Using Quicktrace to collect runtime execution traces easily and automatically

IEEE Real-Time Systems Symposium (RTSS 2015). 1 to 4, Dec, 2015. U.S.A.

Test Blueprints - Exposing Side Effects in Execution Traces to Support Writing Unit Tests

Writing unit tests for legacy systems is a key maintenance task. When writing tests for object-oriented programs, objects need to be set up and the expected effects of executing the unit under test need to be verified. If developers lack internal knowledge of a system, the task of writing tests is non-trivial. To address this problem, we propose an approach that exposes side effects detected in example runs of the system and uses these side effects to guide the developer when writing tests. We introduce a visualization called Test Blueprint, through which we identify what the required fixture is and what assertions are needed to verify the correct behavior of a unit under test. The dynamic analysis technique that underlies our approach is based on both tracing method executions and on tracking the flow of objects at runtime. To demonstrate the usefulness of our approach we present results from two case studies.

Technique de visualisation pour l’identification de l’usage excessif d’objets temporaires dans les traces d’exécution

De nos jours, les applications de grande taille sont développées à l’aide de nom- breux cadres d’applications (frameworks) et intergiciels (middleware). L’utilisation ex- cessive d’objets temporaires est un problème de performance commun à ces applications. Ce problème est appelé “object churn”. Identifier et comprendre des sources d’“object churn” est une tâche difficile et laborieuse, en dépit des récentes avancées dans les tech- niques d’analyse automatiques. Nous présentons une approche visuelle interactive conçue pour aider les développeurs à explorer rapidement et intuitivement le comportement de leurs applications afin de trouver les sources d’“object churn”. Nous avons implémenté cette technique dans Vasco, une nouvelle plate-forme flexible. Vasco se concentre sur trois principaux axes de con- ception. Premièrement, les données à visualiser sont récupérées dans les traces d’exécu- tion et analysées afin de calculer et de garder seulement celles nécessaires à la recherche des sources d’“object churn”. Ainsi, des programmes de grande taille peuvent être vi- sualisés tout en gardant une représentation claire et compréhensible. Deuxièmement, l’utilisation d’une représentation intuitive permet de minimiser l’effort cognitif requis par la tâche de visualisation. Finalement, la fluidité des transitions et interactions permet aux utilisateurs de garder des informations sur les actions accomplies. Nous démontrons l’efficacité de l’approche par l’identification de sources d’“object churn” dans trois ap- plications utilisant intensivement des cadres d’applications framework-intensive, inclu- ant un système commercial.

Dérivation de diagrammes de séquence UML compactes à partir de traces d’exécution en se basant des heuristiques.

Nous proposons une approche d’extraction des diagrammes de séquence à partir de programmes orientés objets en combinant l’analyse statique et dynamique. Notre objectif est d’extraire des diagrammes compacts mais contenant le plus d’informations possible pour faciliter la compréhension du comportement d’un programme. Pour cette finalité, nous avons défini un ensemble d’heuristiques pour filtrer les événements d’exécution les moins importants et extraire les structures de contrôles comme les boucles et la récursivité. Nous groupons aussi les objets en nous basant sur leurs types respectifs. Pour tenir compte des variations d’un même scénario, notre approche utilise plusieurs traces d’exécution et les aligne pour couvrir le plus possible le comportement du programme. Notre approche a été évaluée sur un système de simulation d’ATM. L’étude de cas montre que notre approche produit des diagrammes de séquence concis et informatifs.

Rétro-ingénierie des diagrammes de séquence par visualisation interactive

Nous proposons une approche semi-automatique pour la rétro-ingénierie des diagrammes de séquence d’UML. Notre approche commence par un ensemble de traces d'exécution qui sont automatiquement alignées pour déterminer le comportement commun du système. Les diagrammes de séquence sont ensuite extraits avec l’aide d’une visualisation interactive, qui permet la navigation dans les traces d'exécution et la production des opérations d'extraction. Nous fournissons une illustration concrète de notre approche avec une étude de cas, et nous montrons en particulier que nos diagrammes de séquence générés sont plus significatifs et plus compacts que ceux qui sont obtenus par les méthodes automatisées.

