Computer systems are often difficult to understand and debug. A common way of gaining insight into system behavior is to inspect execution logs and documentation. Unfortunately, manual inspection of logs is an arduous process, and documentation is often incomplete and out of sync with the implementation.
We have created a tool, Synoptic, that helps developers by inferring a concise and accurate system model, in the form of a finite state machine. Engineers can use such models to understand behavior, detect anomalies, debug, verify known bugs, diagnose new bugs, and increase their confidence in the correctness of their systems. Unlike most related work, Synoptic does not require developer-written scenarios, specifications, negative execution examples, or other complex user input. Synoptic processes the logs that most systems already produce, and it requires developers only to specify a set of regular expressions for parsing the logs.
The original version of Synoptic assumed that the input logs were totally ordered -- for every pair of events, one preceded the other. The current focus of our work is on developing and applying Synoptic to logs generated by multi-threaded programs and distributed systems. In these settings events may occur without any happens-before relationship.