Challenges for Refinement and Composition of Instrumentations

Eric | March 15, 2012

A primary goal of the Secure Software Engineering Group is to create methods and tools for reliably implementing security features in large-scale software systems. Such implementations can often be built using specialized static and dynamic analyses. But how do multiple such analyses interact? In a new position paper to appear at SC 2012, we discuss the challenges that arise when trying to refine and compose dynamic analyses.


Instrumentation techniques are widely used for implementing dynamic program analysis tools like profilers or debuggers. While there are many toolkits and frameworks to support the development of such low-level instrumentations, there is little support for the refinement or composition of instrumentations. A common practice is thus to copy and paste from existing instrumentation code. This, of course, violates well-established software engineering principles, results in code duplication, and hinders maintenance. In this position paper we identify two challenges regarding the refinement and composition of instrumentations and illustrate them with a running example.