In addition to Trace Skeleton, we can insert Silent Messages, treat non-silent messages as instances of some template message, and even take Quotient Trace of them, leaving the position of final non-silent messages intact. This is similar to retraction in topology, so we name this analysis pattern Trace Retract and illustrate it in the following diagram:
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Trace Nerve is Thread of Activity or Adjoint Thread of Activity that runs through all Activity Regions. An example is illustrated in the following diagram:
Of course, depending on trace or log, there can be several Trace Nerves. This analysis pattern was inspired by nerve complexes in topology.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Traces and logs from diverse software systems doing different things may have similar Trace Shape despite completely different message content, especially for specific Threads of Activity or Adjoint Threads of Activity:
This may be apparent when we compare Trace Shape of Quotient Trace.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Trace Similarity analysis pattern uses various similarity measures to assess the closeness of one trace or log to another. Here we provide an illustrative example using Jaccard index. Consider three simple logs where sample sets consist from Activity Regions:
The following table shows calculation of similarity between A and B, A and C, and B and C:
It’s possible to use sample sets consisting of messages instead. For our toy example we get similar index numbers:
We get different indexes though for individual regions and messages, for example:
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
In addition to Declarative Trace we have code statements that may be intercepted by external API tracing tools (CreateFile, CloseHandle):
In the sample code above we have different logs resulted from Declarative Trace (DebugLog, OutputDebugString):
In addition, we have a log saved by an external tracing tool (for example, Process Monitor) that includes our API calls:
All such trace-generating source code statements form Moduli Trace as soon as they are executed:
Such a trace can also be analyzed using trace and log analysis patterns like other trace types. We took the idea of this analysis pattern from moduli spaces in mathematics that parametrize other spaces.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Some trace and log messages may have different grammatical structure and content but similar semantics. Therefore, we can create a table listing equivalent messages (using some equivalence relation) and use it to construct simpler traces and logs as depicted in this picture:
One trivial example of Equivalent Messages analysis pattern is Quotient Trace. Another example is Inter-Correlational analysis of logs that have different structure and format. In such a case Equivalent Messages simplify the analysis of higher Trace Dimensions.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Based on a mathematical analogy with critical points in topology (Morse theory) we introduce Critical Points in trace and log analysis where they signify the change of trace or log “shape” (topological or “geometric” properties) as illustrated in the following diagram:
Such a point may be an individual message, its Message Context, or Activity Region.
Critical Points are examples of Intra-Correlation whereas Bifurcation Points are examples of Inter-Correlation.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
In Adjoint Message analysis pattern description we mentioned compressing message sequences having the same message attribute into one message. Considering the trace as “topological” space and message attribute as “equivalence” relation we introduce Quotient Trace analysis pattern by analogy with quotient space in topology. By endowing message sequences having the same attribute with some “metric” such as cardinality of Message Set we can also visually distinguish resulted quotient messages if they have the same attribute but from different sequences at different times. All this is illustrated in the following diagram:
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Trace and log analysis starts with assessment of artifact File Size, especially with multiple logging scenarios in distributed systems. If all log files are of the same size we might have either Circular Traces or Truncated Traces. Both point to wrong trace timing plan or just using default tracing tool configuration.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
One of the powerful trace analysis techniques is using Adjoint Threads of Activity to filter various linear message activities (as a generalization of Thread Of Activity). Such filtered activities can then be analysed either separately (Sheaf of Activities) or together such as a new pattern we introduce here: Message Cover. If we identify parallel ATIDs (ATID is Adjoint TID, see an example) and see that one covers the other we can then make a hypothesis that they are correlated. Here is a graphical example of a Periodic Message Block largely composed from various Error Messages that covers periodic Discontinuities from another ATID (we can also consider the latter as periodic message blocks consisted from Silent Messages):
This is analogous to a cover in topology.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -