Yongjian Hu Iulian Neamtiu Arash Alavi

Slides:



Advertisements
Similar presentations
CHESS : Systematic Testing of Concurrent Programs
Advertisements

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Race Detection for Android Applications
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Race Detection for Event-driven Mobile Applications
Automatic and Scalable Fault Detection for Mobile Applications MobiSys’ 14 Presented by Haocheng Huang
VanarSena: Automated App Testing. App Testing Test the app for – performance problems – crashes Testing app in the cloud – Upload app to a service – App.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.
Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.
Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.
Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
Cooperative Task Management without Manual Stack Management Or, Event-driven Programming is not the Opposite of Thread Programming Atul Adya, John Howell,
Timing and Race Condition Verification of Real-time Systems Yann–Hang Lee, Gerald Gannod, and Karam Chatha Dept. of Computer Science and Eng. Arizona State.
UI Design Patterns & Best Practices Mike Wolfson July 22, 2010.
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
- 1 - Dongyoon Lee, Peter Chen, Jason Flinn, Satish Narayanasamy University of Michigan, Ann Arbor Chimera: Hybrid Program Analysis for Determinism * Chimera.
DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University.
Versatile yet Lightweight Record-and-Replay for Android Yongjian Hu Tanzirul Azim Iulian Neamtiu.
Yongjian HuTanzirul Azim Iulian Neamtiu Improving the Android Development Lifecycle with the VALERA Record-and- replay Approach.
Android Permissions Demystified
Grigore Rosu Founder, President and CEO Professor of Computer Science, University of Illinois
1 Why Threads are a Bad Idea (for most purposes) based on a presentation by John Ousterhout Sun Microsystems Laboratories Threads!
Flashback : A Lightweight Extension for Rollback and Deterministic Replay for Software Debugging Sudarshan M. Srinivasan, Srikanth Kandula, Christopher.
CHESS Finding and Reproducing Heisenbugs in Concurrent Programs
Operating System Concepts
Testing Concurrent Programs Sri Teja Basava Arpit Sud CSCI 5535: Fundamentals of Programming Languages University of Colorado at Boulder Spring 2010.
Google Web Toolkit for Mobile Applications Development INGENUITY AT ITS BEST……………….
CHAPTER 6 Threads, Handlers, and Programmatic Movement.
1 Active Random Testing of Parallel Programs Koushik Sen University of California, Berkeley.
The Holmes Platform and Applications
Concurrency in Android
Small talk with the UI thread
Chapter 4: Threads.
Presented by: Daniel Taylor
Threads vs. Events SEDA – An Event Model 5204 – Operating Systems.
Why Events Are A Bad Idea (for high-concurrency servers)
Android System Security
Designing For Testability
CSC 591/791 Reliable Software Systems
Notifications and Services
Chapter 2 Processes and Threads Today 2.1 Processes 2.2 Threads
Effective Data-Race Detection for the Kernel
Yongle Zhang, Serguei Makarov, Xiang Ren, David Lion, Ding Yuan
runtime verification Brief Overview Grigore Rosu
RDE: Replay DEbugging for Diagnosing Production Site Failures
CA16R405 - Mobile Application Development (Theory)
Week 01 Comp 7780 – Class Overview.
Node.Js Server Side Javascript
Concurrency Specification
Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt
Lu Zhang Chao Wang ICSE, May 24, 2017
Classifying Race Conditions in Web Applications
Android Programming Lecture 8
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
Network Profiler: Towards Automatic Fingerprinting of Android Apps
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
A Comprehensive Study on Real World Concurrency Bugs in Node.js
Detecting JavaScript Races that Matter
Threads and Memory Models Hal Perkins Autumn 2009
Android Topics UI Thread and Limited processing resources
Static Detection of Event-based Races in Android App
Android Topics Asynchronous Callsbacks
Android Topics Threads and the MessageQueue
Prof. Leonardo Mostarda University of Camerino
Ahmed Bouajjani Constantin Enea Michael Emmi Serdar Tasiran
Chapter 4: Threads.
Why Threads Are A Bad Idea (for most purposes)
Why Threads Are A Bad Idea (for most purposes)
Why Threads Are A Bad Idea (for most purposes)
Presentation transcript:

