Synoptic: Studying Logged Behavior with Inferred Models
Computer systems are often difficult to understand and debug. A common way of gaining insight into system behavior is to inspect execution logs and documentation. Unfortunately, manual inspection of logs is an arduous process, and documentation is often incomplete and out of sync with the implementation.
We have created a tool, Synoptic, that helps developers by inferring a concise and accurate system model, in the form of a finite state machine. Engineers can use such models to understand behavior, detect anomalies, debug, verify known bugs, diagnose new bugs, and increase their confidence in the correctness of their systems. Unlike most related work, Synoptic does not require developer-written scenarios, specifications, negative execution examples, or other complex user input. Synoptic processes the logs that most systems already produce, and it requires developers only to specify a set of regular expressions for parsing the logs.
The original version of Synoptic assumed that the input logs were totally ordered -- for every pair of events, one preceded the other. The current focus of our work is on developing and applying Synoptic to logs generated by multi-threaded programs and distributed systems. In these settings events may occur without any happens-before relationship.
People
- Jenny Abrahamson
- Tom Anderson
- Ivan Beschastnikh
- Andrew Davies
- Michael Ernst
- Arvind Krishnamurthy
- Timothy Vega
Publications
- Unifying FSM-inference algorithms through declarative specification (2013)
- Unifying FSM-inference algorithms through declarative specification (2013)
- Unifying FSM-inference algorithms through declarative specification (2012)
- Bandsaw: Log-powered test scenario generation for distributed systems (2011)
- Leveraging existing instrumentation to automatically infer invariant-constrained models (2011)
- Mining temporal invariants from partially ordered logs (2011)
- Mining temporal invariants from partially ordered logs (2011)
- Synoptic: Studying logged behavior with inferred models (2011)
- Synoptic: Summarizing system logs with refinement (2010)


cs.