Download presentation
Presentation is loading. Please wait.
Published byEdmund Shields Modified over 9 years ago
1
The Potential of Sampling for Dynamic Analysis Joseph L. GreathouseTodd Austin Advanced Computer Architecture Laboratory University of Michigan PLAS, San Jose, California June 5, 2011
2
Dynamic Security Analysis Finds flaws in programs as they run Makes programs more robust Insert checks around instructions 2 y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0);
3
z = y * 75 y = x * 1024 w = x + 42 Check w Dynamic Information Flow Tracking 3 validate(x) x = read_input() z = y * 75 y = x * 1024 x = read_input() Input Check z Data Untrusted 1.Inputs are untrusted 2.Propagate untrusted status while executing 3.Check trustedness for safety Only works on current dynamic control path
4
Problem: Dynamic Analyses are Slow 4 2x 150x 400x 200x 100x Assertion CheckingRace Detection DIFT Atomicity Checking Symbolic Execution
5
Dynamic Analysis Sampling 5 Lower overheads by skipping some analyses Complete Analysis No Analysis No Analysis
6
Sampling Allows Distribution 6 Developer Beta TestersEnd Users Many users testing at little overhead see more errors than one user at high overhead.
7
y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0); Sampling Assertion Checking Perform a random subset of checks 1/1000 checks: ~3x slowdown 30% overhead 7 y = x->data; *w += y; z = 75/y; check(y!=0); y = x->data; *w += y; z = 75/y; check(x!=NULL); y = x->data; *w += y; z = 75/y; check(w!=NULL);y = x->data; *w += y; z = 75/y; check(x!=NULL); check(w!=NULL); check(y!=0); Static CodeDynamic #2Dynamic #3Dynamic #1
8
Must sample dataflows instead of instructions 0.1-10% of faults: 10% overhead Sampling DIFT 8
9
Advanced Sampling Techniques Cold region Hypothesis Sample “cold” code at higher rate New atomicity violation detection Trace atomic regions and correlate crashes 9
10
Future Research Directions Sampling for more dynamic analyses New types of analyses because of sampling Studies on users slowdown acceptance 10
11
BACKUP SLIDES 11
12
Needed Engineering Efforts Push-button sampling mechanisms for Valgrind, DynamoRIO, Pin, etc. Libraries to integrate bug reporting into analysis tools Back-end infrastructure for handling distributed, sampled bug reports 12
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.