A declarative framework for stateful analysis of execution traces

Abstract

With newer complex multi-core systems, it is important to understand an application’s runtime behavior to be able to debug its execution, detect possible problems and bottlenecks and finally identify potential root causes. Execution traces usually contain precise data about an application execution. Their analysis and abstraction at multiple levels can provide valuable information and insights about an application’s runtime behavior. However, with multiple abstraction levels, it becomes increasingly difficult to find the exact location of detected performance or security problems. Tracing tools provide various analysis views to help users to understand their application problems. However, these pre-defined views are often not sufficient to reveal all analysis aspects of the underlying application. A declarative approach that enables users to specify and build their own custom analysis and views based on their knowledge, requirements and problems can be more useful and effective. In this paper, we propose a generic declarative trace analysis framework to analyze, comprehend and visualize execution traces. This enhanced framework builds custom analyses based on a specified modeled state, extracted from a system execution trace and stored in a special purpose database. The proposed solution enables users to first define their different analysis models based on their application and requirements, then visualize these models in many alternate representations (Gantt chart, XY chart, etc.), and finally filter the data to get some highlights or detect some potential patterns. Several sample applications with different operating systems are shown, using trace events gathered from Linux and Windows, at the kernel and user-space levels.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Notes

  1. 1.

    http://www.eclipse.org/linuxtools/projectPages/lttng/.

  2. 2.

    http://www.chromium.org/developers/how-tos/trace-event-profiling-tool.

  3. 3.

    http://diamon.org/ctf/.

  4. 4.

    http://projects.eclipse.org/projects/tools.tracecompass.

  5. 5.

    http://secretaire.dorsal.polymtl.ca/~fwininger/XmlStateProvider/.

  6. 6.

    http://lttng.org/download.

  7. 7.

    http://github.com/fwininger/XML4TMF/blob/master/Kernel.Windows.xml.

  8. 8.

    chrome://tracing in the Chromium browser.

References

  1. Blunck, J., Desnoyers, M., & Fournier, P.-M. (2009). Userspace application tracing with markers and tracepoints. In Proceedings of the Linux Kongress.

  2. Cantrill, B. M., Shapiro, M. W., & Leventhal, A. H. (2004). Dynamic instrumentation of production systems. In Proceedings of the annual conference on USENIX annual technical conference, ATEC 04, Berkeley, CA, USA (pp. 2–2). USENIX Association.

  3. Cohen, I., Goldszmidt, M., Kelly, T., Symons, J., & Chase, J. S. (2004). Correlating instrumentation data to system states: a building block for automated diagnosis and control. In Proceedings of the 6th conference on symposium on operating systems design implementation—Volume 6, Berkeley, CA, USA (pp. 16–16). USENIX Association.

  4. Cohen, I., Zhang, S., Goldszmidt, M., Symons, J., Kelly, T., & Fox, A. (2005). Capturing, indexing, clustering, and retrieving system history. SIGOPS Operating Systems Review, 39, 105–118.

    Article  Google Scholar 

  5. Deschênes, J.-H., Desnoyers, M., & Dagenais, M. R. (2008). Tracing time operating system state determination. Open Software Engineering Journal, 2, 40–44.

    Article  Google Scholar 

  6. Desnoyers, M., & Dagenais, M. R. (2006). The LTTng tracer: A low impact performance and behavior monitor for GNU/Linux. In OLS (Ottawa Linux symposium) (Vol. 2006, pp. 209–224).

  7. Desnoyers, M., & Dagenais, M. (2008). Lttng: Tracing across execution layers, from the hypervisor to user-space. In Linux symposium (p. 101).

  8. Eckmann, S., Vigna, G., & Kemmerer, R. (2002). Statl: An attack language for state-based intrusion detection. Journal of Computer Security, 10(1/2), 71–104.

    Article  Google Scholar 

  9. Eigler, F. C., & Hat, R. (2006). Problem solving with systemtap. In Proceedings of the Ottawa Linux symposium (pp. 261–268). Citeseer.

  10. Ezzati-Jivan, N., & Dagenais, M. (2014). Multiscale navigation in large trace data. In 27th Annual IEEE Canadian conference on electrical and computer engineering (CCECE) 2014 (pp. 1–6).

