Race Detection for Android Applications

Slides:

Advertisements

Similar presentations

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.

Advertisements

Programming with Android: Activities

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Pallavi Joshi  Chang-Seo Park  Koushik Sen  Mayur Naik ‡  Par Lab, EECS, UC Berkeley‡

Software & Services Group PinPlay: A Framework for Deterministic Replay and Reproducible Analysis of Parallel Programs Harish Patil, Cristiano Pereira,

1 Chao Wang, Yu Yang*, Aarti Gupta, and Ganesh Gopalakrishnan* NEC Laboratories America, Princeton, NJ * University of Utah, Salt Lake City, UT Dynamic.

Runtime Verification Ali Akkaya Boğaziçi University.

Memory Models (1) Xinyu Feng University of Science and Technology of China.

Architecture-aware Analysis of Concurrent Software Rajeev Alur University of Pennsylvania Amir Pnueli Memorial Symposium New York University, May 2010.

Java PathRelaxer: Extending JPF for JMM-Aware Model Checking Huafeng Jin, Tuba Yavuz-Kahveci, and Beverly Sanders Computer and Information Science and.

Goldilocks: Efficiently Computing the Happens-Before Relation Using Locksets Tayfun Elmas 1, Shaz Qadeer 2, Serdar Tasiran 1 1 Koç University, İstanbul,

R2: An application-level kernel for record and replay Z. Guo, X. Wang, J. Tang, X. Liu, Z. Xu, M. Wu, M. F. Kaashoek, Z. Zhang, (MSR Asia, Tsinghua, MIT),

Concurrency Important and difficult (Ada slides copied from Ed Schonberg)

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

Scalable and Precise Dynamic Datarace Detection for Structured Parallelism Raghavan RamanJisheng ZhaoVivek Sarkar Rice University June 13, 2012 Martin.

D u k e S y s t e m s Time, clocks, and consistency and the JMM Jeff Chase Duke University.

Race Detection for Event-driven Mobile Applications

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

CS 263 Course Project1 Survey: Type Systems for Race Detection and Atomicity Feng Zhou, 12/3/2003.

Cormac Flanagan and Stephen Freund PLDI 2009 Slides by Michelle Goodstein 07/26/10.

S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.

Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.

Partial Order Reduction for Scalable Testing of SystemC TLM Designs Sudipta Kundu, University of California, San Diego Malay Ganai, NEC Laboratories America.

Multithreading in Java Nelson Padua-Perez Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Parallelizing Data Race Detection Benjamin Wester Facebook David Devecsery, Peter Chen, Jason Flinn, Satish Narayanasamy University of Michigan.

Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.

/ PSWLAB Eraser: A Dynamic Data Race Detector for Multithreaded Programs By Stefan Savage et al 5 th Mar 2008 presented by Hong,Shin Eraser:

DETECTION OF POTENTIAL DEADLOCKS AND DATARACES ROZA GHAMARI Bogazici UniversityMarch 2009.

Deterministic Replay of Java Multithreaded Applications Jong-Deok Choi and Harini Srinivasan slides made by Qing Zhang.

Testing Concurrent Programs COMP Production Programming Mathias Ricken Rice University Spring 2009.

CSE 486/586 CSE 486/586 Distributed Systems PA Best Practices Steve Ko Computer Sciences and Engineering University at Buffalo.

Android Mobile computing for the rest of us.* *Prepare to be sued by Apple.

Android Info mostly based on Pro Android 3.  User Applications  Java Libraries – most of Java standard edition ◦ Activities/Services ◦ UI/Graphics/View.

Accelerating Precise Race Detection Using Commercially-Available Hardware Transactional Memory Support Serdar Tasiran Koc University, Istanbul, Turkey.

Eraser: A Dynamic Data Race Detector for Multithreaded Programs STEFAN SAVAGE, MICHAEL BURROWS, GREG NELSON, PATRICK SOBALVARRO, and THOMAS ANDERSON Ethan.

DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University.

ANDROID L. Grewe Components  Java Standard Development Kit (JDK) (download) (latest version)  AndroidStudio.

Aritra Sengupta, Swarnendu Biswas, Minjia Zhang, Michael D. Bond and Milind Kulkarni ASPLOS 2015, ISTANBUL, TURKEY Hybrid Static-Dynamic Analysis for Statically.

