Top: An Infrastructure for detecting Application-Specific Program Errors by Binary Runtime Instrumentation

TR Number
Date
2006-06-15
Journal Title
Journal ISSN
Volume Title
Publisher
Virginia Tech
Abstract

Finding errors in applications has been achieved using a wide variety of techniques. Some tools instrument the application to check for program properties dynamically whereas others analyze the program statically.

We use a technique that analyzes a program's execution by binary runtime instrumentation. Unlike tools that work on a particular language or an intermediate representation of a language, our approach works directly on binaries and hence it is not bound to any language.

In order to instrument binaries, we use a binary instrumentation system called Pin, which provides APIs to instrument the application at runtime. We have built an infrastructure using Pin called Top that allows program entities like variables and events to be traced. Using finite automata we can check if certain events take place during the execution of the program.

Top consists of a Tracing System that can trace movement of pointers to memory locations or 32-bit data values and keeps track of all their copies. It also provides an Event Framework that reports the occurrence of events such as function calls or returns. Top provides a programming interface which allows querying for particular events. The query is compiled with Top to produce a customized analysis tool, also called client. Running the analysis tool with the application, under Pin, results in events of interest being detected and reported.

Using Top, we built a Memory Checker that checks for incorrect usage of dynamic memory allocation APIs and semantically incorrect accesses to dynamically allocated memory. Since we perform fine-grained checking by tracing references, our memory checker found some errors that a popular memory checker called valgrind did not. We have also built an MPI Checker which is used to check if programs use MPI's asynchronous communication primitives properly. This checker can detect errors related to illegal data buffer accesses and errors where the programmer inadvertently overwrote a handle needed to finish the processing of a request.

Description
Keywords
Program analysis, debugging, application-specific errors
Citation
Collections