VMware pioneers decoupled dynamic analysis

BOSTON'Researchers at VMware have pioneered a novel technique in dynamic analysis, one that uses virtual containers to separate the running program from the analysis tool. Such an approach can vastly speed the dynamic analysis of programs, noted Jim Chow, a VMware engineer and member of the research team.

"Separating analysis from execution is great because we can parallelize" the operations of each program, Chow said.

Chow presented the work at the USENIX 2008 conference being held this week in Boston. USENIX designated the paper describing their work, "Decoupling Dynamic Program Analysis from Execution in Virtual Environments," the best submitted for this year's conference. Chow, Tal Garfinkel and Peter Chen conducted the research.

Dynamic analysis can be good for finding such hard'to-trace problems as race conditions, or those circumstances in which a program locks up due to two processes vying for the same resource.

The problem with most commercial and open-source dynamic analysis tools is that they slow the performance of the application being studied ' sometimes by a factor of 100 or more, Chow said. Conditions such as context switching between the program and the analysis tool also contribute to this slowing.

The team's approach is to use the VMware virtual environments. The program under study runs in one virtual environment, and the analysis tools run in a second virtual environment on the same machine. Running the two programs in parallel, each with its own thread, means performance can be improved.

"Decoupled analysis moves analysis off the computer that is executing the main workload by separating execution and analysis into two tasks: recording, where system execution is recorded in full with minimal interference, and analysis, where the log of the execution is replayed and analyzed," the paper says.

The research team created a program called Aftersight to analyze software, but further work is needed to bring Aftersight up to speed with the execution of the program itself, Chow said.

The research team tried the software on VMware's own ESX Server, the Linux kernel, and Putty secure shell client. Bugs were found in all three. "We replay all the inputs that the machine saw, then that replayed execution will go through all the same instructions," Chow said.

USENIX, the Advanced Computing Systems Association, is an association for sharing information among technicians, scientists, systems administrators and engineers on developments in the field of computer science.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

inside gcn

  • federal blockchain

    How blockchain can transform the public sector

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group