SlideShare a Scribd company logo

ReCrash: Making crashes reproducible by preserving object states (ECOOP 2008)

Sung Kim
Sung Kim

It's really fun to work with Shay and Mike. Thank you!

TechnologyEducation
1 of 70
Download to read offline
ReCrash   Making  crashes  reproducible   by  preserving  object  states   Shay  Artzi,  Sunghun  Kim*,  Michael  D.  Ernst   MIT   * now at HKUST
Eclipse  bug  30280:   2  days  to  reproduce,  4  minutes  to  fix   2003-­‐01-­‐27    08:01   User:    Eclipse  crashed…    I  have  no  idea   why...    Here  is  the  stack  trace.   2003-­‐01-­‐27    08:26   Developer:    What  build  are  you  using?     Do  you  have  a  testcase  to  reproduce?   2003-­‐01-­‐27    08:39   Developer:    Which  JDK  are  you  using?   2003-­‐01-­‐28    13:06   User:    I’m  running  Eclipse  2.1,  …   I  was  not  able  to  reproduce  the  crash.   2003-­‐01-­‐29    04:33   Developer:    Reproduced.   2003-­‐01-­‐29    04:37   Developer:    Fixed.  
Reproducing  crashes   •  If  a  crash  can’t  be  reproduced:   –  Hard  to  fix   –  Hard  to  validate  a  soluYon   •  Reproducing  a  crash  is  hard!   –  Nondeterminism   –  ConfiguraYon  and  system  informaYon   –  Steps  to  reproduce  may  be  complex  or  long   –  In-­‐field  detecYon   –  Users  rarely  provide  reproducible  bug  reports  
Approach  1:    Postmortem  analysis   Examples:    stack  trace,  core  dump     Problems:   •  Fault  (bug)  may  be  far  from  failure  (excepYon)   –  Faulty  method  may  not  be  in  stack  trace   •  Too  much  informaYon   –  Core  dump:    big;  hard  to  interpret   •  Not  enough  informaYon   –  Shows  effects  (final  values),  not  causes   –  Need  iniYal  values  to  reproduce  the  failure  
Approach  2:    Record  &  replay   •  Logging:    record  interacYons  with  environment   •  Replay:    use  log  to  reproduce  the  execuYon   •  Checkpoint:    replay  skips  part  of  the  execuYon   Problems:   •  UnrealisYc  overhead   •  Invasive  changes  to  HW/OS/applicaYon  
Record  &  replay  for  OO  programs   •  Object-­‐oriented  style  uses  only  nearby  state   –  Unit  tesYng  depends  on  this  property   •  ReCrash  reproduces  this  nearby  state   –  Does  not  replay  an  execuYon   –  StaYc  and  dynamic  analyses  reduce  the  size   •  Lightweight:    efficient,  no  harness,  usable  in-­‐ field   •  Not  guaranteed  to  reproduce  every  failure  
ReCrash  technique   Goal:    Convert  a  crash  into  a  set  of  unit  tests   1.  Monitoring:    maintain  a  shadow  stack   –  Contains  a  copy  of  each  method  argument   –  On  program  crash,  write  the  shadow  stack  to  a  file   2.  Test  generaYon:    create  many  unit  tests   –  For  each  stack  frame,  create  one  unit  test:   •  Invoke  the  method  using  arguments  from  the  shadow   stack   •  If  the  test  does  not  reproduce  the  crash,  discard  the   test  
Maintaining  the  shadow  stack   •  On  method  entry:   –  Push  a  new  shadow  stack  frame   –  Copy  the  actual  arguments  to  the  shadow  stack   •  On  non-­‐excepYonal  method  exit:   –  Pop  the  shadow  stack  frame   •  On  program  failure  (top-­‐level  excepYon):   –  Write  the  shadow  stack  to  a  file   •  Serializes  all  state  referenced  by  the  shadow  stack  
Create  one  JUnit  test  per  stack  frame     Test case for Eclipse bug 30280   public void test_resolveType() { Read arguments from the saved shadow stack AllocExpr rec = (AllocExpr) shadowStack.getArg(0); BlockScope arg = (BlockScope) shadowStack.getArg(1); rec.resolveType(arg); } Invoke the method from the stack frame   We  expect  the  method  to  fail  as  it  did  at  run  Yme  
EvaluaYng  unit  tests   •  Run  each  generated  unit  test   •  Discard  the  test  if  it  does  not  reproduce  the   run-­‐Yme  excepYon  
How  a  developer  uses  the  tests   •  In  a  debugger,  step  through  execuYon  and   examine  fields   •  Experiment  by  modifying  the  tests   •  Verify  a  fix   •  Create  a  regression  test   –  Replace  deserialized  objects  by  real  objects  or   mock  objects   –  More  readable  and  robust  
Why  create  mulYple  tests?   •  Not  all  tests  may  reproduce  the  failure   –  Due  to  state  not  captured  on  the  shadow  stack   •  Sockets,  files,  nondeterminism,  distant  program  state   •  Does  capture  all  values  that  are  passed  as  arguments   •  Some  tests  may  not  be  useful  for  debugging  
Not  every  test  is  useful   Stack  trace:   Tests:   NullPointerException void test_toString() { at Class1.toString Class1 receiver = null; at Class2.myMethod receiver.toString(); ... } void test_myMethod() { Class2 receiver = (Class2) shadowStack.getArg(0); receiver.myMethod(); }
Other  features  of  ReCrash   •  Non-­‐crashing  failures   –  Add  a  ReCrash  annotaYon   •  Caught  excepYons  that  lead  to  later  failures   •  Adding  extra  informaYon  to  test  cases   –  Version  number,  configuraYon  informaYon   •  Reducing  the  serialized  stack   –  Size,  privacy  
Cost  of  monitoring   Key  cost:    copying  arguments  to  shadow  stack   Tradeoff:    less  informaYon  in  shadow  stack  ⇒   lower  chance  of  reproducing  failures   1.  Depth  of  copy   –  Deep,  reference,  or  a  hybrid   2.  Save  less  informaYon  about  each  argument   –  Focus  on  important  fields   3.  Monitor  fewer  methods   –  Ignore  methods  not  likely  to  crash  or  to  be  useful  
Original  program  execuYon   Real  stack  
Original  program  execuYon   R:   17 Real  stack  
Original  program  execuYon   R:   17 Real  stack  
Original  program  execuYon   R:   18 Real  stack  
Original  program  execuYon   R:   A1:   R:   18 Real  stack  
Original  program  execuYon   R:   A1:   A2:   R:   A1:   R:   18 Real  stack  
1.    Depth  of  copying  
Deep  copy   Real  stack   Shadow  stack  
Deep  copy   R:   17 R:   17 Real  stack   Shadow  stack  
Deep  copy   R:   18 R:   17 Real  stack   Shadow  stack  
Deep  copy   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Deep  copy   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Deep  copy   Multiple copies ⇒ quadratic cost Unusable in practice R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Reference  copy   Real  stack   Shadow  stack  
Reference  copy   R:   17 R:   Real  stack   Shadow  stack  
Reference  copy   R:   18 R:   Real  stack   Shadow  stack  
Reference  copy   R:   R:   A1:   A1:   R:   18 R:   Real  stack   Shadow  stack  
Reference  copy   R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   R:   18 R:   Real  stack   Shadow  stack  