A malware detection system inspired on the human immune system

Malicious programs (malware) can cause severe damage on computer systems and data. The mechanism that the human immune system uses to detect and protect from organisms that threaten the human body is efficient and can be adapted to detect malware attacks. In this paper we propose a system to perform malware distributed collection, analysis and detection, this last inspired by the human immune system. After collecting malware samples from Internet, they are dynamically analyzed so as to provide execution traces at the operating system level and network flows that are used to create a behavioral model and to generate a detection signature. Those signatures serve as input to a malware detector, acting as the antibodies in the antigen detection process. This allows us to understand the malware attack and aids in the infection removal procedures. © 2012 Springer-Verlag.

Sistema de coleta, análise e detecção de código malicioso baseado no sistema imunológico humano

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

Object-Oriented Legacy System Trace-based Logic Testing

When reengineering legacy systems, it is crucial to assess if the legacy behavior has been preserved or how it changed due to the reengineering effort. Ideally if a legacy system is covered by tests, running the tests on the new version can identify potential differences or discrepancies. However, writing tests for an unknown and large system is difficult due to the lack of internal knowledge. It is especially difficult to bring the system to an appropriate state. Our solution is based on the acknowledgment that one of the few trustable piece of information available when approaching a legacy system is the running system itself. Our approach reifies the execution traces and uses logic programming to express tests on them. Thereby it eliminates the need to programatically bring the system in a particular state, and handles the test-writer a high-level abstraction mechanism to query the trace. The resulting system, called TESTLOG, was used on several real-world case studies to validate our claims.

Analyzing Software Evolution through Feature Views

Features encapsulate the domain knowledge of a software system and thus are valuable sources of information for a reverse engineer. When analyzing the evolution of a system, we need to know how and which features were modified to recover both the change intention and its extent, namely which source artifacts are affected. Typically, the implementation of a feature crosscuts a number of source artifacts. To obtain a mapping between features to the source artifacts, we exercise the features and capture their execution traces. However this results in large traces that are difficult to interpret. To tackle this issue we compact the traces into simple sets of source artifacts that participate in a feature's runtime behavior. We refer to these compacted traces as feature views. Within a feature view, we partition the source artifacts into disjoint sets of characterized software entities. The characterization defines the level of participation of a source entity in the features. We then analyze the features over several versions of a system and we plot their evolution to reveal how and hich features were affected by changes in the code. We show the usefulness of our approach by applying it to a case study where we address the problem of merging parallel development tracks of the same system.

Automated Software Debugging Using Hybrid Static/Dynamic Analysis

With the increasing complexity of today's software, the software development process is becoming highly time and resource consuming. The increasing number of software configurations, input parameters, usage scenarios, supporting platforms, external dependencies, and versions plays an important role in expanding the costs of maintaining and repairing unforeseeable software faults. To repair software faults, developers spend considerable time in identifying the scenarios leading to those faults and root-causing the problems. While software debugging remains largely manual, it is not the case with software testing and verification. The goal of this research is to improve the software development process in general, and software debugging process in particular, by devising techniques and methods for automated software debugging, which leverage the advances in automatic test case generation and replay. In this research, novel algorithms are devised to discover faulty execution paths in programs by utilizing already existing software test cases, which can be either automatically or manually generated. The execution traces, or alternatively, the sequence covers of the failing test cases are extracted. Afterwards, commonalities between these test case sequence covers are extracted, processed, analyzed, and then presented to the developers in the form of subsequences that may be causing the fault. The hypothesis is that code sequences that are shared between a number of faulty test cases for the same reason resemble the faulty execution path, and hence, the search space for the faulty execution path can be narrowed down by using a large number of test cases. To achieve this goal, an efficient algorithm is implemented for finding common subsequences among a set of code sequence covers. Optimization techniques are devised to generate shorter and more logical sequence covers, and to select subsequences with high likelihood of containing the root cause among the set of all possible common subsequences. A hybrid static/dynamic analysis approach is designed to trace back the common subsequences from the end to the root cause. A debugging tool is created to enable developers to use the approach, and integrate it with an existing Integrated Development Environment. The tool is also integrated with the environment's program editors so that developers can benefit from both the tool suggestions, and their source code counterparts. Finally, a comparison between the developed approach and the state-of-the-art techniques shows that developers need only to inspect a small number of lines in order to find the root cause of the fault. Furthermore, experimental evaluation shows that the algorithm optimizations lead to better results in terms of both the algorithm running time and the output subsequence length.

Reusing values in a dynamic conditional execution architecture

A Execução Condicional Dinâmica (DCE) é uma alternativa para redução dos custos relacionados a desvios previstos incorretamente. A idéia básica é buscar todos os fluxos produzidos por um desvio que obedecem algumas restrições relativas à complexidade e tamanho. Como conseqüência, um número menor de previsões é executado, e assim, um número mais baixo de desvios é incorretamente previsto. Contudo, tal como outras soluções multi-fluxo, o DCE requer uma estrutura de controle mais complexa. Na arquitetura DCE, é observado que várias réplicas da mesma instrução são despachadas para as unidades funcionais, bloqueando recursos que poderiam ser utilizados por outras instruções. Essas réplicas são geradas após o ponto de convergência dos diversos fluxos em execução e são necessárias para garantir a semântica correta entre instruções dependentes de dados. Além disso, o DCE continua produzindo réplicas até que o desvio que gerou os fluxos seja resolvido. Assim, uma seção completa do código pode ser replicado, reduzindo o desempenho. Uma alternativa natural para esse problema é reusar essas seções (ou traços) que são replicadas. O objetivo desse trabalho é analisar e avaliar a efetividade do reuso de valores na arquitetura DCE. Como será apresentado, o princípio do reuso, em diferentes granularidades, pode reduzir efetivamente o problema das réplicas e levar a aumentos de desempenho.

The AdapLib Library for Execution of Adaptive Devices: Architecture and Use

In this paper it is presented the theoretical background, the architecture (using the ""4+1"" model), and the use of the library for execution of adaptive devices, AdapLib. This library was created seeking to be accurate to the adaptive devices theory, and to allow its easy extension considering the specific details of solutions that employ this kind of device. As an example, it is presented a case study in which the library was used to create a proof of concept to monitor and diagnose problems in an online news portal.

Movement-related potentials in Huntington's disease: movement preparation and execution

Movement-related potentials (MRPs) reflect increasing cortical activity related to the preparation and execution of voluntary movement. Execution and preparatory components may be separated by comparing MRPs recorded from actual and imagined movement. Imagined movement initiates preparatory processes, but not motor execution activity. MRPs are maximal over the supplementary motor area (SMA), an area of the cortex involved in the planning and preparation of movement. The SMA receives input from the basal ganglia, which are affected in Huntington's disease (HD), a hyperkinetic movement disorder. In order to further elucidate the effects of the disorder upon the cortical activity relating to movement, MRPs were recorded from ten HD patients, and ten age-matched controls, whilst they performed and imagined performing a sequential button-pressing task. HD patients produced MRPs of significantly reduced size both for performed and imagined movement. The component relating to movement execution was obtained by subtracting the MRP for imagined movement from the MRP for performed movement, and was found to be normal in HD. The movement preparation component was found by subtracting the MRP found for a control condition of watching the visual cues from the MRP for imagined movement. This preparation component in HD was reduced in early slope, peak amplitude, and post-peak slope. This study therefore reported abnormal MRPs in HD. particularly in terms of the components relating to movement preparation, and this finding may further explain the movement deficits reported in the disease.

The preparation and execution of self-initiated and externally-triggered movement: A study of event-related fMRI

Studies of functional brain imaging in humans and single cell recordings in monkeys have generally shown preferential involvement of the medially located supplementary motor area (SMA) in self-initiated movement and the lateral premotor cortex in externally cued movement. Studies of event-related cortical potentials recorded during movement preparation, however, generally show increased cortical activity prior to self-initiated movements but little activity at early stages prior to movements that are externally cued at unpredictable times. In this study, the spatial location and relative timing of activation for self-initiated and externally triggered movements were examined using rapid event-related functional MRI. Twelve healthy right-handed subjects were imaged while performing a brief finger sequence movement (three rapid alternating button presses: index-middle-index finger) made either in response to an unpredictably timed auditory cue (between 8 to 24 s after the previous movement) or at self-paced irregular intervals. Both movement conditions involved similar strong activation of medial motor areas including the pre-SMA, SMA proper, and rostral cingulate cortex, as well as activation within contralateral primary motor, superior parietal, and insula cortex. Activation within the basal ganglia was found for self-initiated movements only, while externally triggered movements involved additional bilateral activation of primary auditory cortex. Although the level of SMA and cingulate cortex activation did not differ significantly between movement conditions, the timing of the hemodynamic response within the pre-SMA was significantly earlier for self-initiated compared with externally triggered movements. This clearly reflects involvement of the pre-SMA in early processes associated with the preparation for voluntary movement. (C) 2002 Elsevier Science.