Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OORPT Dynamic Analysis


Published on

Published in: Education, Technology
  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website!
    Are you sure you want to  Yes  No
    Your message goes here

OORPT Dynamic Analysis

  1. 1. OORPT Object-Oriented Reengineering Patterns and Techniques 12. Analyzing Dynamic Behavior Orla Greevy & Adrian Lienhard
  2. 2. What is Dynamic Analysis? The investigation of the properties of a running software system over one or more executions (Static analysis examines the program code alone) 12.2
  3. 3. Has anyone used Dynamic Analysis? 12.3
  4. 4. Roadmap Motivation Sources of Runtime Information Tracing techniques and their challenges Overview of Tools (Loggers, Debuggers, Profilers, etc) Dynamic Analysis in a Reverse Engineering Context Summary 12.4
  5. 5. What does this program do? #include <stdio.h>main(t,_,a)char *a;{return!0<t?t<3?main(-79,-13,a+main(-87,1-_,main(- 86,0,a+1)+a)):1,t<_?main(t+1,_,a):3,main(-94,- 27+t,a)&&t==2?_<13?main(2,_+1,"%s %d %d¥n"):9:16:t<0?t<- 72?main(_,t,"@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+, /w#q#n+,/#{l,+,/n{n+,/+#n+,/#¥;#q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l ¥q#'+d'K#!/+k#;q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl ]'/+#n';d}rw' i;# ¥){nl]!/n{n#'; r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#n'wk nw' ¥iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ¥;;{nl'- {}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;#'rdq#w! nr'/ ') }+}{rl#'{n' ')# ¥}'+}##(!!/"):t<- 50?_==*a?putchar(31[a]):main(- 65,_,a+1):main((*a=='/')+t,_,a+1) :0<t?main(2,2,"%s"):*a=='/'||main(0,main(-61,*a,"!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:¥nuwloca-O;m .vpbks,fxntdCeghiry"),a+1);} Thomas Ball, The Concept of Dynamic Analysis, FSE’99 12.5
  6. 6. Why Dynamic Analysis? Gap between run-time structure and code structure in OO programs Trying to understand one [structure] from the other is like trying to understand the dynamism of living ecosystems from the static taxonomy of plants and animals, and vice-versa. -- Erich Gamma et al., Design Patterns 12.6
  7. 7. Reengineering Patterns based on Dynamic Analysis Interview during demo Find typical usage scenarios and main features Step through the Execution with a debugger Understand how objects collaborate Tests Your life insurance 12.7
  8. 8. Runtime Information Sources Many possibilities: hardware monitoring, tracing method execution, values of variables, memory usage etc... External view Internal view execute instrument program and program watch it from and watch it outside from inside 12.8
  9. 9. External View Program output, UI (examine behavior, performance, …) Analyze used resources CPU and memory usage (top) Network usage (netstat, tcpdump) Open files, pipes, sockets (lsof) Examine logs (syslog, web logs, stdout/stderr, …) 12.9
  10. 10. Internal View Log statements in code Stack trace Debugger Execution trace Many different tools are based on tracing: execution profilers, test coverage analyzers, tools for reverse engineering… 12.10
  11. 11. Execution Tracing How can we capture “full” OO program execution? Trace entry and exit of methods Additional information: - receiver and arguments - class instantiations - …? 12.11
  12. 12. Tracing Techniques Instrumentation approaches —Sourcecode modification —Bytecode modification —Wrapping methods (Smalltalk) Simulate execution (using debugger infrastructure) Sampling At the VM level —Execution tracing by the interpreter —(Dynamic recompilation, JIT) 12.12
  13. 13. Technical Challenges > Instrumentation influences the behavior of the execution > Overhead: increased execution time > Large amount of data > Code also used by the tracer, library and system classes cannot be instrumented -> Trace at the VM level -> Scope instrumentation (Changeboxes) 12.13
  14. 14. Roadmap Motivation Sources of Runtime Information Tracing techniques and their challenges Overview of Tools (Loggers, Debuggers, Profilers, etc) Dynamic Analysis in a Reverse Engineering Context Summary 12.14
  15. 15. Debuggers Breakpoint Debuggers jdb, gdb,… (run, step, inspect) Omniscent Debuggers ( Memory Debuggers jmp - java memory profiler purify (IBM Rational) - a tool for detecting memory leaks in C,C++ code 12.15
  16. 16. Loggers - low tech debugging “…debugging statements stay with the program; debugging sessions are transient. “ Kerningham and Pike public class Main {! Very messy! public static void main(String[] args) {! Clingon aAlien = new Clingon();! System.out.println(“in main “); aAlien.spendLife();! }! } 12.16