Depth-­‐1  copy   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
2.    Ignoring  some  fields  
Depth-­‐1  copy   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Used  fields   Analysis results R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Depth1  +  used  fields   (=  Depth2  –  unused  fields)   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Pure  methods   Analysis results R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Pure  methods   R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Immutable  objects   Analysis results R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Immutable  objects   R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
3.    Ignoring  some  methods  
Ignored  methods   Analysis results R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Ignored  methods   R:   R:   A1:   A1:   A2:   A2:   R:   A1:   R:   18 R:   17 Real  stack   Shadow  stack  
Methods  that  are  unlikely  to  be  useful   •  Trivial  methods   •  Private  methods   •  Library  methods   •  Methods  that  are  unlikely  to  crash  
Second  chance  mode   Idea:    monitor  only  methods  that  are  likely  to  crash   •  IniYally,  monitor  no  methods   •  Aner  a  crash,  add  monitoring  for  methods  in  the   stack  trace   –  Can  update  all  clients,  not  just  the  one  that  crashed   •  Tradeoffs:   +  Very  low  overhead  (no  overhead  unYl  a  crash)   –  Requires  a  failure  to  occur  twice  
Experimental  study   1.  Can  ReCrash  reproduce  failures?   2.  Are  the  ReCrash-­‐generated  tests  useful?   3.  How  large  are  the  test  cases?   4.  What  is  the  overhead  of  running  ReCrash?  
Subject  programs   InvesYgated  11  real  crashes  from:   –  BST:    .2  KLOC   –  SVNKit:    22  KLOC   –  Eclipse  compiler:    83  KLOC   –  Javac-­‐jsr308:    86  KLOC    
Q1:    Can  ReCrash  reproduce  failures?   Program   Failure   Candidate   Reproducible  tests   tests   reference   depth  1  +   deep   copy   used-­‐fields   copy   BST   Class  cast   3   3   3   3   Class  cast   3   3   3   3   Unsupported   3   3   3   3   SVNKit   Index  bounds   3   3   3   3   Null  pointer   2   2   2   2   Null  pointer   2   2   2   2   Eclipsec   Null  pointer   13   0   1   8   Javac-­‐ Null  pointer   17   5   5   5   jsr308   Illegal  arg   23   11   11   11   Null  pointer   8   1   1   1   Index  bounds   28   11   11   11  
Q1:    Can  ReCrash  reproduce  failures?   Program   Failure   Candidate   Reproducible  tests   tests   reference   depth  1  +   deep   copy   used-­‐fields   copy   BST   Class  cast   3   3   3   3   Class  cast   3   3   3   3   Unsupported   3   3   3   3   SVNKit   Index  bounds   3   3   3   3   Null  pointer   2   2   2   2   Null  pointer   2   2   2   2   Eclipsec   Null  pointer   13   0   1   8   Javac-­‐ Null  pointer   17   5   5   5   jsr308   Illegal  arg   23   11   11   11   Null  pointer   8   1   1   1   Index  bounds   28   11   11   11  
Q2:    Are  the  ReCrash  tests  useful?   •  Developers  found  the  tests  useful   –  Developer  1:    “You  don’t  have  to  wait  for  the   crash  to  occur  again”;  also  liked  mulYple  tests   –  Developer  2:    “Using  ReCrash,  I  was  able  to  jump   (almost  directly)  to  the  necessary  breakpoint”   •   Developers  found  the  stack  trace  insufficient   –  Unable  to  reproduce   –  The  failure  may  be  far  removed  from  the  fault  
Q3:    How  large  are  the  test  cases?   •  The  JUnit  test  suite  uses  the  shadow  stack   •  Serializes  all  reachable  parts  of  the  heap   Program   Average   shadow  stack   size  (KB)   BST   12   SVNKit   34   Eclipsec   62   Javac-­‐jsr308   422  
Q4:    Time  overhead  of  ReCrash   SVNKit Original Reference Depth  1  +  used-­‐fields Eclipsec Second  chance 0 0.5 1 1.5 2 Overhead  of  instrumented  program  in  the  field  
Q4:    Memory  overhead  of  ReCrash   Absolute  memory  overhead:    .2M  –  4.7  M  
GeneraYng  unit  tests  from  system   runs   •  Test  factoring  [Saff  2005,  Elbaum  2006]   –  Developer  selects  a  porYon  of  the  program   –  System  logs  interacYons  with  the  environment   –  Unit  test  replays  execuYon  in  a  test  harness   •  Contract-­‐driven  development  [Leitner  2007]   –  Reference  copying,  intended  for  durable  tests   •  Backward-­‐in-­‐Yme  debuggers  [Lienhard  2008]   –  Heavier-­‐weight  logging  and  checkpoints  
Future  work   •  Capture  more  state   –  Concurrency,  Yming,  external  resources   •  Other  implementaYon  tradeoffs   –  Copy-­‐on-­‐write   –  ExisYng  VM  hooks   –  Logging/debugging  techniques   –  These  are  probably  orthogonal  to  ReCrash  
ReCrash  converts  failures  into  tests   •  ReCrash  effecYvely  reproduces  failures   •  Replicates  program  states   •  Generates  mulYple  unit  tests   •  The  unit  tests  are  useful   •  Low  overhead   •  Records  only  relevant  parts  of  an  execuYon   •  4  program  analyses;  second  chance  mode   •  Can  deploy  instrumented  programs  in  the  field   •  Download:    hup://pag.csail.mit.edu/ReCrash/      
ReCrash  converts  failures  into  tests   •  ReCrash  effecYvely  reproduces  failures   •  Replicates  program  states   •  Generates  mulYple  unit  tests   •  The  unit  tests  are  useful   •  Low  overhead   •  Records  only  relevant  parts  of  an  execuYon   •  4  program  analyses;  second  chance  mode   •  Can  deploy  instrumented  programs  in  the  field   •  Download:    hup://pag.csail.mit.edu/ReCrash/      
Maintaining  the  shadow  stack   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On method entry R:   A1:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On method entry: 1.  Push a new shadow stack frame R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On method entry: 1.  Push a new shadow stack frame 2.  Copy the actual arguments to the shadow stack R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On method exit R:   18 A1:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On method exit: 1.  Pop shadow stack frame R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On program failure (top-level exception): R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On program failure (top-level exception): 1.  Write the shadow stack to a file R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
Maintaining  the  shadow  stack   On program failure (top-level exception): 1.  Write the shadow stack to a file Serializes all referenced state R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  

