Debugging real systems is hard, requires deep knowledge of the code, and is time-consuming. Bug reports rarely provide sufficient information, thus forcing developers to turn into detectives searching for an explanation of how the program could have arrived at the reported failure point.

Execution synthesis is a technique for automating this detective work: given a program and a bug report, it automatically produces an execution of the program that leads to the reported bug symptoms. Using a combination of static analysis and symbolic execution, it “synthesizes” a thread schedule and various required program inputs that cause the bug to manifest. The synthesized execution can be played back deterministically in a regular debugger, like gdb. This is particularly useful in debugging concurrency bugs.

Our technique requires no runtime tracing or program modifications, thus incurring no runtime overhead and being practical for use in production systems. We evaluate ESD—a debugger based on execution synthesis—on popular software (e.g., the SQLite database, ghttpd Web server, HawkNL network library, UNIX utilities): starting from mere bug reports, ESD reproduces on its own several real concurrency and memory safety bugs in less than three minutes.


Execution Synthesis: A Technique for Automated Software Debugging. Cristian Zamfir and George Candea. ACM EuroSys Conference on Computer Systems (EuroSys), Paris, France, April 2010

Low-Overhead Bug Fingerprinting for Faster Debugging. Cristian Zamfir and George Candea. Intl. Conference on Runtime Verification (RV), Malta, November 2010

Automated Debugging for Arbitrarily Long Executions. Cristian Zamfir, Baris Kasikci, Johannes Kinder, Edouard Bugnion, and George Candea. Workshop on Hot Topics in Operating Systems (HotOS), Santa Ana Pueblo, NM, May 2013

Reconstructing Core Dumps. Jeremias Rößler, Andreas Zeller, Gordon Fraser, Cristian Zamfir, and George Candea. Intl. Conference on Software Testing, Verification and Validation (ICST), Luxembourg, March 2013

Automating the Debugging of Datacenter Applications with ADDA. Cristian Zamfir, Gautam Altekar, and Ion Stoica. Intl. Conference on Dependable Systems and Networks (DSN), Budapest, Hungary, June 2013


Cristian Zamfir, George Candea, Baris.Kasikci