Software Quality Journal

, Volume 25, Issue 1, pp 201–229 | Cite as

A declarative framework for stateful analysis of execution traces

  • Florian Wininger
  • Naser Ezzati-Jivan
  • Michel R. Dagenais


With newer complex multi-core systems, it is important to understand an application’s runtime behavior to be able to debug its execution, detect possible problems and bottlenecks and finally identify potential root causes. Execution traces usually contain precise data about an application execution. Their analysis and abstraction at multiple levels can provide valuable information and insights about an application’s runtime behavior. However, with multiple abstraction levels, it becomes increasingly difficult to find the exact location of detected performance or security problems. Tracing tools provide various analysis views to help users to understand their application problems. However, these pre-defined views are often not sufficient to reveal all analysis aspects of the underlying application. A declarative approach that enables users to specify and build their own custom analysis and views based on their knowledge, requirements and problems can be more useful and effective. In this paper, we propose a generic declarative trace analysis framework to analyze, comprehend and visualize execution traces. This enhanced framework builds custom analyses based on a specified modeled state, extracted from a system execution trace and stored in a special purpose database. The proposed solution enables users to first define their different analysis models based on their application and requirements, then visualize these models in many alternate representations (Gantt chart, XY chart, etc.), and finally filter the data to get some highlights or detect some potential patterns. Several sample applications with different operating systems are shown, using trace events gathered from Linux and Windows, at the kernel and user-space levels.