  17. 17. - defacto standard for Java Pros - easy to use, widely used by open source and java projects - Configurable and flexible (format the output, log levels) export TOMCAT_OPTS="-Dlog4j.debug -Dlog4j.configuration=foobar.xml - Allows enabling of logging at runtime without modifying the application binary - Remote servers for remote monitoring … Cons - Performance overhead - Requires effort to decide where to put log statements - Code Cluttering - Logging accounts for ~ 4% of code 12.17
  18. 18. Short Demo of log4j usage 1 [main] ( - Entering Application. import org.apache.log4j.Logger; … public class Main { > static Logger logger = … Logger.getLogger(MyApp.class); public static void main(String[] args) {! Clingon aAlien = new Clingon();“Entering Application“); aAlien.spendLife(); } } 12.18
  19. 19. Profilers are used to track performance for optimization - Timing information to detect bottlenecks - Compare the cost of various implementations - Understand what is happening? - Produces an execution Trace and statistical summary 12.19
  20. 20. JProfiler Example Views 12.20
  21. 21. JWireTap: An Interactive Profiler for Eclipse (Demo) 12.21
  22. 22. Roadmap Motivation Sources of Runtime Information Tracing techniques and their challenges Overview of Tools (Loggers, Debuggers, Profilers, etc) Dynamic Analysis in a Reverse Engineering Context Summary 12.22
  23. 23. Reverse Engineering + Dynamic Analysis static view + execution traces dynamic view 12.23
  24. 24. Dynamic Analysis for Program Comprehension Post Mortem Analysis of execution traces Metrics Based Approaches -Frequency Analysis [Ball, Zaidman] -Runtime Coupling Metrics based on Web mining techniques to detect key classses in a trace. [Zaidman 2005] -High-Level Polymetric Views of Condensed Run-Time Information [Ducasse, Lanza and Bertoulli 2004] -Query-based approaches Recoverind high-level views from runtime data [Richner and Ducasse 1999] 12.24
  25. 25. Visualization of Runtime Behavior Problem of Large traces [JinSight, De Pauw 1993] 12.25
  26. 26. Feature-Centric Reverse Engineering Software System F1 F2 Fn F1 F2 Fn Software developer Users 12.26
  27. 27. Bug reports often expressed in terms of Features. I canʼt add new contacts!!! The “add contacts“ feature 12.27
  28. 28. Dividing a trace into features Feature 1 Feature 2 Feature n 12.28
  29. 29. Feature Identification is a technique to map features to source code. “A feature is an observable unit of behavior of a system triggered by the user” [Eisenbarth etal. 2003] Software Reconnaissance [Wilde and Scully ] Run a (1) feature exhibiting scenario and a (2) non-exhibiting scenario and compare the traces. Then browse the source code. 12.29
  30. 30. Feature-Centric Analysis: 3 Complementary Perspectives Features Relationships F1 Perspective F2 F3 F4 F5 Classes Perspective Features Perspective 12.30
  31. 31. Dynamix - A Model for Dynamic Analysis 12.31
  32. 32. DynaMoose - An Environment for Feature Analysis 12.32
  33. 33. Demo of Feature Analysis - Feature Views of Classes PhoneButtonEventBackSpace PhoneStateContact PhoneStateContactForm EditableText CustomTextArea Feature Views of PhoneSim Classes 12.33
  34. 34. Feature Views of ʻPhonesimʼ Methods Feature Views of PhoneSim Methods 12.34
  35. 35. Feature Relationships based on shared usage of classes or methods. browseContacts, addContacts 12.35
  36. 36. Object Flow Analysis Method execution traces do not reveal how … objects refer to each other … object references evolve Trace and analyze object flow — Object-centric debugger: Trace back flow from errors to code that produced the objects — Detect object dependencies between features 12.36
  37. 37. Dynamic vs. Static Analysis Static analyses extract properties that hold for all possible program runs Dynamic analysis provides more precise information …but only for the execution under consideration Dynamic analysis cannot show that a program satisfies a particular property, but can detect violations of the property 12.37
  38. 38. Conclusions: Pros and Cons Dependent on input —Advantage: Input or features can be directly related to execution —Disadvantage: May fail to exercise certain important paths and poor choice of input may be unrepresentative Broad scope: dynamic analyses follow long paths and may discover semantic dependencies between program entities widely separated in space and time However, understanding dynamic behavior of OO systems is difficult Large number of executed methods Execution paths crosscut abstraction layers Side effects 12.38
  39. 39. License > Attribution-ShareAlike 2.5 You are free: • to copy, distribute, display, and perform the work • to make derivative works • to make commercial use of the work Under the following conditions: Attribution. You must attribute the work in the manner specified by the author or licensor. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. • For any reuse or distribution, you must make clear to others the license terms of this work. • Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. 12.39