Skip to main content
Log in

A declarative framework for stateful analysis of execution traces

  • Published:
Software Quality Journal Aims and scope Submit manuscript


With newer complex multi-core systems, it is important to understand an application’s runtime behavior to be able to debug its execution, detect possible problems and bottlenecks and finally identify potential root causes. Execution traces usually contain precise data about an application execution. Their analysis and abstraction at multiple levels can provide valuable information and insights about an application’s runtime behavior. However, with multiple abstraction levels, it becomes increasingly difficult to find the exact location of detected performance or security problems. Tracing tools provide various analysis views to help users to understand their application problems. However, these pre-defined views are often not sufficient to reveal all analysis aspects of the underlying application. A declarative approach that enables users to specify and build their own custom analysis and views based on their knowledge, requirements and problems can be more useful and effective. In this paper, we propose a generic declarative trace analysis framework to analyze, comprehend and visualize execution traces. This enhanced framework builds custom analyses based on a specified modeled state, extracted from a system execution trace and stored in a special purpose database. The proposed solution enables users to first define their different analysis models based on their application and requirements, then visualize these models in many alternate representations (Gantt chart, XY chart, etc.), and finally filter the data to get some highlights or detect some potential patterns. Several sample applications with different operating systems are shown, using trace events gathered from Linux and Windows, at the kernel and user-space levels.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others









  8. chrome://tracing in the Chromium browser.


  • Blunck, J., Desnoyers, M., & Fournier, P.-M. (2009). Userspace application tracing with markers and tracepoints. In Proceedings of the Linux Kongress.

  • Cantrill, B. M., Shapiro, M. W., & Leventhal, A. H. (2004). Dynamic instrumentation of production systems. In Proceedings of the annual conference on USENIX annual technical conference, ATEC 04, Berkeley, CA, USA (pp. 2–2). USENIX Association.

  • Cohen, I., Goldszmidt, M., Kelly, T., Symons, J., & Chase, J. S. (2004). Correlating instrumentation data to system states: a building block for automated diagnosis and control. In Proceedings of the 6th conference on symposium on operating systems design implementation—Volume 6, Berkeley, CA, USA (pp. 16–16). USENIX Association.

  • Cohen, I., Zhang, S., Goldszmidt, M., Symons, J., Kelly, T., & Fox, A. (2005). Capturing, indexing, clustering, and retrieving system history. SIGOPS Operating Systems Review, 39, 105–118.

    Article  Google Scholar 

  • Deschênes, J.-H., Desnoyers, M., & Dagenais, M. R. (2008). Tracing time operating system state determination. Open Software Engineering Journal, 2, 40–44.

    Article  Google Scholar 

  • Desnoyers, M., & Dagenais, M. R. (2006). The LTTng tracer: A low impact performance and behavior monitor for GNU/Linux. In OLS (Ottawa Linux symposium) (Vol. 2006, pp. 209–224).

  • Desnoyers, M., & Dagenais, M. (2008). Lttng: Tracing across execution layers, from the hypervisor to user-space. In Linux symposium (p. 101).

  • Eckmann, S., Vigna, G., & Kemmerer, R. (2002). Statl: An attack language for state-based intrusion detection. Journal of Computer Security, 10(1/2), 71–104.

    Article  Google Scholar 

  • Eigler, F. C., & Hat, R. (2006). Problem solving with systemtap. In Proceedings of the Ottawa Linux symposium (pp. 261–268). Citeseer.

  • Ezzati-Jivan, N., & Dagenais, M. (2014). Multiscale navigation in large trace data. In 27th Annual IEEE Canadian conference on electrical and computer engineering (CCECE) 2014 (pp. 1–6).

  • Ezzati-Jivan, N., & Dagenais, M. R. (2012). A stateful approach to generate synthetic events from Kernel traces. Advances in Software Engineering, 2012. doi:10.1155/2012/140368.

  • Ezzati-Jivan, N., Shameli-Sendi, A., & Dagenais, M. (2013) Multilevel label placement for execution trace events. In 26th Annual IEEE Canadian conference on electrical and computer engineering (CCECE), 2013 (pp. 1–6).

  • Ezzati-Jivan, N., & Dagenais, M. R. (2013). A framework to compute statistics of system parameters from very large trace files. ACM SIGOPS Operating Systems Review, 47, 43–54.

    Article  Google Scholar 

  • Gebai, M., Giraldeau, F., & Dagenais, M. R. (2014). Fine-grained preemption analysis for latency investigation across virtual machines. Journal of Cloud Computing: Advances, Systems and Applications, 3(1), 41.

    Google Scholar 

  • Goldsmith, S. F., O’Callahan, R., & Aiken, A. (2005). Relational queries over program traces. SIGPLAN Notices, 40, 385–402.

    Article  Google Scholar 

  • Habra, N., Le Charlier, B., Mounji, A., Mathieu, I. (1992). Asax: Software architecture and rule-based language for universal audit trail analysis. In Computer SecurityESORICS 92 (pp. 435–450). Springer

  • Hamou-Lhadj, A., Murtaza, S.S., Fadel, W., Mehrabian, A., Couture, M., & Khoury, R. (2013). Software behaviour correlation in a redundant and diverse environment using the concept of trace abstraction. In Proceedings of the 2013 research in adaptive and convergent systems, RACS ’13, New York, NY, USA (pp. 328–335). ACM.

  • Lee, K. H., Sumner, N., Zhang, X., & Eugster, P. (2011). Unified debugging of distributed systems with recon. In Proceedings of the 2011 IEEE/IFIP 41st international conference on dependable systems & networks, DSN ’11, Washington, DC, USA (pp. 85–96). IEEE Computer Society.

  • Martin, M., Livshits, B., & Lam, M. S. (2005). Finding application errors and security flaws using PQL: A program query language. SIGPLAN Notices, 40, 365–383.

    Article  Google Scholar 

  • Matni, G., & Dagenais, M. (May 2009). Automata-based approach for kernel trace analysis. In Canadian conference on electrical and computer engineering, 2009. CCECE 09 (pp. 970–973).

  • Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). State history tree: An incremental disk-based data structure for very large interval data. In 2013 ASE/IEEE international conference on big data.

  • Montplaisir, A., Ezzati-Jivan, N., Wininger, F., & Dagenais, M. (2013). Efficient model to query and visualize the system states extracted from trace data. In A. Legay & S. Bensalem (Eds.), Runtime verification, vol. 8174 of lecture notes in computer science (pp. 219–234). Berlin, Heidelberg: Springer.

    Google Scholar 

  • Roesch, M., et al. (1999). Snort: Lightweight intrusion detection for networks. LISA, 99, 229–238.

    Google Scholar 

  • Schnorr, L. M., Huard, G., & Navaux, P. O. A. (2009). Towards visualization scalability through time intervals and hierarchical organization of monitoring data. In Proceedings of the 2009 9th IEEE/ACM international symposium on cluster computing and the grid, CCGRID 09, Washington, DC, USA (pp. 428–435). IEEE Computer Society

  • Waly, H. (2011). A complete framework for kernel trace analysis. Master’s thesis, Laval University.

  • Zaki, O., Lusk, E., Gropp, W., & Swider, D. (1999). Toward scalable performance visualization with jumpshot. The International Journal of High Performance Computing Applications, 13, 277–288.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Naser Ezzati-Jivan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wininger, F., Ezzati-Jivan, N. & Dagenais, M.R. A declarative framework for stateful analysis of execution traces. Software Qual J 25, 201–229 (2017).

Download citation

  • Published:

  • Issue Date:

  • DOI: