Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Adaptive Bug Isolation using Dyninst Piramanayagam Arumuga Nainar, Prof. Ben Liblit University of Wisconsin-Madison.

Published byJonathan Young Modified over 8 years ago

Similar presentations

Presentation on theme: "Automated Adaptive Bug Isolation using Dyninst Piramanayagam Arumuga Nainar, Prof. Ben Liblit University of Wisconsin-Madison."— Presentation transcript:

1 Automated Adaptive Bug Isolation using Dyninst Piramanayagam Arumuga Nainar, Prof. Ben Liblit University of Wisconsin-Madison

2 Cooperative Bug Isolation (CBI) Program Source Compiler Sampler Predicates Shipping Application Counts & /       ‚  Statistical Debugging Top bugs with likely causes ++branch_17[p != 0]; if (p) … else …

3 Problem with static instrumentation –Predicates are fixed for entire lifetime –Three problems 1.Worst case assumption 2.Cannot stop counting predicates –After collecting enough data 3.Cannot add predicates we missed Current infrastructure supports only C programs Issues

4 user CBI for Binaries Program Source Compiler Shipping Application Counts & /  Statistical Debugging Top bugs with likely causes Executable Predicates New Executable Binary editor developer Compiler

5 Adaptive Bug Isolation Strategy: –Adaptively add/remove predicates Based on feedback reports Retain existing statistical analysis –Goal is to guide CBI to its best bug predictor Reduce the number of predicates instrumented

6 Adaptive Bug Isolation (contd.) Program Source Compiler Shipping Application Counts & /  Statistical Debugging (with adaptivity) Top bugs with likely causes Executable New Executable Binary editor Predicates Compiler

7 Dyninst Instrumentor - Features Counters in shared segment Removes snippets –After they execute once Call graph, CFG, dominator graphs Snippets are feather weight –Don’t save/restore FPRs More… –Better overheads –Expose data dependencies

8 Technique Control Dependence Graph (CDG) Algorithm: –For each suspect branch edge: Enable all predicates in –basic blocks control dependent on that edge How to identify suspect edges? –Pessimistic - all edges are suspect A B

9 Simple strategy: BFS All branch predicates are suspicious if

10 Can we do better? Assign scores to each predicate Edges with high scores are suspect –Many options Top 10 Top 10% Score > threshold –For our experiments, only the topmost predicate –Other predicates: may be revisited in future Key property: If no bug is found, no predicate is left unexplored

11 Many possibilities. We evaluate five For a branch predicate p, –F (p) = no. of failed runs in which p was true –S (p) = no. of successful runs in which p was true 1.Failure count: F (p) 2.Failure probability: F (p) / (F (p) + S (p)) 3.T-Test Pr (p being true affects program outcome in a statistically significant manner) Scores – heuristics 1,2,3 SuccFail. p true30%70% p false50%

12 Scores - heuristic 4 4.Importance (p) –CBI’s ranking heuristic [PLDI ’05] –Harmonic mean of two values –For a branch predicate ‘p’: Sensitivity –log (F (p)) / log (total failures observed) Increase –Pr (Failure) at P 2 – Pr (Failure) at P 1 P2P2 P1P1

13 Scores - heuristic 5 5.Maximum possible Importance score Problem: sometimes, Importance (p) mirrors p’s properties and says nothing about the branch’s targets score (p) = Maximum possible Importance score in p’s targets 0/0 s/f 0/f s/f s/0 Edge label a/b means Predicate was true in ‘ a ’ successful runs Predicate was true in ‘ b ’ failed runs

14 Oracle –points in the direction of the target (the top bug predictor) –Used for evaluation of the results –Shortest path in CDG Optimal heuristic

15 Evaluation Binary Instrumentor: using DynInst Heuristics: –5 global ranking heuristics –simplest approach: BFS –optimal approach: Oracle Bug benchmarks –siemens test suite Goal: identify the best predicate efficiently –Best predicate: as per the PLDI ’05 algo. –efficiency: no. of predicates examined

16 Evaluation (cont.)

17 Conclusion Use binary instrumentation to –Skip bug free regions  more data from interesting sites Fairly general –Can be applied to any CBI-like tool Backward search – in progress

18 Questions?

19 Using DynInst Large slowdowns Reduce no. of branch predicates Gathering true/false values instead of counts 1. No increment. Just store 1 (true) 2. Self-removing instrumentation – Removes itself after executing – Applies only to dynamic instrumentation Better performance: 2-3 times slowdown for go – But not enough Binary Instrumentor 25 times for go (SPEC) If program crashes between p 1 and p 2 c 1 = c 2 + c 3 + 1 else c 1 = c 2 + c 3 if c1c1 c2c2 c3c3