On-Demand Dynamic Software Analysis Joseph L. Greathouse Ph.D. Candidate Advanced Computer Architecture Laboratory University of Michigan December 12,

Drinking from Both Glasses: Adaptively Combining Pessimistic and Optimistic Synchronization for Efficient Parallel Runtime Support Man Cao Minjia Zhang.

Sampling Dynamic Dataflow Analyses Joseph L. Greathouse Advanced Computer Architecture Laboratory University of Michigan University of British Columbia.

Deadlock Bug Detection Techniques Prof. Moonzoo Kim CS KAIST CS492B Analysis of Concurrent Programs 1.

Aritra Sengupta, Man Cao, Michael D. Bond and Milind Kulkarni PPPJ 2015, Melbourne, Florida, USA Toward Efficient Strong Memory Model Support for the Java.

Eraser: A dynamic Data Race Detector for Multithreaded Programs Stefan Savage, Michael Burrows, Greg Nelson, Patrick Sobalvarro, Thomas Anderson Presenter:

CHESS Finding and Reproducing Heisenbugs in Concurrent Programs

Reachability Testing of Concurrent Programs1 Reachability Testing of Concurrent Programs Richard Carver, GMU Yu Lei, UTA.

Using Escape Analysis in Dynamic Data Race Detection Emma Harrington `15 Williams College

FastTrack: Efficient and Precise Dynamic Race Detection [FlFr09] Cormac Flanagan and Stephen N. Freund GNU OS Lab. 23-Jun-16 Ok-kyoon Ha.

Detecting Data Races in Multi-Threaded Programs

Yongjian Hu Iulian Neamtiu Arash Alavi

Presenter: Godmar Back

On-Demand Dynamic Software Analysis

Yuan Yu(MSR) Tom Rodeheffer(MSR) Wei Chen(UC Berkeley) SOSP 2005

runtime verification Brief Overview Grigore Rosu

Concurrency Specification

Threads and Memory Models Hal Perkins Autumn 2011

Man Cao Minjia Zhang Aritra Sengupta Michael D. Bond

Classifying Race Conditions in Web Applications

Android Programming Lecture 8

Reference-Driven Performance Anomaly Identification

References [1] LEAP:The Lightweight Deterministic Multi-processor Replay of Concurrent Java Programs [2] CLAP:Recording Local Executions to Reproduce.

Threads and Memory Models Hal Perkins Autumn 2009

Discretized Streams: A Fault-Tolerant Model for Scalable Stream Processing Zaharia, et al (2012)

Static Detection of Event-based Races in Android App

Concurrency, Processes and Threads

A Refinement Calculus for Promela

Ahmed Bouajjani Constantin Enea Michael Emmi Serdar Tasiran

SE4S701 Mobile Application Development

Dynamic Race Prediction in Linear Time

Eraser: A dynamic data race detector for multithreaded programs

Presentation transcript:

Race Detection for Android Applications Pallavi Maiya, Aditya Kanade (Indian Institute of Science) Rupak Majumdar (Max Planck Institute for Software Systems) PLDI 2014

Popularity of Android Applications Million+ Android apps in the market Billions of downloads

Our Contributions Formalizing concurrency semantics of Android applications Encoding happens-before relation for them Algorithm to detect and categorize data races Environment modeling to reduce false positives A dynamic tool to detect data races (DroidRacer) Performs systematic testing Identified potential races in popular applications like

Android Concurrency Model Multithreading constructs: threads, synchronization Dynamic thread creation (fork) Lock – unlock, join, notify – wait Asynchrony constructs: task queues, posting asynchronous tasks Threads may be associated with task queues Any thread can post an asynchronous task to a task queue Tasks may be associated with timeouts or posted to front-of-queue Tasks executed in FIFO order Atomic execution of asynchronous tasks

