Blended Static/Dynamic Analyses for Performance Understanding and Improved Security of Framework-intensive Systems

Start Date: 09/01/2008
End Date: 08/01/2011

Web applications are an important software paradigm in wide usage both by the commercial and research communities. These applications are built on top of numerous integrated layers of libraries and frameworks. Performance problems in these framework-intensive systems are often difficult to understand, exhibiting characteristics intrinsically different from previous systems. For example, a typical performance problem is not a single frequently executed method, but rather involves problematic activity across many methods spanning disparate frameworks (e.g., Apache's  Tomcat, Microsoft's .NET CLR platform, Java EE platforms such as Apache's  Geronimo, JBoss, or IBM's Websphere. To the developer, the application resembles an iceberg, the familiar code being only a small portion of the entire implementation, yet the entire system must be analyzed to achieve understanding of performance and security problems.

Framework-intensive Web applications are a challenge to existing analysis techniques. Purely static analyses, accomplished through examination of code without execution, suffer problems of insufficient scalability and/or insufficient precision for answering behavioral questions for these systems. Purely dynamic analyses, accomplished through judiciously placed instrumentation in source code, bytecode or by probing the JVM runtime system, introduce too much execution overhead, especially for production systems, or are too limited in the information gathered. Further, existing dynamic performance analyses focus on control flow, but the main purpose of these applications is to manipulate data; understanding object usage is crucial. The main idea in this proposal is to address these weaknesses {\it by blending static and dynamic analyses in new ways}, that in combination avoid these problems and support tools for framework-intensive applications.

The specific goals of this research proposal are:

  • to design and experiment with blended analyses that are practical and effective in identifying performance problems for framework-based applications, thereby providing targets for inter-framework code specialization of common usage patterns;
  • to enable richer characterizations of applications in order to design and validate realistic framework-intensive benchmarks, for example, to define framework API design best practices;
  • to investigate additional potential clients of blended analyses that can improve the quality of framework-intensive software systems.

Framework-intensive applications largely have been ignored by software engineering researchers because of their complexity and scale. This has resulted in a gap between the tools and techniques needed to deal with these applications, and those being developed by the research community. Designing analyses and developing tools to address performance and security issues for these applications will begin to bridge this gap. The PI has the advantage of her unique depth in program analysis, plus an already established research relationship with IBM researchers. These colleagues can provide access to real-world data for testing these ideas and appreciation of the difficulties of software development with inadequate tools.

see also: Project Description


Grant Institution: National Science Foundation

Amount: $240,000

People associated with this grant:

Barbara Ryder