Yongjian Hu Iulian Neamtiu Arash Alavi Automatically Verifying and Reproducing Event-Based Races in Android Apps Yongjian Hu Iulian Neamtiu Arash Alavi

Rise of Event-Driven Systems Mobile apps Web apps Event-driven systems have been existing for a while, and nowadays they are more and more popular. These systems include billions of mobile platforms running Android, iOS, and windows, and we also have many web applications like google docs and Microsoft office writing in the new HTML5 standard, which incorporate a event-driven model. In the era of big data, we also have many data centers running asynchronous tasks every second. But there’s a lack of tools for debugging the unique class of concurrency errors that manifest in these systems. // spend more time Event-based races are prevalent and may cause harmful result: crash, incorrect results, etc.

Outline Motivation of Event-Based Race Most prevalent concurrency errors in Android [Maya et al., PLDI’14, etc.] Prior Work of Event-Based Race Detectors Imprecise: mostly false positives & benign races Not able to reproduce the race Our Approach: ERVA Replay based approach to verify race Event flipping to alternate schedule Filter benign races by state comparison Experiment Result 3% true positive harmful races in out work

Example of Event-Based Race Done! Syncing… Back

Example of Event-Based Race Syncing… Crash! Back

State-of-art Race Detectors for Event Driven Systems Web Applications WebRacer, PLDI’12 EventRacer for JavaScript, OOPSLA’13 Mobile Applications(Android) DroidRacer, PLDI’14 CAFA, PLDI’14 EventRacer for Android, OOPSLA’15 Instrumented Framework App Execution Happens Before Graph Building Race Detection Report Filtering and Generation

Limitation of State-of-art Race Detector False positives DroidRacer: FP rate is 63% CAFA: FP rate is 21.7%, benign rate 27.8% EventRacer reduces FP by race coverage, but still have FPs in our experiment Cannot distinguish between harmful &benign races Manual efforts to check the race report Cannot reproducing races We use EventRacer in our experiment because it is end-to-end system with affordable overhead and better race filtering techniques.

False Positive Type 1: Imprecise Android Model EventRacer reports a harmful race in AnyMemo’s RecentListFragment onCreateView() { mHandler = new Handler(); mAdapter = new ArrayAdapter(); } Looper Thread Thread onCreateView onResume() { Thread thrd = new Thread() { public void run() { // query database operation mHandler.post(new Runnable() { mAdapter.clear(); for (RecentItem ri : database) mAdapter.insert(ri); } }); thrd.start(); onResume Runnable

False Positive Type 2: Implicit Happens-Before Relation One race reported in CoolReader app’s CoolReaderActivity [CoolReaderActivity.java] onStart() { waitForCRDService(new Runnable() { public void run() { Service.getHistory().loadFromDB(…); …… new CRRootView(…); } }); Looper Thread Delayed post time = 0 post(Runnable r) Atomicity onStart post(Runnable r) onRecentBookListLoaded [History.java] onRecentBookListLoaded(List list) { mBooks = list; } getOrLoadRecentBooks [History.java] getOrLoadRecentBooks(…) { if (mBooks != null && mBooks.size() > 0) // update mBooks. }

Benign Race Type 1: Ad-hoc Synchronization One race reported in Volley HTTP library public class ImageLoader { private Handler mHandler = new Handler(); private Runnable mRunnable; private void batchResponse(…) { if (mRunnable == null) { mRunnable = new Runnable() { public void run() { // deliver batched request mRunnable = null; } mHandler.post(mRunnable); Looper Thread batchResponse Benign race: read/write access protected by the control flow Runnable.run() batchResponse

Benign Race Type 2: No External Visible State Difference One race reported in AnyMemo app’s QACardActivity startLoading() { for (Loader loader : mLoaders) { loaderManager.initLoader(loader); nRunningLoader++; } Thread-1 Thread-2 checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } onLoadFinished checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } Benign race: no state difference onLoadFinished

