Backward Slicing Analysis on Debug Log for Crash Comprehension

Abstract

Debugging costs almost half of the development time of programmers. To understand what happened in the buggy execution, one has to backtrack on the execution history, examine suspicious behaviours one by one and finally locate the key symptom. Accelerating this searching procedure will largely reduce the debugging time. In this paper, I propose a backward slicing method to reason the cause of the memory crash on the source code execution trace. It iteratively finds the last modification of new tainted seeds in a thin data slicing style and generates the interprocedural data dependency graph. The slicing method can perform inner function alias analysis and a cross procedural argument tainting analysis. The call sites of dynamic function pointers or call sites expanded by macros are also handled in a heuristic way. I demonstrate the efficacy of method by applying the proto-type system ClueHunter in the vulnerability analysis procedure of 7 open-source projects. The tracing method reduce the amount of code to inspect by 94% for trace-based crash analysis.