Concurrency Semantics System process Application process binder thread (bt) Main thread (mt) public class MainActivity extends Activity { int X; protected void onCreate( ){ Runnable r = new Runnable( ){ public void run( ){ X = 2; runOnUiThread(new Runnable( ){ System.out.println(X); } }); }; Thread t = new Thread(r); t.start( ); X = 1; protected void onDestroy( ){ X = -1; t LAUNCH ACTIVITY post(bt,onCreate,mt) onCreate begin(mt,onCreate) fork(mt,t) write(mt,X) end(mt,onCreate) write(t,X) post(t,run,mt) run begin(mt,run) read(mt,X) DESTROY ACTIVITY end(mt,run) post(bt,onDestroy,mt) begin(mt,onDestroy) onDestroy write(mt,X) end(mt,onDestroy) Task Queue

Single-threaded Race Sources of non-determinism Thread interleaving binder thread (bt) Main thread (mt) t post(bt,onCreate,mt) Non-deterministic ordering of asynchronous tasks begin(mt,onCreate) Sources of non-determinism Thread interleaving Re-ordering of asynchronous tasks fork(mt,t) write(mt,X) end(mt,onCreate) write(t,X) Unordered conflicting memory operations on the same thread post(bt,onDestroy,mt) begin(mt,onDestroy) write(mt,X) end(mt,onDestroy) post(t,run,mt) begin(mt,run) read(mt,X) end(mt,run)

Race Detection : Happens-before Reasoning Multi-threading with Asynchrony without Asynchrony ( e.g. Android ) Thread-local ordering Total order between all operations on a thread (program order) Total order only between operations on a thread with no task queue Total order between all operations in the same asynchronous task Inter-thread ordering FORK happens-before init of newly forked thread Thread exits before JOINing to another thread UNLOCK happens-before a subsequent LOCK on the same monitor (+ additional rules) (+ additional rules)

Happens-before Relation for Android Applications binder thread (bt) Main thread (mt) ASYNC-PO NO-Q-PO t FORK JOIN post(bt,onCreate,mt) begin(mt,onCreate) POST fork(mt,t) write(mt,X) end(mt,onCreate) FIFO write(t,X) post(t,run,mt) NO-PRE begin(mt,run) read(mt,X) LOCK end(mt,run) post(bt,onDestroy,mt) TRANSITIVITY begin(mt,onDestroy) write(mt,X) end(mt,onDestroy)

? Environment Modeling Track system process and IPC Application process binder thread (bt) Main thread (mt) t LAUNCH ACTIVITY post(bt,onCreate,mt) begin(mt,onCreate) Track system process and IPC Model the effect of the environment in ordering of operations fork(mt,t) write(mt,X) end(mt,onCreate) ? write(t,X) post(t,run,mt) begin(mt,run) read(mt,X) DESTROY ACTIVITY end(mt,run) post(bt,onDestroy,mt) begin(mt,onDestroy) write(mt,X) end(mt,onDestroy)

Environment Modeling enable(_, m) HB post (_, m) System process Application process binder thread (bt) Main thread (mt) LAUNCH ACTIVITY t post(bt,onCreate,mt) begin(mt,onCreate) Ordering due to environment modeled using enable operation fork(mt,t) write(mt,X) enable(mt,onDestroy) end(mt,onCreate) write(t,X) post(t,run,mt) enable(_, m) HB post (_, m) begin(mt,run) read(mt,X) DESTROY ACTIVITY end(mt,run) post(bt,onDestroy,mt) begin(mt,onDestroy) write(mt,X) end(mt,onDestroy)

DroidRacer Algorithm Acyclic graph representation of happens-before constraints Nodes: operations in trace Edges: happens-before relation Saturate the graph with happens-before rules Report conflicting memory operations with no happens-before relation as race Debugging assistance Method stack, high level events Classification of reported data races

Classification of Data Races Type of data race Sources of non-determinism Multi-threaded race Thread interleaving Single-threaded race Co-enabled High level events causing the conflicting operations are unordered Cross-posted Non-deterministic interleaving of two threads posting tasks to the same target thread Delayed At least one of the conflicting operations is due to a task with timeout. This breaks FIFO.

DroidRacer – Dynamic Data Race Detection Tool UI Explorer – Systematic Testing Depth first traversal with backtracking Supports click, long press, data input, rotate screen …. Trace Generator Logs concurrency constructs and read-writes Logs debug information Race Detector Happens-before graph constructed on generated trace Categorization of data races Android core library and Dalvik virtual machine of Android 4.0 instrumented.

