With newer complex multi-core systems, it is important to understand an application’s runtime behavior to be able to debug its execution, detect possible problems and bottlenecks and finally identify potential root causes. Execution traces usually contain precise data about an application execution. Their analysis and abstraction at multiple levels can provide valuable information and insights about an application’s runtime behavior. However, with multiple abstraction levels, it becomes increasingly difficult to find the exact location of detected performance or security problems. Tracing tools provide various analysis views to help users to understand their application problems. However, these pre-defined views are often not sufficient to reveal all analysis aspects of the underlying application. A declarative approach that enables users to specify and build their own custom analysis and views based on their knowledge, requirements and problems can be more useful and effective. In this paper, we propose a generic declarative trace analysis framework to analyze, comprehend and visualize execution traces. This enhanced framework builds custom analyses based on a specified modeled state, extracted from a system execution trace and stored in a special purpose database. The proposed solution enables users to first define their different analysis models based on their application and requirements, then visualize these models in many alternate representations (Gantt chart, XY chart, etc.), and finally filter the data to get some highlights or detect some potential patterns. Several sample applications with different operating systems are shown, using trace events gathered from Linux and Windows, at the kernel and user-space levels.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
Tax calculation will be finalised during checkout.
chrome://tracing in the Chromium browser.
Blunck, J., Desnoyers, M., & Fournier, P.-M. (2009). Userspace application tracing with markers and tracepoints. In Proceedings of the Linux Kongress.
Cantrill, B. M., Shapiro, M. W., & Leventhal, A. H. (2004). Dynamic instrumentation of production systems. In Proceedings of the annual conference on USENIX annual technical conference, ATEC 04, Berkeley, CA, USA (pp. 2–2). USENIX Association.
Cohen, I., Goldszmidt, M., Kelly, T., Symons, J., & Chase, J. S. (2004). Correlating instrumentation data to system states: a building block for automated diagnosis and control. In Proceedings of the 6th conference on symposium on operating systems design implementation—Volume 6, Berkeley, CA, USA (pp. 16–16). USENIX Association.
Cohen, I., Zhang, S., Goldszmidt, M., Symons, J., Kelly, T., & Fox, A. (2005). Capturing, indexing, clustering, and retrieving system history. SIGOPS Operating Systems Review, 39, 105–118.
Deschênes, J.-H., Desnoyers, M., & Dagenais, M. R. (2008). Tracing time operating system state determination. Open Software Engineering Journal, 2, 40–44.
Desnoyers, M., & Dagenais, M. R. (2006). The LTTng tracer: A low impact performance and behavior monitor for GNU/Linux. In OLS (Ottawa Linux symposium) (Vol. 2006, pp. 209–224).
Desnoyers, M., & Dagenais, M. (2008). Lttng: Tracing across execution layers, from the hypervisor to user-space. In Linux symposium (p. 101).
Eckmann, S., Vigna, G., & Kemmerer, R. (2002). Statl: An attack language for state-based intrusion detection. Journal of Computer Security, 10(1/2), 71–104.
Eigler, F. C., & Hat, R. (2006). Problem solving with systemtap. In Proceedings of the Ottawa Linux symposium (pp. 261–268). Citeseer.
Ezzati-Jivan, N., & Dagenais, M. (2014). Multiscale navigation in large trace data. In 27th Annual IEEE Canadian conference on electrical and computer engineering (CCECE) 2014 (pp. 1–6).
Ezzati-Jivan, N., & Dagenais, M. R. (2012). A stateful approach to generate synthetic events from Kernel traces. Advances in Software Engineering, 2012. doi:10.1155/2012/140368.
Ezzati-Jivan, N., Shameli-Sendi, A., & Dagenais, M. (2013) Multilevel label placement for execution trace events. In 26th Annual IEEE Canadian conference on electrical and computer engineering (CCECE), 2013 (pp. 1–6).
Ezzati-Jivan, N., & Dagenais, M. R. (2013). A framework to compute statistics of system parameters from very large trace files. ACM SIGOPS Operating Systems Review, 47, 43–54.
Gebai, M., Giraldeau, F., & Dagenais, M. R. (2014). Fine-grained preemption analysis for latency investigation across virtual machines. Journal of Cloud Computing: Advances, Systems and Applications, 3(1), 41.
Goldsmith, S. F., O’Callahan, R., & Aiken, A. (2005). Relational queries over program traces. SIGPLAN Notices, 40, 385–402.
Habra, N., Le Charlier, B., Mounji, A., Mathieu, I. (1992). Asax: Software architecture and rule-based language for universal audit trail analysis. In Computer SecurityESORICS 92 (pp. 435–450). Springer
Hamou-Lhadj, A., Murtaza, S.S., Fadel, W., Mehrabian, A., Couture, M., & Khoury, R. (2013). Software behaviour correlation in a redundant and diverse environment using the concept of trace abstraction. In Proceedings of the 2013 research in adaptive and convergent systems, RACS ’13, New York, NY, USA (pp. 328–335). ACM.
Lee, K. H., Sumner, N., Zhang, X., & Eugster, P. (2011). Unified debugging of distributed systems with recon. In Proceedings of the 2011 IEEE/IFIP 41st international conference on dependable systems & networks, DSN ’11, Washington, DC, USA (pp. 85–96). IEEE Computer Society.
Martin, M., Livshits, B., & Lam, M. S. (2005). Finding application errors and security flaws using PQL: A program query language. SIGPLAN Notices, 40, 365–383.
Matni, G., & Dagenais, M. (May 2009). Automata-based approach for kernel trace analysis. In Canadian conference on electrical and computer engineering, 2009. CCECE 09 (pp. 970–973).
Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). State history tree: An incremental disk-based data structure for very large interval data. In 2013 ASE/IEEE international conference on big data.
Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). Efficient model to query and visualize the system states extracted from trace data. In A. Legay & S. Bensalem (Eds.), Runtime verification, vol. 8174 of lecture notes in computer science (pp. 219–234). Berlin, Heidelberg: Springer.
Roesch, M., et al. (1999). Snort: Lightweight intrusion detection for networks. LISA, 99, 229–238.
Schnorr, L. M., Huard, G., & Navaux, P. O. A. (2009). Towards visualization scalability through time intervals and hierarchical organization of monitoring data. In Proceedings of the 2009 9th IEEE/ACM international symposium on cluster computing and the grid, CCGRID 09, Washington, DC, USA (pp. 428–435). IEEE Computer Society
Waly, H. (2011). A complete framework for kernel trace analysis. Master’s thesis, Laval University.
Zaki, O., Lusk, E., Gropp, W., & Swider, D. (1999). Toward scalable performance visualization with jumpshot. The International Journal of High Performance Computing Applications, 13, 277–288.
About this article
Cite this article
Wininger, F., Ezzati-Jivan, N. & Dagenais, M.R. A declarative framework for stateful analysis of execution traces. Software Qual J 25, 201–229 (2017). https://doi.org/10.1007/s11219-016-9311-0
- Software debugging
- Declarative debugging
- Execution trace analysis