Recommended

1 Vampir Overview
1 Vampir Overview1 Vampir Overview
1 Vampir OverviewPTIHPA
 
VLSI lab manual Part B, VTU 7the sem KIT-tiptur
VLSI lab manual Part B, VTU 7the sem KIT-tipturVLSI lab manual Part B, VTU 7the sem KIT-tiptur
VLSI lab manual Part B, VTU 7the sem KIT-tipturPramod Kumar S
 
VTU ECE 7th sem VLSI lab manual
VTU ECE 7th sem VLSI lab manualVTU ECE 7th sem VLSI lab manual
VTU ECE 7th sem VLSI lab manualMaharaja Institute of Technology Mysore
 
VLSI lab report using Cadence tool
VLSI lab report using Cadence toolVLSI lab report using Cadence tool
VLSI lab report using Cadence toolMaharaja Institute of Technology Mysore
 
Triton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON ChinaTriton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON ChinaWei-Bo Chen
 
GCC RTL and Machine Description
GCC RTL and Machine DescriptionGCC RTL and Machine Description
GCC RTL and Machine DescriptionPriyatham Bollimpalli
 
Syntutic
SyntuticSyntutic
SyntuticRohit Chintu
 
Advance ROP Attacks
Advance ROP AttacksAdvance ROP Attacks
Advance ROP Attacksn|u - The Open Security Community
 

Recommended

1 Vampir Overview
1 Vampir Overview1 Vampir Overview
1 Vampir OverviewPTIHPA
 
VLSI lab manual Part B, VTU 7the sem KIT-tiptur
VLSI lab manual Part B, VTU 7the sem KIT-tipturVLSI lab manual Part B, VTU 7the sem KIT-tiptur
VLSI lab manual Part B, VTU 7the sem KIT-tipturPramod Kumar S
 
VTU ECE 7th sem VLSI lab manual
VTU ECE 7th sem VLSI lab manualVTU ECE 7th sem VLSI lab manual
VTU ECE 7th sem VLSI lab manualMaharaja Institute of Technology Mysore
 
