao, J., Martin, M. M., and Zdancewic, S. Cets: Compiler enforced temporal safety for c. SIGPLAN Not. 45, 8 (June 2010), 31--40. Google Scholar
Digital Library
- Naik, M., Aiken, A., and Whaley, J. Effective static race detection for java. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (New York, NY, USA, 2006), PLDI '06, ACM, pp. 308--319. Google Scholar
Digital Library
- Necula, G. C., McPeak, S., and Weimer, W. Ccured: Type-safe retrofitting of legacy code. SIGPLAN Not. 37, 1 (Jan. 2002), 128--139. Google Scholar
Digital Library
- Nethercote, N., and Seward, J. Valgrind: A framework for heavyweight dynamic binary instrumentation. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (San Diego, CA, June 2007). Google Scholar
Digital Library
- Nimmer, J. W., and Ernst, M. D. Invariant inference for static checking:. In Proceedings of the 10th ACM SIGSOFT Symposium on Foundations of Software Engineering (New York, NY, USA, 2002), SIGSOFT '02/FSE-10, ACM, pp. 11--20. Google Scholar
Digital Library
- Rhodes, D., Flanagan, C., and Freund, S. N. Bigfoot: Static check placement for dynamic race detection. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (New York, NY, USA, 2017), PLDI 2017, ACM, pp. 141--156. Google Scholar
Digital Library
- Sahoo, S. K., Criswell, J., Geigle, C., and Adve, V. Using likely invariants for automated software fault localization. ACM SIGPLAN Notices 48, 4 (2013), 139--152. Google Scholar
Digital Library
- Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., and Anderson, T. Eraser: A dynamic data race detector for multithreaded programs. ACM Transactions on Computer Systems 15, 4 (November 1997), 391--411. Google Scholar
Digital Library
- Sengupta, A., Biswas, S., Zhang, M., Bond, M. D., and Kulkarni, M. Hybrid static--dynamic analysis for statically bounded region serializability. In ACM SIGPLAN Notices (2015), vol. 50, ACM, pp. 561--575. Google Scholar
Digital Library
- Smith, L. A., Bull, J. M., and Obdrzálek, J. A parallel java grande benchmark suite. In Proceedings of the 2001 ACM/IEEE Conference on Supercomputing (New York, NY, USA, 2001), SC '01, ACM, pp. 8--8. Google Scholar
Digital Library
- Steffan, J. G., and Mowry, T. C. The potential for using thread-level data speculation to facilitate automatic parallelization. In Proceedings of the 25th International Symposium on Computer Architecture (February 1998), pp. 2--13. Google Scholar
Digital Library
- Voung, J. W., Jhala, R., and Lerner, S. Relay: static race detection on millions of lines of code. In Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering (Dubrovnik, Croatia, 2007), pp. 205--214. Google Scholar
Digital Library
- Wei, S., and Ryder, B. G. Practical blended taint analysis for javascript. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (New York, NY, USA, 2013), ISSTA 2013, ACM, pp. 336--346. Google Scholar
Digital Library
- Weiser, M. Program slicing. In Proceedings of the 5th International Conference on Software Engineering (Piscataway, NJ, USA, 1981), ICSE '81, IEEE Press, pp. 439--449. Google Scholar
Digital Library
- Zhu, J. Towards scalable flow and context sensitive pointer analysis. In Design Automation Conference, 2005. Proceedings. 42nd (June 2005), pp. 831--836. Google Scholar
Digital Library
Index Terms
Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis
Recommendations
Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating SystemsDynamic analysis tools, such as those that detect data-races, verify memory safety, and identify information flow, have become a vital part of testing and debugging complex software systems. While these tools are powerful, their slow speed often limits ...
A review on exception analysis
Context: Exception handling has become popular in most major programming languages, including Ada, C++, Java, and ML. Since exception handling was introduced in programming languages, there have been various kinds of exception analyses, which analyze ...
Combined Static and Dynamic Analysis
Static analysis is usually faster than dynamic analysis but less precise. Therefore it is often desirable to retain information from static analysis for run-time verification, or to compare the results of both techniques. However, this requires writing ...







Comments