Execution indexing (EI) [PLDI'08] is a dynamic analysis primitive that facilitates comparison across executions. These executions could be those induced by different inputs on the same program, those with the same inputs but different schedules, or even those induced by the same input on different program versions, depending on the scenarios. It canonicalizes the control flow of the executions and allows them to be properly aligned before comparison, to the precision level of individual executed instructions. This is particularly necessary in the presence of loops, recursions and control flow divergence. Note that the nth instance of an instruction in one run unlikely corresponds to that in the other run.
Aligning along the control flow dimension is not sufficient in many applications, we developed memory indexing (MI) [FSE'10] to align along the memory dimension. In particular, given a memory location in one run, it identifies the semantically corresponding memory location in the other run. Note that due to execution differences, different amounts of memory may be allocated, and the same object may be allocated in different locations in the two runs. MI tolerates such differences by canonicalizing memory addresses.
The two primitives give rise to new opportunities for many applications. In particular, it allows advance in automated debugging. In scenarios when both the failing execution and a reference execution (e.g. a passing run with a slightly different input) are available, effective automated debugging can be achieved by comparing the two runs to identify the failure causal path ([FSE'10] and [FASE'09]), which is the path leading from the root cause to the failure with each step causally connected. It is key to understanding and fixing the fault. EI and MI are leveraged to compare program states at aligned execution points. We reason about if a subset of state differences is critical to the failure by copying such differences from the failing run to the passing run and observing if such state mutation can induce the failure in the passing run. Robust state replacement can not be achieved without indexing. For instance, copying the absoluate value of a pointer variable from one run to the run is problematic.
|
Automated Software Failure Causal Path Computation NSF-CCF-0917007, 2009-2012. |
|
NSF Career: Scalable Dynamic Program Reasoning NSF-CCF-0845870, 2008-2013. |
| FSE |
W. N. Sumner and X. Zhang.
Memory Indexing: Canonicalizing Addresses Across Executions
, the 18th ACM SIGSOFT Symposium on Foundations of Software, 2010. [abstract][pdf] |
| PLDI |
B. Xin, W. N. Sumner, and X. Zhang.
Efficient Program Execution Indexing, ACM SIGPLAN Conference on Programming Language Design and Implementation, 2008. [abstract][pdf] |
| OOPSLA |
D. Weeratunge, X. Zhang, and S. Jagannathan
Accentuating the Positive: Atomicity Inference and Enforcement Using Correct Executions
, Object Oriented Programming, Systems, Languages and Applications, 2011. [abstract][pdf] |
| ISSTA |
W. N. Sumner and X. Zhang.
Selecting Peers for Execution Comparison
, International Symposium on Software Testing and Analysis, 2011. [abstract][pdf] |
| ISSTA |
D. Weeratunge, X. Zhang, W. N. Sumner, and S. Jagannathan.
Analyzing Concurrency Bugs using Dual Slicing
, International Symposium on Software Testing and Analysis, 2010. [abstract][pdf] |
| ASPLOS |
D. Weeratunge, X. Zhang, and S. Jagannathan.
Analyzing Multicore Dumps to Facilitate Concurrency Bug Reproduction
, the 15th International Conference on Architectural Support for Programming Languages and Operating Systems, 2010. [abstract][pdf] |
| CGO |
X. Zhang, A. Navabi, and S. Jagannathan .
Alchemist: A Transparent Dependence Distance Profling Infrastructure
, The International Symposium on Code Generation and Optimization, 2009. [abstract][pdf] |
| FASE |
W. N. Sumner and X. Zhang .
Algorithms for Automatically Computing the Causal Paths of Failures
, Fundamental Approaches to Software Engineering, 2009. [abstract][pdf] |