Software debugging Declarative debugging Execution trace analysis 


  1. Blunck, J., Desnoyers, M., & Fournier, P.-M. (2009). Userspace application tracing with markers and tracepoints. In Proceedings of the Linux Kongress.Google Scholar
  2. Cantrill, B. M., Shapiro, M. W., & Leventhal, A. H. (2004). Dynamic instrumentation of production systems. In Proceedings of the annual conference on USENIX annual technical conference, ATEC 04, Berkeley, CA, USA (pp. 2–2). USENIX Association.Google Scholar
  3. Cohen, I., Goldszmidt, M., Kelly, T., Symons, J., & Chase, J. S. (2004). Correlating instrumentation data to system states: a building block for automated diagnosis and control. In Proceedings of the 6th conference on symposium on operating systems design implementation—Volume 6, Berkeley, CA, USA (pp. 16–16). USENIX Association.Google Scholar
  4. Cohen, I., Zhang, S., Goldszmidt, M., Symons, J., Kelly, T., & Fox, A. (2005). Capturing, indexing, clustering, and retrieving system history. SIGOPS Operating Systems Review, 39, 105–118.CrossRefGoogle Scholar
  5. Deschênes, J.-H., Desnoyers, M., & Dagenais, M. R. (2008). Tracing time operating system state determination. Open Software Engineering Journal, 2, 40–44.CrossRefGoogle Scholar
  6. Desnoyers, M., & Dagenais, M. R. (2006). The LTTng tracer: A low impact performance and behavior monitor for GNU/Linux. In OLS (Ottawa Linux symposium) (Vol. 2006, pp. 209–224).Google Scholar
  7. Desnoyers, M., & Dagenais, M. (2008). Lttng: Tracing across execution layers, from the hypervisor to user-space. In Linux symposium (p. 101).Google Scholar
  8. Eckmann, S., Vigna, G., & Kemmerer, R. (2002). Statl: An attack language for state-based intrusion detection. Journal of Computer Security, 10(1/2), 71–104.CrossRefGoogle Scholar
  9. Eigler, F. C., & Hat, R. (2006). Problem solving with systemtap. In Proceedings of the Ottawa Linux symposium (pp. 261–268). Citeseer.Google Scholar
  10. Ezzati-Jivan, N., & Dagenais, M. (2014). Multiscale navigation in large trace data. In 27th Annual IEEE Canadian conference on electrical and computer engineering (CCECE) 2014 (pp. 1–6).Google Scholar
  11. Ezzati-Jivan, N., & Dagenais, M. R. (2012). A stateful approach to generate synthetic events from Kernel traces. Advances in Software Engineering, 2012. doi: 10.1155/2012/140368.
  12. Ezzati-Jivan, N., Shameli-Sendi, A., & Dagenais, M. (2013) Multilevel label placement for execution trace events. In 26th Annual IEEE Canadian conference on electrical and computer engineering (CCECE), 2013 (pp. 1–6).Google Scholar
  13. Ezzati-Jivan, N., & Dagenais, M. R. (2013). A framework to compute statistics of system parameters from very large trace files. ACM SIGOPS Operating Systems Review, 47, 43–54.CrossRefGoogle Scholar
  14. Gebai, M., Giraldeau, F., & Dagenais, M. R. (2014). Fine-grained preemption analysis for latency investigation across virtual machines. Journal of Cloud Computing: Advances, Systems and Applications, 3(1), 41.Google Scholar
  15. Goldsmith, S. F., O’Callahan, R., & Aiken, A. (2005). Relational queries over program traces. SIGPLAN Notices, 40, 385–402.CrossRefGoogle Scholar
  16. Habra, N., Le Charlier, B., Mounji, A., Mathieu, I. (1992). Asax: Software architecture and rule-based language for universal audit trail analysis. In Computer SecurityESORICS 92 (pp. 435–450). SpringerGoogle Scholar
  17. Hamou-Lhadj, A., Murtaza, S.S., Fadel, W., Mehrabian, A., Couture, M., & Khoury, R. (2013). Software behaviour correlation in a redundant and diverse environment using the concept of trace abstraction. In Proceedings of the 2013 research in adaptive and convergent systems, RACS ’13, New York, NY, USA (pp. 328–335). ACM.Google Scholar
  18. Lee, K. H., Sumner, N., Zhang, X., & Eugster, P. (2011). Unified debugging of distributed systems with recon. In Proceedings of the 2011 IEEE/IFIP 41st international conference on dependable systems & networks, DSN ’11, Washington, DC, USA (pp. 85–96). IEEE Computer Society.Google Scholar
  19. Martin, M., Livshits, B., & Lam, M. S. (2005). Finding application errors and security flaws using PQL: A program query language. SIGPLAN Notices, 40, 365–383.CrossRefGoogle Scholar
  20. Matni, G., & Dagenais, M. (May 2009). Automata-based approach for kernel trace analysis. In Canadian conference on electrical and computer engineering, 2009. CCECE 09 (pp. 970–973).Google Scholar
  21. Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). State history tree: An incremental disk-based data structure for very large interval data. In 2013 ASE/IEEE international conference on big data.Google Scholar
  22. Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). Efficient model to query and visualize the system states extracted from trace data. In A. Legay & S. Bensalem (Eds.), Runtime verification, vol. 8174 of lecture notes in computer science (pp. 219–234). Berlin, Heidelberg: Springer.Google Scholar
  23. Roesch, M., et al. (1999). Snort: Lightweight intrusion detection for networks. LISA, 99, 229–238.Google Scholar
  24. Schnorr, L. M., Huard, G., & Navaux, P. O. A. (2009). Towards visualization scalability through time intervals and hierarchical organization of monitoring data. In Proceedings of the 2009 9th IEEE/ACM international symposium on cluster computing and the grid, CCGRID 09, Washington, DC, USA (pp. 428–435). IEEE Computer SocietyGoogle Scholar
  25. Waly, H. (2011). A complete framework for kernel trace analysis. Master’s thesis, Laval University.Google Scholar
  26. Zaki, O., Lusk, E., Gropp, W., & Swider, D. (1999). Toward scalable performance visualization with jumpshot. The International Journal of High Performance Computing Applications, 13, 277–288.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • Florian Wininger
    • 1
  • Naser Ezzati-Jivan
    • 1
  • Michel R. Dagenais
    • 1
  1. 1.Ecole Polytechnique MontrealMontrealCanada

Personalised recommendations