Race Detection for Event-driven Mobile Applications
-
Upload
juancarlos-rodriguez -
Category
Documents
-
view
94 -
download
0
description
Transcript of Race Detection for Event-driven Mobile Applications
![Page 1: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/1.jpg)
Race Detection forEvent-driven Mobile Applications
Chun-Hung Hsiao University of MichiganJie Yu University of Michigan / Twitter
Satish Narayanasamy University of MichiganZiyun Kong University of Michigan
Cristiano Pereira IntelGilles Pokam Intel
Peter Chen University of MichiganJason Flinn University of Michigan
![Page 2: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/2.jpg)
2
Rise of Event-Driven Systems
Mobile apps
Web apps
Data-centers
Lack tools for finding concurrency errors in these systems
![Page 3: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/3.jpg)
3
Why Event-Driven Programming Model?
Need to process asynchronous input from a rich set of sources
![Page 4: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/4.jpg)
4
Events and Threads in Android
Event Queue
wait(m)
rd(x)
wr(x)
signal(m)
Looper Thread ThreadsRegular Threads
send( )
![Page 5: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/5.jpg)
5
Conventional Race Detection
Looper Thread Regular Threads
rd(x)
wr(x)
signal(m)
wait(m)
send( )
Conflict: Read-Write or Write-Write data accesses to same location
Causal order: happens-before ( ) defined by synchronization operations
Race ( ): Conflicts that are not causally ordered
e.g., FastTrack [PLDI’09]
![Page 6: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/6.jpg)
6
Looper Thread Regular Threads
NullPointerException!
Conventional race detectors cannot find such errors in Android
Problem: Causality model is too strictShould not assume program order between events
Conventional Race Detection: Problem
![Page 7: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/7.jpg)
7
Model Events as Threads?
Event Regular ThreadsEvent Event
Race
![Page 8: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/8.jpg)
8
Events as Threads: ProblemRegular Threads
Event
Event
False race
send( )
send( )
Missing causal order!
Problem: Causality model is too weakAndroid system guarantees certain causal ordersbetween events
![Page 9: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/9.jpg)
9
Challenge 1: Modeling Causality
Goal: Precisely infer causal order between eventsthat programmers can assume
A → BC || B
A
B
C
Looper Thread
B
![Page 10: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/10.jpg)
10
Challenge 2: Not All Races are Bugs
Races between events(e.g., ~9000 in ConnectBot)
Order violations
Atomicity violations
Not a problem in Android events!
Solution: Commutativity analysis identifies races that cause order violations
One looper thread executes all events non-preemptively
![Page 11: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/11.jpg)
11
Outline
• Causality Model • Commutativity Analysis• Implementation & Results
![Page 12: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/12.jpg)
12
Causality Model
• Android uses both thread-based and event-based models
• Causal order is derived based on following rules:
1. Conventional causal order in thread-based model2. Event atomicity 3. Event queue order
Conventional causal order; Event atomicity; Event queue order
Conventional causal order;Event atomicity;Event queue order
![Page 13: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/13.jpg)
13
fork(thread)
send(B)
Program order
Fork-join
Send
Looper Thread
Regular Thread
begin(thread)
fork(thread) → begin(thread)end(thread) → join(thread)signal(m) → wait(m)
send(event) → begin(event)
begin(A)
end(A)
begin(B)
end(B)
signal(m)
wait(m)Signal-wait
Conventional causal order; Event atomicity; Event queue order
![Page 14: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/14.jpg)
14
One looper thread executes all events non-preemptively => events are atomic
Ordered due to event atomicity
begin(A) → end(B)
end(A) → begin(B)
fork(thread)
send(B)
Looper Thread
Regular Thread
begin(thread)
begin(A)
end(A)
begin(B)
end(B)
Conventional causal order; Event atomicity; Event queue order
![Page 15: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/15.jpg)
15
Ordered due to FIFO queue order
send(A) → send(B)
end(A) → begin(B)
send(B)
Looper Thread Regular Thread
begin(A)
end(A)
begin(B)
end(B)
Conventional causal order; Event atomicity; Event queue order
Event Queue
send(A)A
B
![Page 16: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/16.jpg)
16
It’s Not That Simple…
Special send APIs can overrule the FIFO order – Event with execution delay– Prioritize an event• sendAtFront(event): inserts event to queue’s front
Conventional causal order; Event atomicity; Event queue order
Special event queue rules handle these APIs.
See paper for details.
![Page 17: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/17.jpg)
17
Event Orders due to External Input
A
B
C
Looper Thread Assume all events generated by the external environment are ordered
B
![Page 18: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/18.jpg)
18
What is External Input?
External Environment
IPC
surfaceflinger
App
context_manager
system_server
![Page 19: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/19.jpg)
19
Outline
• Causality Model • Commutativity Analysis• Implementation & Results
![Page 20: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/20.jpg)
20
Problem: Not All Races are BugsRaces between events
Order violations
Atomicity violations
Not a problem in Android events!
![Page 21: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/21.jpg)
21
Order Violations in EventsLooper Thread Looper Thread
Race between non-commutative events => order violation
![Page 22: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/22.jpg)
22
Races in Commutative Events
Hard to determine if events are commutative!
Looper Thread Looper Thread
racy events are commutative=> not a race bug
![Page 23: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/23.jpg)
23
Report races between known non-commutative operations -- uses & frees
Solution: Commutativity Analysis
Free
A
B
C
Looper Thread
UseHeuristics to handle commutative events with uses and frees.
See paper for details.
B
![Page 24: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/24.jpg)
24
Outline
• Causality Model • Commutativity Analysis• Implementation & Results
![Page 25: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/25.jpg)
25
CAFA: Race Detection Tool for Android
Logs synchronization operations for causality inferenceLogs data access operations related to uses and freesAlso logs the system service processes for complete causalityLogger device in the kernel for trace collectionOffline race detector based on graph reachability test
surfaceflingerAppcontext_manager
system_server
Android Kernel
Java Libs
Dalvik VM
Native Libs
IPC BinderCAFA
Analyzer
Java Libs
Dalvik VM
Native Libs
Java Libs
Dalvik VM
Native Libs
CAFAAnalyzer
LoggerLogger
Java Libs
Dalvik VM
Native Libs
IPC Binder
![Page 26: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/26.jpg)
26
Tested Applications
![Page 27: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/27.jpg)
Use-after-Free Races115 races; 69 race bugs (67 unknown bugs)
27
38 (33.0%)
31 (27.0%)
46 (40.0%)
Races in conventional causality model
Races in Android causality model
False positives
32 benign races (27.8%):Imprecise commutative analysis
14 false races (12.2%):Imprecise causal order: -- Imperfect implementation
Between events
Between threads25 (21.7%)
13 (11.3%)
![Page 28: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/28.jpg)
28
Performance Overhead
• Trace collection– 2x to 6x; avg: ~3.2x– Interactive performance is fair
• Offline analysis – Depends on number of events– 30 min. to 16 hrs. for analyzing ~3000 to ~7000 events
![Page 29: Race Detection for Event-driven Mobile Applications](https://reader035.fdocuments.us/reader035/viewer/2022081421/56813763550346895d9ef2fb/html5/thumbnails/29.jpg)
29
Summary• Races due to asynchronous events is wide spread
• Contributions– Causality model for Android events– Commutativity analysis identifies races that can cause
order violations– Found 67 unknown race bugs with 60% precision
• Future work– Commutativity analysis for finding a broader set of order
violations– Optimize performance