Affiliation:
1. Peking University, China
2. University College London, United Kingdom
Abstract
Control flow recovery is critical to promise the software quality, especially for large-scale software in production environment. However, the efficiency of most current control flow recovery techniques is compromised due to their runtime overheads along with deployment and development costs. To tackle this problem, we propose a novel solution,
Adonis
, which harnesses
Operating System (OS)
-level traces, such as dynamic library calls and system call traces, to efficiently and safely recover control flows in practice.
Adonis
operates in two steps: It first identifies the call-sites of trace entries, and then it executes a pairwise symbolic execution to recover valid execution paths. This technique has several advantages. First,
Adonis
does not require the insertion of any probes into existing applications, thereby minimizing
runtime cost
. Second, given that OS-level traces are hardware-independent,
Adonis
can be implemented across various hardware configurations without the need for hardware-specific engineering efforts, thus reducing
deployment cost
. Third, as
Adonis
is fully automated and does not depend on manually created logs, it circumvents additional
development cost
. We conducted an evaluation of
Adonis
on representative desktop applications and real-world IoT applications.
Adonis
can faithfully recover the control flow with 86.8% recall and 81.7% precision. Compared to the state-of-the-art log-based approach,
Adonis
can not only cover all the execution paths recovered but also recover 74.9% of statements that cannot be covered. In addition, the runtime cost of
Adonis
is 18.3× lower than the instrument-based approach; the analysis time and storage cost (indicative of the deployment cost) of
Adonis
is 50× smaller and 443× smaller than the hardware-based approach, respectively. To facilitate future replication and extension of this work, we have made the code and data publicly available.
Funder
National Key Research and Development Program of China
National Natural Science Foundation of China
ERC Advanced
Publisher
Association for Computing Machinery (ACM)
Reference64 articles.
1. Agile-IoT. 2022. Awesome-Open-IoT a curated list of awesome open source IoT frameworks libraries and software. Retrieved June 21 2022 from https://github.com/Agile-IoT/awesome-open-iot.
2. Selective path profiling;Apiwattanapong Taweesup;ACM SIGSOFT Softw. Eng. Notes,2002
3. Avast. 2022. RetDec. Retrieved June 10 2022 from https://github.com/avast/retdec.
4. Thomas Ball and James R. Larus. 1996. Efficient path profiling. In Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 29). IEEE, 46–57.
5. Inferring models of concurrent systems from logs of their behavior with CSight