VLSI lab report using Cadence tool
VLSI lab report using Cadence toolVLSI lab report using Cadence tool
VLSI lab report using Cadence toolMaharaja Institute of Technology Mysore
 
Triton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON ChinaTriton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON ChinaWei-Bo Chen
 
GCC RTL and Machine Description
GCC RTL and Machine DescriptionGCC RTL and Machine Description
GCC RTL and Machine DescriptionPriyatham Bollimpalli
 
Syntutic
SyntuticSyntutic
SyntuticRohit Chintu
 
Advance ROP Attacks
Advance ROP AttacksAdvance ROP Attacks
Advance ROP Attacksn|u - The Open Security Community
 
Grow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackGrow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackKeitaSugiyama1
 
Vlsi design-manual
Vlsi design-manualVlsi design-manual
Vlsi design-manualAmbuj Jha
 
Course lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingCourse lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingJonathan Salwan
 
Process Mining - Chapter 8 - Mining Additional Perspectives
Process Mining - Chapter 8 - Mining Additional PerspectivesProcess Mining - Chapter 8 - Mining Additional Perspectives
Process Mining - Chapter 8 - Mining Additional PerspectivesWil van der Aalst
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploitshughpearse
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROPSaumil Shah
 
Implementing Lightweight Networking
Implementing Lightweight NetworkingImplementing Lightweight Networking
Implementing Lightweight Networkingguest6972eaf
 
04basic Concepts
04basic Concepts04basic Concepts
04basic ConceptsZhiwen Guo
 
XS Oracle 2009 Just Run It
XS Oracle 2009 Just Run ItXS Oracle 2009 Just Run It
XS Oracle 2009 Just Run ItThe Linux Foundation
 
Lp seminar
Lp seminarLp seminar
Lp seminarguestdff961
 
Rubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystemRubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystemevanphx
 
DD18 - SEED - Raytracing in Hybrid Real-Time Rendering
DD18 - SEED - Raytracing in Hybrid Real-Time RenderingDD18 - SEED - Raytracing in Hybrid Real-Time Rendering
DD18 - SEED - Raytracing in Hybrid Real-Time RenderingElectronic Arts / DICE
 
Using neon for pattern recognition in audio data
Using neon for pattern recognition in audio dataUsing neon for pattern recognition in audio data
Using neon for pattern recognition in audio dataIntel Nervana
 
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...chen yuki
 
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devicessrkedmi
 
Return-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code InjectionReturn-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code Injectionguest9f4856
 
Rocket Fuelled Cucumbers
Rocket Fuelled CucumbersRocket Fuelled Cucumbers
Rocket Fuelled CucumbersJoseph Wilk
 
Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2ppd1961
 
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...Thanos Zolotas
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScriptSimon Willison
 
Ruby Under The Hood
Ruby Under The HoodRuby Under The Hood
Ruby Under The Hoodcraig lehmann
 

More Related Content

What's hot

Grow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackGrow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackKeitaSugiyama1
 
Vlsi design-manual
Vlsi design-manualVlsi design-manual
Vlsi design-manualAmbuj Jha
 
Course lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingCourse lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingJonathan Salwan
 
Process Mining - Chapter 8 - Mining Additional Perspectives
Process Mining - Chapter 8 - Mining Additional PerspectivesProcess Mining - Chapter 8 - Mining Additional Perspectives
Process Mining - Chapter 8 - Mining Additional PerspectivesWil van der Aalst
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploitshughpearse
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_newNaveen Gouda
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROPSaumil Shah
 
Implementing Lightweight Networking
Implementing Lightweight NetworkingImplementing Lightweight Networking
Implementing Lightweight Networkingguest6972eaf
 
04basic Concepts
04basic Concepts04basic Concepts
04basic ConceptsZhiwen Guo
 

What's hot (9)

Grow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM StackGrow and Shrink - Dynamically Extending the Ruby VM Stack
Grow and Shrink - Dynamically Extending the Ruby VM Stack
 
Vlsi design-manual
Vlsi design-manualVlsi design-manual
Vlsi design-manual
 
Course lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented ProgrammingCourse lecture - An introduction to the Return Oriented Programming
Course lecture - An introduction to the Return Oriented Programming
 
Process Mining - Chapter 8 - Mining Additional Perspectives
Process Mining - Chapter 8 - Mining Additional PerspectivesProcess Mining - Chapter 8 - Mining Additional Perspectives
Process Mining - Chapter 8 - Mining Additional Perspectives
 
Low Level Exploits
Low Level ExploitsLow Level Exploits
Low Level Exploits
 
Vlsi lab manual_new
Vlsi lab manual_newVlsi lab manual_new
Vlsi lab manual_new
 
An introduction to ROP
An introduction to ROPAn introduction to ROP
An introduction to ROP
 
Implementing Lightweight Networking
Implementing Lightweight NetworkingImplementing Lightweight Networking
Implementing Lightweight Networking
 
04basic Concepts
04basic Concepts04basic Concepts
04basic Concepts
 

Similar to ReCrash: Making crashes reproducible by preserving object states (ECOOP 2008)

Rubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystemRubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystemevanphx
 
DD18 - SEED - Raytracing in Hybrid Real-Time Rendering
DD18 - SEED - Raytracing in Hybrid Real-Time RenderingDD18 - SEED - Raytracing in Hybrid Real-Time Rendering
DD18 - SEED - Raytracing in Hybrid Real-Time RenderingElectronic Arts / DICE
 
