2 research outputs found
Adonis: Practical and Efficient Control Flow Recovery through OS-Level Traces
Control flow recovery is critical to promise the software quality, especially for large-scale software in production environment.
However, the efficiency of most current control flow recovery techniques is compromised due to their runtime overheads along with
deployment and development costs. To tackle this problem, we propose a novel solution, Adonis, which harnesses OS-level traces,
such as dynamic library calls and system call traces, to efficiently and safely recover control flows in practice. Adonis operates in
two steps: it first identifies the call-sites of trace entries, then it executes a pair-wise symbolic execution to recover valid execution
paths. This technique has several advantages. First, Adonis does not require the insertion of any probes into existing applications,
thereby minimizing runtime cost. Second, given that OS-level traces are hardware-independent, Adonis can be implemented across
various hardware configurations without the need for hardware-specific engineering efforts, thus reducing deployment cost. Third, as
Adonis is fully automated and does not depend on manually created logs, it circumvents additional development cost. We conducted an
evaluation of Adonis on representative desktop applications and real-world IoT applications. Adonis can faithfully recover the control
flow with 86.8% recall and 81.7% precision. Compared to the state-of-the-art log-based approach, Adonis can not only cover all the
execution paths recovered, but also recover 74.9% of statements that cannot be covered. In addition, the runtime cost of Adonis is
18.3× lower than the instrument-based approach; the analysis time and storage cost (indicative of the deployment cost) of Adonis is
50× smaller and 443× smaller than the hardware-based approach, respectively. To facilitate future replication and extension of this
work, we have made the code and data publicly available
Supporting Proofs for Control-Flow Recovery from Partial Failure Reports
Debugging post-deployment failures is difficult, in part because failure reports from these applications usually provide only partial information about what occurred during the failing execution. We introduce approaches that answer control-flow queries about a failing program's execution based on failure constraints given as formal languages. A key component of our approach is the introduction of a new class of subregular languages, the unreliable trace languages (UTL), which allow us to answer many common queries in polynomial time. This report supplements the description of these new approaches with formal proofs. Specifically: we prove completeness for our context-insensitive query problem, tightly bind polynomial-time decidability of query recovery to the UTL class, and prove partial correctness for our approach to answering user queries with UTL constraints