detecting and escaping infinite loops with jolt
Download
Skip this Video
Download Presentation
Detecting and Escaping Infinite Loops with Jolt

Loading in 2 Seconds...

play fullscreen
1 / 39

Detecting and Escaping Infinite Loops with Jolt - PowerPoint PPT Presentation


  • 91 Views
  • Uploaded on

Detecting and Escaping Infinite Loops with Jolt. Michael Carbin with Sasa Misailovic , Michael Kling, and Martin Rinard Massachusetts Institute of Technology. Exceptions?. Our Research Context. Researcher. Developer. User. Motivation. You run a program Edit a document

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Detecting and Escaping Infinite Loops with Jolt' - edric


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
detecting and escaping infinite loops with jolt
Detecting and Escaping Infinite Loops with Jolt

Michael Carbin

with SasaMisailovic, Michael Kling, and Martin Rinard

Massachusetts Institute of Technology

our research context
Our Research Context

Researcher

Developer

User

motivation
Motivation
  • You run a program
    • Edit a document
    • Search for a keyword
    • Indent source code files
  • Program infinite loops
    • You get no output
    • You lose your work
our solution
Our Solution:

J lt

Automatically detect and escape infinite loops

Program produces output

User doesn’t lose work

Logo courtesy J.D. Rhoades

basic approach
Basic Approach
  • Compile program with Jolt compiler. (adds instrumentation to mark loop boundaries)
  • Execute program.
  • Program stops responding.
  • Launch Jolt monitor.
    • Monitor takes snapshots at each loop head.
    • If two snapshots are same, infinite loop!
  • Jolt jumps to instruction after loop.
does this work
Does this work?
  • Are real infinite loops this simple?
  • Does Jolt produce a safe execution?
  • Does Jolt produce better output than Ctrl-C?
  • Does Jolt match the developer’s fix?
  • Can this be implemented efficiently?
infinite loop in grep
Infinite Loop in Grep

conf.in

25th ECOOP

grep –E “[0-9]*” --color=always conf.in

v2.5

v2.5.1

stdout

25th ECOOP

Infinite Loop

infinite loop in grep 2 5
Infinite Loop in Grep 2.5

1: void prline(regex_t regex, char *beg) {

3: while (true) {

4: int size = 0;

5: int off = match(regex, beg, &size);

6: if (off == -1) {

7: break;

8: }

9: char const *b = beg + off;

10: fwrite(beg, 1, off, stdout);

11: enable_color();

10: fwrite (b, 1, size, stdout);

11: disable_color();

11: beg = b + size;

12: }

14: }

step 1 compile grep
Step 1: Compile Grep

Jolt

Compiler

Adds instructions that mark loop boundaries.

jolt compiles grep
Jolt Compiles Grep

1: void prline(regex_t regex, char *beg) {

2: …

3:

4: while (true) {

5:

6: int size = 0;

7: int offset = match(regex, beg, &size);

8: if (offset == -1) {

9:

10: break;

11: }

12: char const *b = beg + offset;

13: fwrite (b, sizeof (char), size, stdout);

14: beg = b + size;

15: }

16:

17: }

18: …

jolt compiles grep1
Jolt Compiles Grep

1: void prline(regex_t regex, char *beg) {

2: …

3: jolt_loop_entry(ID);

4: while (true) {

5: jolt_loop_body(ID, &jolt_escape_dest);

6: int size = 0;

7: int offset = match(regex, beg, &size);

8: if (offset == -1) {

9: jolt_loop_exit(ID);

10: break;

11: }

12: char const *b = beg + offset;

13: fwrite (b, sizeof (char), size, stdout);

14: beg = b + size;

15: }

16: jolt_escape_dest:

17: …

18: }

step 2 run grep
Step 2: Run Grep
  • Grep runs as normal.
  • Control instrumentation overhead ~2.5%.
step 3 grep stops responding
Step 3: Grep stops Responding
  • Grep enters infinite loop, does not respond!
step 4 launch jolt monitor
Step 4: Launch Jolt Monitor
  • Jolt dynamically attaches to grep
  • Monitors execution
    • Computes snapshot at each loop head
    • If two snapshots are the same, infinite loop!