Using neon for pattern recognition in audio data
Using neon for pattern recognition in audio dataUsing neon for pattern recognition in audio data
Using neon for pattern recognition in audio dataIntel Nervana
 
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...chen yuki
 
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devicessrkedmi
 
Return-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code InjectionReturn-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code Injectionguest9f4856
 
Rocket Fuelled Cucumbers
Rocket Fuelled CucumbersRocket Fuelled Cucumbers
Rocket Fuelled CucumbersJoseph Wilk
 
Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2ppd1961
 
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...Thanos Zolotas
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScriptSimon Willison
 
XS Boston 2008 Paravirt Ops in Linux IA64
XS Boston 2008 Paravirt Ops in Linux IA64XS Boston 2008 Paravirt Ops in Linux IA64
XS Boston 2008 Paravirt Ops in Linux IA64The Linux Foundation
 
Tamarin And Ecmascript 4
Tamarin And Ecmascript 4Tamarin And Ecmascript 4
Tamarin And Ecmascript 4elliando dias
 
Tamarin and ECMAScript 4
Tamarin and ECMAScript 4Tamarin and ECMAScript 4
Tamarin and ECMAScript 4jeresig
 
Reproducible Linear Algebra from Application to Architecture
Reproducible Linear Algebra from Application to ArchitectureReproducible Linear Algebra from Application to Architecture
Reproducible Linear Algebra from Application to ArchitectureJason Riedy
 
Advanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLab
Advanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLabAdvanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLab
Advanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLabCloudxLab
 
PR-297: Training data-efficient image transformers & distillation through att...
PR-297: Training data-efficient image transformers & distillation through att...PR-297: Training data-efficient image transformers & distillation through att...
PR-297: Training data-efficient image transformers & distillation through att...Jinwon Lee
 

Similar to ReCrash: Making crashes reproducible by preserving object states (ECOOP 2008) (20)

XS Oracle 2009 Just Run It
XS Oracle 2009 Just Run ItXS Oracle 2009 Just Run It
XS Oracle 2009 Just Run It
 
Lp seminar
Lp seminarLp seminar
Lp seminar
 
Rubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystemRubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystem
 
DD18 - SEED - Raytracing in Hybrid Real-Time Rendering
DD18 - SEED - Raytracing in Hybrid Real-Time RenderingDD18 - SEED - Raytracing in Hybrid Real-Time Rendering
DD18 - SEED - Raytracing in Hybrid Real-Time Rendering
 
Using neon for pattern recognition in audio data
Using neon for pattern recognition in audio dataUsing neon for pattern recognition in audio data
Using neon for pattern recognition in audio data
 
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
2013 syscan360 yuki_chen_syscan360_exploit your java native vulnerabilities o...
 
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
 
Return-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code InjectionReturn-Oriented Programming: Exploits Without Code Injection
Return-Oriented Programming: Exploits Without Code Injection
 
Rocket Fuelled Cucumbers
Rocket Fuelled CucumbersRocket Fuelled Cucumbers
Rocket Fuelled Cucumbers
 
Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2
 
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
Bridging Proprietary Modelling and Open-Source Model Management Tools: The Ca...
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScript
 
Ruby Under The Hood
Ruby Under The HoodRuby Under The Hood
Ruby Under The Hood
 
XS Boston 2008 Paravirt Ops in Linux IA64
XS Boston 2008 Paravirt Ops in Linux IA64XS Boston 2008 Paravirt Ops in Linux IA64
XS Boston 2008 Paravirt Ops in Linux IA64
 
Tamarin And Ecmascript 4
Tamarin And Ecmascript 4Tamarin And Ecmascript 4
Tamarin And Ecmascript 4
 
Tamarin and ECMAScript 4
Tamarin and ECMAScript 4Tamarin and ECMAScript 4
Tamarin and ECMAScript 4
 
Reproducible Linear Algebra from Application to Architecture
Reproducible Linear Algebra from Application to ArchitectureReproducible Linear Algebra from Application to Architecture
Reproducible Linear Algebra from Application to Architecture
 
Ass5
Ass5Ass5
Ass5
 
Advanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLab
Advanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLabAdvanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLab
Advanced Spark Programming - Part 2 | Big Data Hadoop Spark Tutorial | CloudxLab
 
PR-297: Training data-efficient image transformers & distillation through att...
PR-297: Training data-efficient image transformers & distillation through att...PR-297: Training data-efficient image transformers & distillation through att...
PR-297: Training data-efficient image transformers & distillation through att...
 