20 Branch predicate inference c 1 can inferred if –P 1 dominates P 2 –P 2 or P 5 have an instrumentation site (in general, any block equivalent to P 2 ) P1P1 P2P2 P3P3 P4P4 P5P5 c1c1 P2P2 P5P5

21 Choose one branch over the other –Strategy: if Pr (statistically significant difference) > 95%: –Only then path is interesting else both then and else paths are interesting Can we do better? SuccFail. then path 30%70% else path 50% Program fails more often in the then path Pr (there is a significant difference in the two directions) use T-Test (paired)

22 Simple strategy: BFS All branch predicates are suspicious if

Download ppt "Automated Adaptive Bug Isolation using Dyninst Piramanayagam Arumuga Nainar, Prof. Ben Liblit University of Wisconsin-Madison."

Similar presentations

Delta Debugging and Model Checkers for fault localization

Delta Debugging and Model Checkers for fault localization
A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.

A Program Transformation For Faster Goal-Directed Search Akash Lal, Shaz Qadeer Microsoft Research.
Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.
Stanford University CS243 Winter 2006 Wei Li 1 Register Allocation.

Stanford University CS243 Winter 2006 Wei Li 1 Register Allocation.
Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.

Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.
Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.

Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.
1 Bug Isolation via Remote Program Sampling Ben LiblitAlex Aiken Alice X. ZhengMichael Jordan Presented By : Arpita Gandhi.

1 Bug Isolation via Remote Program Sampling Ben LiblitAlex Aiken Alice X. ZhengMichael Jordan Presented By : Arpita Gandhi.
Guoliang Jin, Linhai Song, Wei Zhang, Shan Lu, and Ben Liblit University of Wisconsin–Madison Automated Atomicity- Violation Fixing.

Guoliang Jin, Linhai Song, Wei Zhang, Shan Lu, and Ben Liblit University of Wisconsin–Madison Automated Atomicity- Violation Fixing.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
Statistical Debugging Ben Liblit, University of Wisconsin–Madison.

Statistical Debugging Ben Liblit, University of Wisconsin–Madison.
ABCD: Eliminating Array-Bounds Checks on Demand Rastislav Bodík Rajiv Gupta Vivek Sarkar U of Wisconsin U of Arizona IBM TJ Watson recent experiments.

ABCD: Eliminating Array-Bounds Checks on Demand Rastislav Bodík Rajiv Gupta Vivek Sarkar U of Wisconsin U of Arizona IBM TJ Watson recent experiments.
Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.

Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.
Algorithm Strategies Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Algorithm Strategies Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Online Performance Auditing Using Hot Optimizations Without Getting Burned Jeremy Lau (UCSD, IBM) Matthew Arnold (IBM) Michael Hind (IBM) Brad Calder (UCSD)

Online Performance Auditing Using Hot Optimizations Without Getting Burned Jeremy Lau (UCSD, IBM) Matthew Arnold (IBM) Michael Hind (IBM) Brad Calder (UCSD)
Bug Isolation in the Presence of Multiple Errors Ben Liblit, Mayur Naik, Alice X. Zheng, Alex Aiken, and Michael I. Jordan UC Berkeley and Stanford University.

Bug Isolation in the Presence of Multiple Errors Ben Liblit, Mayur Naik, Alice X. Zheng, Alex Aiken, and Michael I. Jordan UC Berkeley and Stanford University.
the fourth iteration of this loop is shown here

the fourth iteration of this loop is shown here
Approximation Algorithm for Multicut

Approximation Algorithm for Multicut
Using Structure Indices for Efficient Approximation of Network Properties Matthew J. Rattigan, Marc Maier, and David Jensen University of Massachusetts.

Using Structure Indices for Efficient Approximation of Network Properties Matthew J. Rattigan, Marc Maier, and David Jensen University of Massachusetts.
4/25/08Prof. Hilfinger CS164 Lecture 371 Global Optimization Lecture 37 (From notes by R. Bodik & G. Necula)

4/25/08Prof. Hilfinger CS164 Lecture 371 Global Optimization Lecture 37 (From notes by R. Bodik & G. Necula)
CS590Z Statistical Debugging Xiangyu Zhang (part of the slides are from Chao Liu)

CS590Z Statistical Debugging Xiangyu Zhang (part of the slides are from Chao Liu)

Similar presentations

Ads by Google