Jolt

how to compute a snapshot efficiently
How to Compute a Snapshot Efficiently
  • Log all registers and memory addresses that each loop iteration accesses.
  • Record the contents of these registers and addresses at the head of the loop.
comparing two snapshots
Comparing Two Snapshots

Snapshot 1

  • First, check if snapshots have the same accessed
    • Registers and
    • Memory addresses
  • Next check if contents of
    • Accessed registers and
    • Accessed memory addresses

are the same

Snapshot 2

step 5 jolt e xits the loop
Step 5: Jolt Exits the Loop

1: void prline(regex_t regex, char *beg) {

2: jolt_loop_entry(ID);

3: while (true) {

4: jolt_loop_body(ID, &jolt_escape_dest);

5: int size = 0;

6: int offset = match(regex, beg, &size);

7: if (offset == -1) {

8: jolt_loop_exit(ID);

9: break;

10: }

11: char const *b = beg + offset;

12: fwrite (b, sizeof (char), size, stdout);

13: beg = b + size;

14: }

15: jolt_escape_dest:

16: }

output
Output

Jolt

Ctrl-C

does this work for grep
Does this work for Grep?
  • Is it safe?
    • Yes, no side-effects (except on output files).
  • Is it better than Ctrl-C?
    • Yes, continues to match additional lines and files.
  • Is it equivalent to the correct fix?
    • Yes, corrected by break if size is 0 (v2.5.1).
    • 3 years later no, v2.5.3 skips all size 0 matches.

25th ECOOP ‘11

25th ECOOP ‘11

25th ECOOP ‘11

5 applications and 8 infinite loops
5 Applications and 8 Infinite Loops
  • ctags: line numbers of functions in code.
    • v5.5 : one loop in fortran module.
    • v5.7b : one loop in python module.
  • grep(v2.5): matches regexpagainst files (3 loops).
  • ping (v20100214): icmp utility.
  • indent (v1.1-svr 4): indents source code.
  • look (v1.9.1): matches a word against dictionary file.
question 1
Question #1

Are infinite loops this simple?

7 of 8

question 2
Question #2

Does escape produce a safe execution?

  • Methodology
    • Validated execution with Valgrind and by hand.
    • Tested over available infinite loop triggering inputs.
  • Results
    • Yes, side effects often localized = consistent state.
    • Or, simple correctness invariants.
question 3
Question #3

Does Jolt produce a better output than Ctrl-C?

  • Methodology
    • Defined output abstraction, and compared outputs.
  • Results
    • Yes, errors often isolated to single output unit (e.g., file).
  • Example
    • indent: correct indention resumes on next file.
    • Terminating indent deletes your source code!!!
    • Development hint: don’t update files in-place.
question 4
Question #4

Does escape model the developers’ fix?

  • Methodology
    • Manually inspected a later version of each application.
  • Results
    • ctags: no, output semantically different on some inputs.
    • grep: jolt matches fix for two of three loops (3 years).
    • ping, indent, look: yes, in all cases.
  • Example
    • ping: developer used continue instead of break.
question 5
Question #5

Can this be implemented efficiently?

*Average over the three loops

observations
Observations
  • Infinite loops can (and often do) frustrate users.
  • Infinite loops can be (and often are) simple.
  • Errors are localized in some cases.
  • Jolt’s results can be (and often are) better than no results at all.
  • Applying Jolt can (and often does) model the developer’s fix.
limitations
Limitations
  • Jolt doesn’t detect infinite loops that always change state.
    • Though still possible to exit loop if user desires.
  • We did not consider busy-wait loops.
    • Though a good question is what does it mean when a user thinks a program is waiting too long?
future work
Future Work
  • Off-the-shelf binaries - pure dynamic analysis
  • Safety guarantees – shepherded execution
  • Larger classes of loops - symbolic non-termination analysis
related work
Related Work
  • Bounding Loop Length
    • Detecting and Eliminating Memory Leaks Using Cyclic Memory Allocation (Nguyen and Rinard, ISMM ‘07)
  • Non-termination Provers
    • TNT (Gupta, et al.) using Invariant Generation (POPL ‘08)
    • Looper (Burnim, et al.) using Symbolic Execution (ASE ‘09)
  • Termination Provers
    • Terminator (Cook, et al.) (PLDI ‘06)
takeaway
Takeaway

Jolt gives users another option to deal with programs that infinite loop.

Another hammer in the toolbox to help users deal with otherwise fatal errors.

thank you questions
Thank You/Questions?

From: "Armando Solar-Lezama" <[email protected]>

To: "Martin Rinard" <[email protected]>

Subject: Thanks

I was writing a document in Word this morning, and after about an hour of unsaved work, Word went into an infinite loop that made the application completely frozen.

So, having listened to your talks too many times, I got my debugger, paused the program, changed the program counter to a point a few instructions past the end of the loop, and let it keep running from there.

Word went back to working as if nothing had ever happened. I was able to finish my document, save it, and close Word without problems.

So thanks,

Armando.

bug reports
Bug Reports

grep

2.5 -- 13 Mar2002

2.5.1 -- 29 Oct 2004

2.5.3 -- 02 Aug 2007

indent

1994

ctags

5.5 – 2003

5.7b –2007

ad