More from Sung Kim

DeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningDeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningSung Kim
 
Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Sung Kim
 
Time series classification
Time series classificationTime series classification
Time series classificationSung Kim
 
Tensor board
Tensor boardTensor board
Tensor boardSung Kim
 
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...Sung Kim
 
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Sung Kim
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesSung Kim
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Sung Kim
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSung Kim
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...Sung Kim
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim
 
Source code comprehension on evolving software
Source code comprehension on evolving softwareSource code comprehension on evolving software
Source code comprehension on evolving softwareSung Kim
 
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationA Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationSung Kim
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
MSR2014 opening
MSR2014 openingMSR2014 opening
MSR2014 openingSung Kim
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learningSung Kim
 

More from Sung Kim (20)

DeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence LearningDeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
DeepAM: Migrate APIs with Multi-modal Sequence to Sequence Learning
 
Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)Deep API Learning (FSE 2016)
Deep API Learning (FSE 2016)
 
Time series classification
Time series classificationTime series classification
Time series classification
 
Tensor board
Tensor boardTensor board
Tensor board
 
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
 
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution Techniques
 
Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)Crowd debugging (FSE 2015)
Crowd debugging (FSE 2015)
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled Datasets
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
 
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
How We Get There: A Context-Guided Search Strategy in Concolic Testing (FSE 2...
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
 
Source code comprehension on evolving software
Source code comprehension on evolving softwareSource code comprehension on evolving software
Source code comprehension on evolving software
 
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test GenerationA Survey on Dynamic Symbolic Execution for Automatic Test Generation
A Survey on Dynamic Symbolic Execution for Automatic Test Generation
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Prediction
 
MSR2014 opening
MSR2014 openingMSR2014 opening
MSR2014 opening
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect Prediction
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash Reproduction
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learning
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

ReCrash: Making crashes reproducible by preserving object states (ECOOP 2008)