Our Approach ERVA: Event-race Reproducer and Verifier for Android Race detection phase Race verification phase Race Report False positive Benign race Harmful race Input log App state comparison Instrumented platform (emulator) Input replay Event flipping Event Racer Input capture Event capture EDG Replay platform (emulator or phone) single execution multiple executions App

ERVA Details Input Capture and Replay Event Dependency Graph(EDG) Input, sensors, IPC, threading events are captured by VALERA(OOPSLA’15) Event Dependency Graph(EDG) Causal relationship between events (strong HB relations) Event Flipping Leverage VALERA’s deterministic schedule replay User defined order of event execution which is allowed by EDG State Recording and Comparison Externally visible state(EVS) EVS = All GUI states(layout & contents) + shared preference data EVS is extensible to dump customized state Race Verification

Race Verification: FP Race Type 1 onCreateView() { mHandler = new Handler(); mAdapter = new ArrayAdapter(); } Looper Thread Thread onCreateView onResume() { Thread thrd = new Thread() { public void run() { // query database operation mHandler.post(new Runnable() { mAdapter.clear(); for (RecentItem ri : database) mAdapter.insert(ri); } }); thrd.start(); Dead lock!!! onResume Runnable

Race Verification: FP Type 2 Analyze the trace [CoolReaderActivity.java] onStart() { waitForCRDService(new Runnable() { public void run() { Service.getHistory().loadFromDB(…); …… new CRRootView(…); } }); Looper Thread post1(Runnable r1, delay1=0) onStart post2(Runnable r2, delay2=0) onRecentBookListLoaded [History.java] onRecentBookListLoaded(List list) { mBooks = list; } getOrLoadRecentBooks [History.java] getOrLoadRecentBooks(…) { if (mBooks != null && mBooks.size() > 0) // update mBooks. } post1 < post2 && delay1 == delay2

Race Verification: Benign Type 1 One race reported in Volley HTTP library public class ImageLoader { private Handler mHandler = new Handler(); private Runnable mRunnable; private void batchResponse(…) { if (mRunnable == null) { mRunnable = new Runnable() { public void run() { // deliver batched request mRunnable = null; } mHandler.post(mRunnable); Looper Thread batchResponse Runnable.run() Flippable batchResponse Different branch condition executed in flipped schedule Racy read write disappear in new schedule

Race Verification: Benign Type 2 One race reported in AnyMemo app’s QACardActivity startLoading() { for (Loader loader : mLoaders) { loaderManager.initLoader(loader); nRunningLoader++; } Thread-1 Thread-2 checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } onLoadFinished Flippable checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } Benign race: no state difference onLoadFinished External visible state dumping and comparison

Experimental Result High priority: races in app code Normal priority: races in framework but invoked from app

Related Work Race Detection Race Classification Multi-threaded races Various works: static, dynamic or hybrid approaches Event-based races Web apps: WebRacer, EventRacer Mobile apps: DroidRacer, CAFA, EventRacer Android Race Classification Instruction-level replay, Narayanasamy et al., PLDI’07 Symbolic execution, Kasikci et al., ASPLOS’12

Related Work Model checking for event driven systems Systematically explore all schedules for find concurrency errors R4: OOPSLA’16, for web applications Dynamic partial order reduction + bounded conflict reversal AsyncDroid: CAV’15, for Android applications Delay-bounded prioritized systematic exploration Model checking may have scalability problems Huge number of events, exponential schedules EVRA can help model checkers Use EDG to filter unreachable schedules Use EVS to verify harmful and benign races

Conclusions Event-based races Most prevalent concurrency errors Prior works on event-based race detectors Imprecise, mostly false positives & benign races Not able to reproduce races Our approach: ERVA Replay based approach to verify race Event flipping to alternate schedule Filter benign races by state comparison Experiment result 3% true positive harmful races

Thanks!

Android Event Handling Thread Handler UI Thread Looper msg evt Message Queue Thread msg Handler Hardware Events

Deterministic Event Schedule: Recording UI Thread Looper Message Queue Event Log A B C D 1 2 3 4

Deterministic Event Schedule: Replaying Reconciling different event orders between record and replay Controller = 1 2 4 3 UI Thread Looper Message Queue Event Log B D C A A B C D 1 2 3 4 Pending Queue

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.