Challenges for Refinement and Composition of Instrumentations

Eric | March 15, 2012

A primary goal of the Secure Software Engineering Group is to create methods and tools for reliably implementing security features in large-scale software systems. Such implementations can often be built using specialized static and dynamic analyses. But how do multiple such analyses interact? In a new position paper to appear at SC 2012, we discuss the challenges that arise when trying to refine and compose dynamic analyses.

Abstract:

Instrumentation techniques are widely used for implementing dynamic program analysis tools like profilers or debuggers. While there are many toolkits and frameworks to support the development of such low-level instrumentations, there is little support for the refinement or composition of instrumentations. A common practice is thus to copy and paste from existing instrumentation code. This, of course, violates well-established software engineering principles, results in code duplication, and hinders maintenance. In this position paper we identify two challenges regarding the refinement and composition of instrumentations and illustrate them with a running example.