  • 1. ReCrash   Making  crashes  reproducible   by  preserving  object  states   Shay  Artzi,  Sunghun  Kim*,  Michael  D.  Ernst   MIT   * now at HKUST
  • 2. Eclipse  bug  30280:   2  days  to  reproduce,  4  minutes  to  fix   2003-­‐01-­‐27    08:01   User:    Eclipse  crashed…    I  have  no  idea   why...    Here  is  the  stack  trace.   2003-­‐01-­‐27    08:26   Developer:    What  build  are  you  using?     Do  you  have  a  testcase  to  reproduce?   2003-­‐01-­‐27    08:39   Developer:    Which  JDK  are  you  using?   2003-­‐01-­‐28    13:06   User:    I’m  running  Eclipse  2.1,  …   I  was  not  able  to  reproduce  the  crash.   2003-­‐01-­‐29    04:33   Developer:    Reproduced.   2003-­‐01-­‐29    04:37   Developer:    Fixed.  
  • 3. Reproducing  crashes   •  If  a  crash  can’t  be  reproduced:   –  Hard  to  fix   –  Hard  to  validate  a  soluYon   •  Reproducing  a  crash  is  hard!   –  Nondeterminism   –  ConfiguraYon  and  system  informaYon   –  Steps  to  reproduce  may  be  complex  or  long   –  In-­‐field  detecYon   –  Users  rarely  provide  reproducible  bug  reports  
  • 4. Approach  1:    Postmortem  analysis   Examples:    stack  trace,  core  dump     Problems:   •  Fault  (bug)  may  be  far  from  failure  (excepYon)   –  Faulty  method  may  not  be  in  stack  trace   •  Too  much  informaYon   –  Core  dump:    big;  hard  to  interpret   •  Not  enough  informaYon   –  Shows  effects  (final  values),  not  causes   –  Need  iniYal  values  to  reproduce  the  failure  
  • 5. Approach  2:    Record  &  replay   •  Logging:    record  interacYons  with  environment   •  Replay:    use  log  to  reproduce  the  execuYon   •  Checkpoint:    replay  skips  part  of  the  execuYon   Problems:   •  UnrealisYc  overhead   •  Invasive  changes  to  HW/OS/applicaYon  
  • 6. Record  &  replay  for  OO  programs   •  Object-­‐oriented  style  uses  only  nearby  state   –  Unit  tesYng  depends  on  this  property   •  ReCrash  reproduces  this  nearby  state   –  Does  not  replay  an  execuYon   –  StaYc  and  dynamic  analyses  reduce  the  size   •  Lightweight:    efficient,  no  harness,  usable  in-­‐ field   •  Not  guaranteed  to  reproduce  every  failure  
  • 7. ReCrash  technique   Goal:    Convert  a  crash  into  a  set  of  unit  tests   1.  Monitoring:    maintain  a  shadow  stack   –  Contains  a  copy  of  each  method  argument   –  On  program  crash,  write  the  shadow  stack  to  a  file   2.  Test  generaYon:    create  many  unit  tests   –  For  each  stack  frame,  create  one  unit  test:   •  Invoke  the  method  using  arguments  from  the  shadow   stack   •  If  the  test  does  not  reproduce  the  crash,  discard  the   test  
  • 8. Maintaining  the  shadow  stack   •  On  method  entry:   –  Push  a  new  shadow  stack  frame   –  Copy  the  actual  arguments  to  the  shadow  stack   •  On  non-­‐excepYonal  method  exit:   –  Pop  the  shadow  stack  frame   •  On  program  failure  (top-­‐level  excepYon):   –  Write  the  shadow  stack  to  a  file   •  Serializes  all  state  referenced  by  the  shadow  stack  
  • 9. Create  one  JUnit  test  per  stack  frame     Test case for Eclipse bug 30280   public void test_resolveType() { Read arguments from the saved shadow stack AllocExpr rec = (AllocExpr) shadowStack.getArg(0); BlockScope arg = (BlockScope) shadowStack.getArg(1); rec.resolveType(arg); } Invoke the method from the stack frame   We  expect  the  method  to  fail  as  it  did  at  run  Yme  
  • 10. EvaluaYng  unit  tests   •  Run  each  generated  unit  test   •  Discard  the  test  if  it  does  not  reproduce  the   run-­‐Yme  excepYon  
  • 11. How  a  developer  uses  the  tests   •  In  a  debugger,  step  through  execuYon  and   examine  fields   •  Experiment  by  modifying  the  tests   •  Verify  a  fix   •  Create  a  regression  test   –  Replace  deserialized  objects  by  real  objects  or   mock  objects   –  More  readable  and  robust  
  • 12. Why  create  mulYple  tests?   •  Not  all  tests  may  reproduce  the  failure   –  Due  to  state  not  captured  on  the  shadow  stack   •  Sockets,  files,  nondeterminism,  distant  program  state   •  Does  capture  all  values  that  are  passed  as  arguments   •  Some  tests  may  not  be  useful  for  debugging  
  • 13. Not  every  test  is  useful   Stack  trace:   Tests:   NullPointerException void test_toString() { at Class1.toString Class1 receiver = null; at Class2.myMethod receiver.toString(); ... } void test_myMethod() { Class2 receiver = (Class2) shadowStack.getArg(0); receiver.myMethod(); }
  • 14. Other  features  of  ReCrash   •  Non-­‐crashing  failures   –  Add  a  ReCrash  annotaYon   •  Caught  excepYons  that  lead  to  later  failures   •  Adding  extra  informaYon  to  test  cases   –  Version  number,  configuraYon  informaYon   •  Reducing  the  serialized  stack   –  Size,  privacy  
  • 15. Cost  of  monitoring   Key  cost:    copying  arguments  to  shadow  stack   Tradeoff:    less  informaYon  in  shadow  stack  ⇒   lower  chance  of  reproducing  failures   1.  Depth  of  copy   –  Deep,  reference,  or  a  hybrid   2.  Save  less  informaYon  about  each  argument   –  Focus  on  important  fields   3.  Monitor  fewer  methods   –  Ignore  methods  not  likely  to  crash  or  to  be  useful  
  • 16. Original  program  execuYon   Real  stack  
  • 17. Original  program  execuYon   R:   17 Real  stack  
  • 18. Original  program  execuYon   R:   17 Real  stack  
  • 19. Original  program  execuYon   R:   18 Real  stack  
  • 20. Original  program  execuYon   R:   A1:   R:   18 Real  stack  
  • 21. Original  program  execuYon   R:   A1:   A2:   R:   A1:   R:   18 Real  stack  
  • 22. 1.    Depth  of  copying  
  • 23. Deep  copy   Real  stack   Shadow  stack  
  • 24. Deep  copy   R:   17 R:   17 Real  stack   Shadow  stack  
  • 25. Deep  copy   R:   18 R:   17 Real  stack   Shadow  stack  
  • 26. Deep  copy   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 27. Deep  copy   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 28. Deep  copy   Multiple copies ⇒ quadratic cost Unusable in practice R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 29. Reference  copy   Real  stack   Shadow  stack  
  • 30. Reference  copy   R:   17 R:   Real  stack   Shadow  stack  
  • 31. Reference  copy   R:   18 R:   Real  stack   Shadow  stack  
  • 32. Reference  copy   R:   R:   A1:   A1:   R:   18 R:   Real  stack   Shadow  stack  
  • 33. Reference  copy   R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   R:   18 R:   Real  stack   Shadow  stack  
  • 34. Depth-­‐1  copy   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 35. 2.    Ignoring  some  fields  
