Beyond Breakpoints: A Tour Of Dynamic Analysis

Abstract

Despite advances in software design and static analysis techniques, software remains incredibly complicated and difficult to reason about. Understanding highly-concurrent, kernel-level, and intentionally-obfuscated programs are among the problem domains that spawned the field of dynamic program analysis. More than mere debuggers, the challenge of dynamic analysis tools is to be able record, analyze, and replay execution without sacrificing performance. This talk will provide an introduction to the dynamic analysis research space and hopefully inspire you to consider integrating these techniques into your own internal tools.

Presentation materials

• Slides | Slides w/ speaker notes
• Video

Dynamic Analysis Tools / Source Code

• GDB Reverse Debugging
• Pin
• Valgrind
• ReVirt
• ThreadSanitizer
• librip

Supplimental Papers

Overview, Dynamic Analysis, and Tools

• The Concept of Dynamic Analysis

• The Night's Watch

• Framework for Instruction-level Tracing and Analysis of Program Executions

• Vx32: Lightweight, User-level Sandboxing on the x86

• QEMU: A Fast and Portable Dynamic Translator

• Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation

• Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation

Time-Travel Debugging, Record & Replay, and Taint Analysis

• Design and Implementation of a Backwards-In-Time Debugger

• Debugging Through Time with the Tralfamadore Debugger

• Scalable Omniscient Debugging

• ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay

• Debugging Operating Systems with Time-Traveling Virtual Machines

• Understanding Data Lifetime via Whole System Simulations

• Pointless Tainting? Evaluating the Practicality of Pointer Tainting

Multiprocessor Replay and Race Detection

• Time, Clocks, and the Ordering of Events in a Distributed System

• A "Flight Data Recorder" for Enabling Full-System Multiprocessor Deterministic Replay

• Execution Replay for Multiprocessor Virtual Machines

• PRES: Probabilistic Replay with Execution Sketching on Multiprocessors

• ODR: Output-Deterministic Replay for Multicore Debugging

• Hardware-Assisted Replay of Multiprocessor Programs

• Eraser: A Dynamic Data Race Detector for Multithreaded Programs

• Hybrid Dynamic Data Race Detection

• ThreadSanitizer – data race detection in practice

• FastTrack: Efficient and Precise Dynamic Race Detection

Photo Credits

• "Sherlock" (CC BY-NC 2.0)
• Cover, "Conan Doyle's best books, in three volumes. V.I."

Licences

• CC BY-NC 2.0

Special thanks

• Elaine Greenberg
• Devon O'Dell
• Frederik Deweerdt
• Jerry Kuch
• Mihir Nanavati
• Ines Sombra
• Andy Warfield