Experimental Evaluation – Trace Statistics* Applications Trace length Fields Threads (w/o Q) Threads (w/ Q) Async. tasks Aard Dictionary Music Player My Tracks Messenger Tomdroid Notes FBReader Browser OpenSudoku K-9 Mail SGTPuzzles 1k 5k 7k 10k 19k 25k 30k 39k 189 521 573 845 413 322 963 334 1296 566 2 3 11 14 13 5 7 4 1 58 62 164 99 348 119 103 45 689 80 Remind Me Twitter Adobe Reader Facebook Flipkart 17k 34k 52k 157k 1362 1267 801 2065 21 17 16 36 176 97 226 105 * Representative trace for each of the tested application

Experimental Evaluation – Data Races in given Trace Applications Multi-threaded Cross-posted Co-enabled Delayed Aard Dictionary Music Player My Tracks Messenger Tomdroid Notes FBReader Browser OpenSudoku K-9 Mail SGTPuzzles TOTAL 1 ( 1 ) 1 ( 0 ) 2 ( 1 ) 9 ( 2 ) 11 ( 10 ) 27 ( 15 ) 17 ( 4 ) 15 ( 5 ) 5 ( 2 ) 22 ( 22 ) 64 ( 2 ) 21 ( 8 ) 147 ( 44 ) 4 ( 3 ) 14 ( 4 ) 32 ( 17 ) 4 ( 0 ) 2 ( 2 ) 6 ( 2 ) Remind Me Twitter Adobe Reader Facebook Flipkart 34 12 21 20 73 10 152 33 7 84 4 9 30 X ( Y ) : Races reported ( True Positives ) True positives: 37% Bad behaviour

Related Work Race detection for multi-threaded programs Savage et al., TOCS ’97 (locksets) FastTrack by Flanagan and Freund, PLDI ’09 (vector-clocks) Pozniansky and Schuster, Concurr. Comput.: Pract. Exper. ’07 (hybrid technique) Race detection for single-threaded event-driven programs Petrov et al., PLDI ’12 Raychev et al., OOPSLA ’13 Zheng et al., WWW ’11 Race detection for multi-threaded and asynchronous programs Kahlon et al., FSE ’09 (for C programs – only reports multithreaded races) Hsio et al., PLDI ’14 (for Android applications)

Conclusions Formalization of Android concurrency model and happens-before rules to capture causality in this model. Implemented DroidRacer, a dynamic data race detection tool for Android applications. Future Work Transitive closure slows down on long traces – device faster algorithms to infer happens-before relation (e.g., vector clocks) Reduce false positives : ad-hoc synchronization, concurrency operations by native threads, better environment model

DroidRacer webpage http://www.iisc-seal.net/droidracer

Backup Slides

Happens-before Relation for Android Applications Thread-local rules (HB-S): ordering between operations on the same thread. t : thread m1, m2 : asynchronous tasks [NO-Q-PO] Total order between all operations only on threads without task queues. [ASYNC-PO] Total order between all operations in asynchronous task. [POST-ST] post(t, m1, t) HB-S begin(t, m1) [FIFO] If post(_, m1, t) HB-S post(_, m2, t) then task m1 is executed before task m2. [NO-PRE] a: an operation in task m1 If a HB-S begin(t, m2) then end(t, m1) HB-S begin(t, m2) Transitive closure

Happens-before Relation for Android Applications Inter-thread rules (HB-M): ordering between operations on different threads. t1, t2 : thread m : asynchronous task [FORK] Fork operation HB-M init of newly forked thread. [JOIN] A thread completes execution before joining to another thread. [LOCK] Unlock HB-M subsequent lock on the same monitor. [POST-MT] post(t1, m, t2) HB-M begin(t2, m) Transitive closure (using both HB-M and HB-S)

Naïve transitive closure misses races! Main thread (mt) Worker thread (wt) event e1 begin(mt,onE1) lock(mt,l) write(mt,X) unlock(mt,l) end(mt,onE1) begin(wt,task1) lock(wt,l) write(wt,Y) unlock(wt,l) end(wt,task1) event e2 begin(mt,onE2) lock(mt,l) read(mt,X) unlock(mt,l) end(mt,onE2)

Environment Modeling - Activity Launched onCreate() onStart() onRestart() onResume() Running onPause() onStop() onDestroy() Destroyed