Repository-based version control systems such as CVS, RCS, Subversion, and GIT, are extremely useful tools that enable software developers to concurrently modify source code, manage conflicting changes, and commit updates as new revisions. Such systems facilitate collaboration with and concurrent contribution to shared source code by large developer bases. In this work, we investigate a framework that lays the groundwork for “performance-aware ” repository and revision control for Java programs. Our framework automatically tracks behavioral differences across revisions to provide developers with feedback as to how their change impacts performance of the application. It does so as part of the repository commit process by profiling the performance of the program or component, and performing automatic analyses that identify differences in the dynamic behavior or performance between two code revisions. In this paper, we present our analysis system that is based upon and extends prior work on calling context tree (CCT) profiling and performance differencing. Our framework couples the use of precise CCT information annotated with performance metrics and call-site information, with a simple tree comparison technique and novel heuristics that together target the cause of performance differences between code revisions without knowledge of program semantics. We evaluate the efficacy of the framework using a number of open source Java applications and present a case study in which we use the framework to distinguish two revisions of the popular FindBugs application. 1.

Abstract not found

An information-flow security policy constrains a computer system’s end-to-end use of information, even as it is transformed in computation. For instance, a policy would not just restrict what secret data could be revealed directly, but restrict any output that might allow inferences about the secret. Expressing such a policy quantitatively, in terms of a specific number of bits of information, is often an effective programindependent way of distinguishing what scenarios should be allowed and disallowed. This thesis describes a family of new techniques for measuring how much information about a program’s secret inputs is revealed by its public outputs on a particular execution, in order to check a quantitative policy on realistic systems. Our approach builds on dynamic tainting, tracking at runtime which bits might contain secret information, and also uses static control-flow regions to soundly account for implicit flows via branches and pointer operations. We introduce a new graph model that bounds information flow by the maximum flow between inputs and outputs in a flow network representation of an execution. The flow bounds obtained with maximum

I am excited by the challenge of making software significantly more reliable, scalable, and secure than it is today and thus helping achieve advances in areas such as science, education, health, and energy. I have focused on the problem of software bugs, which cause errors that cost billions of dollars annually and sometimes result in injury or death. These bugs are pervasive in modern software, which is only becoming more complex as developers add features, integrate components, and write concurrent software. State-of-the-art testing, static analysis, and modern language features eliminate some but not all bugs. In particular, thorough in-house testing cannot test all possible environments, configurations, and thread interleavings. Deployed software thus contains bugs that are hard to reproduce, find, and fix. Deployed systems need support for improving reliability in order to achieve highly robust software. My interests lie in solving these problems with programming languages and runtime systems. I focus on building analyses and systems that help developers and users make software more reliable and effective. I am particularly interested in approaches that are lightweight and flexible enough to run alongside deployed systems and that provide rigorous guarantees about accuracy and performance. My dissertation work introduces broadly applicable techniques that help developers find and fix bugs in deployed systems and help users by automatically tolerating the effects of errors. Two significant contributions are (1) efficient techniques that add context sensitivity to a broad set of analyses for reliability and security (first section below), and (2) an automatic approach for minimizing the effects of programmers’

Abstract—Persistence is a widely used technique which allows the objects that represent the results of lengthy computations to outlive the process that creates it, in order to considerably speed up subsequent program executions. We observe that conventional persistence techniques usually do not consider the application contexts of the persistence operations, where not all of the object states are necessary to be persisted. Leveraging this observation, we have designed and implemented a framework called Pert, which first performs static program analysis to estimate the actual usage of the persisted object, given the context of its usage in the program. The Pert runtime uses the statically computed information to make efficiently tailoring decisions to prune the redundant and unused object states during the persistence operations. Our evaluation result shows that the Pert-based optimization can speedup the conventional persistence operations by 1 to 45 times. The amount of persisted data is also dramatically reduced, as the result of the application-aware tailoring. Index Terms—Object persistence, program analysis, performance optimization.

Calling-context profiles and dynamic metrics at the bytecode level are important for profiling, workload characterization, program comprehension, and reverse engineering. Prevailing tools for collecting calling-context profiles or dynamic bytecode metrics often provide only incomplete information or suffer from limited compatibility with standard JVMs. However, completeness and accuracy of the profiles is essential for tasks such as workload characterization, and compatibility with standard JVMs is important to ensure that complex workloads can be executed. In this paper, we present the design and implementation of JP2, a new tool that profiles both the inter- and intra-procedural control flow of workloads on standard JVMs. JP2 produces calling-context profiles preserving callsite information, as well as execution statistics at the level of individual basic blocks of code. JP2 is complemented with scripts that compute various dynamic bytecode metrics from the profiles. As a case-study and tutorial on the use of JP2, we use it for crossprofiling for an embedded Java processor.

State-of-the-art dynamic bug detectors such as data race and memory leak detectors report program locations that are likely causes of bugs. However, static program location is not enough for developers to understand the behavior of increasingly complex and concurrent software. Dynamic calling context provides additional information, but it is expensive to record calling context frequently, e.g., at every read and write. Context-sensitive dynamic analyses can build and maintain a calling context tree to track calling context, but in order to reuse existing nodes, CCT-based approaches require an expensive lookup. This paper introduces the calling context uptree (CCU), a new data structure in which each node points “up ” to its parent instead of “down ” to its children. A CCU-based approach adds low time overhead because it can allocate new nodes quickly, but it adds high space overhead because it cannot reuse existing nodes. However, tracing-based garbage collection (GC) collects unused CCU nodes naturally and efficiently. To reduce space used by the remaining nodes, we present an efficient algorithm that piggybacks on GC to merge redundant nodes lazily. We implement our CCU-based approach in a high-performance Java virtual machine and integrate it with memory leak and data race detectors so they can report context-sensitive sites that cause bugs. We show that despite allocating instead of reusing nodes, our CCU-based approach adds low overhead to these clients and keeps space overhead low by relying on GC and performing lazy merging. The CCU can thus provide low-overhead context sensitivity to a variety of dynamic analyses that report bug causes. 1.