  11. Ezzati-Jivan, N., & Dagenais, M. R. (2012). A stateful approach to generate synthetic events from Kernel traces. Advances in Software Engineering, 2012. doi:10.1155/2012/140368.

  12. Ezzati-Jivan, N., Shameli-Sendi, A., & Dagenais, M. (2013) Multilevel label placement for execution trace events. In 26th Annual IEEE Canadian conference on electrical and computer engineering (CCECE), 2013 (pp. 1–6).

  13. Ezzati-Jivan, N., & Dagenais, M. R. (2013). A framework to compute statistics of system parameters from very large trace files. ACM SIGOPS Operating Systems Review, 47, 43–54.

    Article  Google Scholar 

  14. Gebai, M., Giraldeau, F., & Dagenais, M. R. (2014). Fine-grained preemption analysis for latency investigation across virtual machines. Journal of Cloud Computing: Advances, Systems and Applications, 3(1), 41.

    Google Scholar 

  15. Goldsmith, S. F., O’Callahan, R., & Aiken, A. (2005). Relational queries over program traces. SIGPLAN Notices, 40, 385–402.

    Article  Google Scholar 

  16. Habra, N., Le Charlier, B., Mounji, A., Mathieu, I. (1992). Asax: Software architecture and rule-based language for universal audit trail analysis. In Computer SecurityESORICS 92 (pp. 435–450). Springer

  17. Hamou-Lhadj, A., Murtaza, S.S., Fadel, W., Mehrabian, A., Couture, M., & Khoury, R. (2013). Software behaviour correlation in a redundant and diverse environment using the concept of trace abstraction. In Proceedings of the 2013 research in adaptive and convergent systems, RACS ’13, New York, NY, USA (pp. 328–335). ACM.

  18. Lee, K. H., Sumner, N., Zhang, X., & Eugster, P. (2011). Unified debugging of distributed systems with recon. In Proceedings of the 2011 IEEE/IFIP 41st international conference on dependable systems & networks, DSN ’11, Washington, DC, USA (pp. 85–96). IEEE Computer Society.

  19. Martin, M., Livshits, B., & Lam, M. S. (2005). Finding application errors and security flaws using PQL: A program query language. SIGPLAN Notices, 40, 365–383.

    Article  Google Scholar 

  20. Matni, G., & Dagenais, M. (May 2009). Automata-based approach for kernel trace analysis. In Canadian conference on electrical and computer engineering, 2009. CCECE 09 (pp. 970–973).

  21. Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). State history tree: An incremental disk-based data structure for very large interval data. In 2013 ASE/IEEE international conference on big data.

  22. Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). Efficient model to query and visualize the system states extracted from trace data. In A. Legay & S. Bensalem (Eds.), Runtime verification, vol. 8174 of lecture notes in computer science (pp. 219–234). Berlin, Heidelberg: Springer.

    Google Scholar 

  23. Roesch, M., et al. (1999). Snort: Lightweight intrusion detection for networks. LISA, 99, 229–238.

    Google Scholar 

  24. Schnorr, L. M., Huard, G., & Navaux, P. O. A. (2009). Towards visualization scalability through time intervals and hierarchical organization of monitoring data. In Proceedings of the 2009 9th IEEE/ACM international symposium on cluster computing and the grid, CCGRID 09, Washington, DC, USA (pp. 428–435). IEEE Computer Society

  25. Waly, H. (2011). A complete framework for kernel trace analysis. Master’s thesis, Laval University.

  26. Zaki, O., Lusk, E., Gropp, W., & Swider, D. (1999). Toward scalable performance visualization with jumpshot. The International Journal of High Performance Computing Applications, 13, 277–288.

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Naser Ezzati-Jivan.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wininger, F., Ezzati-Jivan, N. & Dagenais, M.R. A declarative framework for stateful analysis of execution traces. Software Qual J 25, 201–229 (2017). https://doi.org/10.1007/s11219-016-9311-0

Download citation

Keywords

  • Software debugging
  • Declarative debugging
  • Execution trace analysis