  • 36. Depth-­‐1  copy   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 37. Used  fields   Analysis results R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 38. Depth1  +  used  fields   (=  Depth2  –  unused  fields)   R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 39. Pure  methods   Analysis results R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 40. Pure  methods   R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 41. Immutable  objects   Analysis results R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 42. Immutable  objects   R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 43. 3.    Ignoring  some  methods  
  • 44. Ignored  methods   Analysis results R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 45. Ignored  methods   R:   R:   A1:   A1:   A2:   A2:   R:   A1:   R:   18 R:   17 Real  stack   Shadow  stack  
  • 46. Methods  that  are  unlikely  to  be  useful   •  Trivial  methods   •  Private  methods   •  Library  methods   •  Methods  that  are  unlikely  to  crash  
  • 47. Second  chance  mode   Idea:    monitor  only  methods  that  are  likely  to  crash   •  IniYally,  monitor  no  methods   •  Aner  a  crash,  add  monitoring  for  methods  in  the   stack  trace   –  Can  update  all  clients,  not  just  the  one  that  crashed   •  Tradeoffs:   +  Very  low  overhead  (no  overhead  unYl  a  crash)   –  Requires  a  failure  to  occur  twice  
  • 48. Experimental  study   1.  Can  ReCrash  reproduce  failures?   2.  Are  the  ReCrash-­‐generated  tests  useful?   3.  How  large  are  the  test  cases?   4.  What  is  the  overhead  of  running  ReCrash?  
  • 49. Subject  programs   InvesYgated  11  real  crashes  from:   –  BST:    .2  KLOC   –  SVNKit:    22  KLOC   –  Eclipse  compiler:    83  KLOC   –  Javac-­‐jsr308:    86  KLOC    
  • 50. Q1:    Can  ReCrash  reproduce  failures?   Program   Failure   Candidate   Reproducible  tests   tests   reference   depth  1  +   deep   copy   used-­‐fields   copy   BST   Class  cast   3   3   3   3   Class  cast   3   3   3   3   Unsupported   3   3   3   3   SVNKit   Index  bounds   3   3   3   3   Null  pointer   2   2   2   2   Null  pointer   2   2   2   2   Eclipsec   Null  pointer   13   0   1   8   Javac-­‐ Null  pointer   17   5   5   5   jsr308   Illegal  arg   23   11   11   11   Null  pointer   8   1   1   1   Index  bounds   28   11   11   11  
  • 51. Q1:    Can  ReCrash  reproduce  failures?   Program   Failure   Candidate   Reproducible  tests   tests   reference   depth  1  +   deep   copy   used-­‐fields   copy   BST   Class  cast   3   3   3   3   Class  cast   3   3   3   3   Unsupported   3   3   3   3   SVNKit   Index  bounds   3   3   3   3   Null  pointer   2   2   2   2   Null  pointer   2   2   2   2   Eclipsec   Null  pointer   13   0   1   8   Javac-­‐ Null  pointer   17   5   5   5   jsr308   Illegal  arg   23   11   11   11   Null  pointer   8   1   1   1   Index  bounds   28   11   11   11  
  • 52. Q2:    Are  the  ReCrash  tests  useful?   •  Developers  found  the  tests  useful   –  Developer  1:    “You  don’t  have  to  wait  for  the   crash  to  occur  again”;  also  liked  mulYple  tests   –  Developer  2:    “Using  ReCrash,  I  was  able  to  jump   (almost  directly)  to  the  necessary  breakpoint”   •   Developers  found  the  stack  trace  insufficient   –  Unable  to  reproduce   –  The  failure  may  be  far  removed  from  the  fault  
  • 53. Q3:    How  large  are  the  test  cases?   •  The  JUnit  test  suite  uses  the  shadow  stack   •  Serializes  all  reachable  parts  of  the  heap   Program   Average   shadow  stack   size  (KB)   BST   12   SVNKit   34   Eclipsec   62   Javac-­‐jsr308   422  
  • 54. Q4:    Time  overhead  of  ReCrash   SVNKit Original Reference Depth  1  +  used-­‐fields Eclipsec Second  chance 0 0.5 1 1.5 2 Overhead  of  instrumented  program  in  the  field  
  • 55. Q4:    Memory  overhead  of  ReCrash   Absolute  memory  overhead:    .2M  –  4.7  M  
  • 56. GeneraYng  unit  tests  from  system   runs   •  Test  factoring  [Saff  2005,  Elbaum  2006]   –  Developer  selects  a  porYon  of  the  program   –  System  logs  interacYons  with  the  environment   –  Unit  test  replays  execuYon  in  a  test  harness   •  Contract-­‐driven  development  [Leitner  2007]   –  Reference  copying,  intended  for  durable  tests   •  Backward-­‐in-­‐Yme  debuggers  [Lienhard  2008]   –  Heavier-­‐weight  logging  and  checkpoints  
  • 57. Future  work   •  Capture  more  state   –  Concurrency,  Yming,  external  resources   •  Other  implementaYon  tradeoffs   –  Copy-­‐on-­‐write   –  ExisYng  VM  hooks   –  Logging/debugging  techniques   –  These  are  probably  orthogonal  to  ReCrash  
  • 58. ReCrash  converts  failures  into  tests   •  ReCrash  effecYvely  reproduces  failures   •  Replicates  program  states   •  Generates  mulYple  unit  tests   •  The  unit  tests  are  useful   •  Low  overhead   •  Records  only  relevant  parts  of  an  execuYon   •  4  program  analyses;  second  chance  mode   •  Can  deploy  instrumented  programs  in  the  field   •  Download:    hup://pag.csail.mit.edu/ReCrash/      
  • 59. ReCrash  converts  failures  into  tests   •  ReCrash  effecYvely  reproduces  failures   •  Replicates  program  states   •  Generates  mulYple  unit  tests   •  The  unit  tests  are  useful   •  Low  overhead   •  Records  only  relevant  parts  of  an  execuYon   •  4  program  analyses;  second  chance  mode   •  Can  deploy  instrumented  programs  in  the  field   •  Download:    hup://pag.csail.mit.edu/ReCrash/      
  • 60.
  • 61.
  • 62. Maintaining  the  shadow  stack   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 63. Maintaining  the  shadow  stack   On method entry R:   A1:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 64. Maintaining  the  shadow  stack   On method entry: 1.  Push a new shadow stack frame R:   R:   A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 65. Maintaining  the  shadow  stack   On method entry: 1.  Push a new shadow stack frame 2.  Copy the actual arguments to the shadow stack R:   R:   18 A1:   A1:   A2:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 66. Maintaining  the  shadow  stack   On method exit R:   18 A1:   A2:   R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 67. Maintaining  the  shadow  stack   On method exit: 1.  Pop shadow stack frame R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 68. Maintaining  the  shadow  stack   On program failure (top-level exception): R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 69. Maintaining  the  shadow  stack   On program failure (top-level exception): 1.  Write the shadow stack to a file R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack  
  • 70. Maintaining  the  shadow  stack   On program failure (top-level exception): 1.  Write the shadow stack to a file Serializes all referenced state R:   R:   A1:   A1:   18 R:   18 R:   17 Real  stack   Shadow  stack