Image content

February 2026 | Polytechnique Montréal

Overview

The DORSAL laboratory presented 18 research updates spanning system observability, performance analysis, security, and tracing technologies. Key themes include AI/ML integration for log analysis, synthetic data generation for privacy-preserving observability, and scalability improvements in tracing infrastructure.

This meeting exemplifies successful FOSS research collaboration, whose 16-year partnership has been incredibly fruitful in advancing open-source tracing technologies.

Major Research Themes

1. AI-Powered Log & Trace Analysis

Language Models for Causality Detection (Vithor Bertalan) - Researchers demonstrated that GPT-based models can identify true causal relationships in software logs, outperforming traditional statistical methods (PC algorithm, Granger causality) while operating directly on raw logs without parsing. This enables automated root cause analysis in complex distributed systems.

Configuration-Free Log Parsing (PIPLUP) (Qiaolin Qin) - New statistical parser achieves LLM-level accuracy with traditional parser efficiency, eliminating expensive cloud-based solutions and parameter tuning while maintaining privacy.

Causality Extraction and Critical Event Detection (Fariba Fateme Faraji Daneshgar) - Updates on causality extraction and critical event detection in log sequences.

2. Synthetic Data Generation

Diffusion Models for Kernel Traces (Yuvraj Sehgal) - First application of diffusion models to generate high-fidelity synthetic kernel traces, enabling privacy-preserving trace sharing and rare-event amplification. Synthetic traces achieved comparable performance to real data in downstream ML tasks.

Distributed Trace Synthesis (Sneh Patel) - Graph VAE-based framework generates synthetic distributed traces with 99-100% service identification accuracy when combined with minimal real data (10%), addressing privacy and data scarcity challenges.

3. Performance Analysis & Optimization

Universal Performance Archetypes (Kaveh Shahedi) - Identified 10 performance patterns appearing across different applications (SQLite, FFmpeg, OpenSSL, Zstandard). Multi-signal analysis combining static code, UST tracing, and kernel monitoring achieved 50% better regression detection than single-metric approaches.

Virtualization Overhead Analysis (François Belias) - New Trace Compass integration enables KVM exit analysis and differential tracing between native and virtualized systems, helping practitioners identify optimization opportunities.

GPU Benchmarking Modernization (Côme Eyraud) - "Baseliner" library addresses limitations in existing GPU benchmarks with backend-agnostic design, evidence-based stopping criteria, and probabilistic performance comparison metrics.

4. Security & Memory Safety

Binary-Level Memory Sanitization (MallocSan) (Adel Belkhiri) - Heap memory sanitizer works without source code or recompilation using pointer tainting and SIGSEGV handling, successfully detecting buffer overflows and use-after-free vulnerabilities.

Security Impact on Observability - Research categorized security mechanisms by their impact on trace fidelity: high impact (code obfuscation, sandboxing), moderate (runtime monitoring), low (stack canaries).

5. Tracing Infrastructure Improvements

Trace Compass Scalability (Arnaud Fiorini) - Constant-size tile backend significantly improves scalability for large traces, reducing request latencies compared to current interval tree implementation.

LTTng Updates (EfficiOS) - Version 2.15 (Q1 2026) introduces CTF 2 format and improved memory footprint; version 2.16 (Q2 2026) adds aggregation maps with trace hit counters for lightweight data analysis.

Conditional Dynamic CFG Tracing (Ali Entezari) - Hardware-independent control flow tracing with conditional activation achieves 85% jump coverage with 6x overhead (vs 16x for full tracing).

6. Energy & Power Analysis

RAPL Accuracy Investigation (Hongjian (Andy) Huo) - Precision power rail measurements revealed RAPL underestimates energy consumption by 20-30%, capturing only ~60% under CPU-heavy workloads. Critical finding for energy-awareness tools that rely on RAPL as single source of truth.

Industry Partnerships & Impact

Ciena (Presentation) - Focus on adaptive telemetry collection, automated instrumentation for security, and organized telemetry separation (logs, metrics, traces) for better observability.

EfficiOS (Presentation) - Continued LTTng development with memory optimization, CTF 2 migration, and libside instrumentation API for improved error reporting.

Ericsson (Presentation) - Strong ROI (10x return) from Trace Compass partnership. CTF2 support delivered (36% of commits). New partnership with Renesas ensures project continuity despite team transitions.

Key Takeaways

  1. AI Integration: Language models are transforming log analysis from correlation to causation, enabling automated root cause analysis
  2. Privacy-First Observability: Synthetic data generation techniques enable effective monitoring without exposing sensitive production data
  3. Multi-Signal Analysis: Combining multiple data sources (static code, traces, kernel events) significantly outperforms single-metric approaches
  4. Measurement Accuracy: Critical validation of widely-used tools (RAPL) reveals significant accuracy gaps requiring alternative measurement approaches
  5. Scalability Focus: Infrastructure improvements in Trace Compass and LTTng address growing demands of large-scale distributed systems

Future Directions

  • Integration of diffusion models and LLMs into production observability pipelines
  • Continued development of privacy-preserving synthetic data generation
  • Enhanced energy measurement tools beyond RAPL
  • Broader adoption of multi-signal performance analysis frameworks
  • Expansion of binary-level security analysis tools