Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yongjian Hu Iulian Neamtiu Arash Alavi

Published byErin Hines Modified over 7 years ago

Similar presentations

Presentation on theme: "Yongjian Hu Iulian Neamtiu Arash Alavi"— Presentation transcript:

1 Yongjian Hu Iulian Neamtiu Arash Alavi
Automatically Verifying and Reproducing Event-Based Races in Android Apps Yongjian Hu Iulian Neamtiu Arash Alavi

2 Rise of Event-Driven Systems
Mobile apps Web apps Event-driven systems have been existing for a while, and nowadays they are more and more popular. These systems include billions of mobile platforms running Android, iOS, and windows, and we also have many web applications like google docs and Microsoft office writing in the new HTML5 standard, which incorporate a event-driven model. In the era of big data, we also have many data centers running asynchronous tasks every second. But there’s a lack of tools for debugging the unique class of concurrency errors that manifest in these systems. // spend more time Event-based races are prevalent and may cause harmful result: crash, incorrect results, etc.

3 Outline Motivation of Event-Based Race
Most prevalent concurrency errors in Android [Maya et al., PLDI’14, etc.] Prior Work of Event-Based Race Detectors Imprecise: mostly false positives & benign races Not able to reproduce the race Our Approach: ERVA Replay based approach to verify race Event flipping to alternate schedule Filter benign races by state comparison Experiment Result 3% true positive harmful races in out work

4 Example of Event-Based Race
Done! Syncing… Back

5 Example of Event-Based Race
Syncing… Crash! Back

6 State-of-art Race Detectors for Event Driven Systems
Web Applications WebRacer, PLDI’12 EventRacer for JavaScript, OOPSLA’13 Mobile Applications(Android) DroidRacer, PLDI’14 CAFA, PLDI’14 EventRacer for Android, OOPSLA’15 Instrumented Framework App Execution Happens Before Graph Building Race Detection Report Filtering and Generation

7 Limitation of State-of-art Race Detector
False positives DroidRacer: FP rate is 63% CAFA: FP rate is 21.7%, benign rate 27.8% EventRacer reduces FP by race coverage, but still have FPs in our experiment Cannot distinguish between harmful &benign races Manual efforts to check the race report Cannot reproducing races We use EventRacer in our experiment because it is end-to-end system with affordable overhead and better race filtering techniques.

8 False Positive Type 1: Imprecise Android Model
EventRacer reports a harmful race in AnyMemo’s RecentListFragment onCreateView() { mHandler = new Handler(); mAdapter = new ArrayAdapter(); } Looper Thread Thread onCreateView onResume() { Thread thrd = new Thread() { public void run() { // query database operation mHandler.post(new Runnable() { mAdapter.clear(); for (RecentItem ri : database) mAdapter.insert(ri); } }); thrd.start(); onResume Runnable

9 False Positive Type 2: Implicit Happens-Before Relation
One race reported in CoolReader app’s CoolReaderActivity [CoolReaderActivity.java] onStart() { waitForCRDService(new Runnable() { public void run() { Service.getHistory().loadFromDB(…); …… new CRRootView(…); } }); Looper Thread Delayed post time = 0 post(Runnable r) Atomicity onStart post(Runnable r) onRecentBookListLoaded [History.java] onRecentBookListLoaded(List list) { mBooks = list; } getOrLoadRecentBooks [History.java] getOrLoadRecentBooks(…) { if (mBooks != null && mBooks.size() > 0) // update mBooks. }

10 Benign Race Type 1: Ad-hoc Synchronization
One race reported in Volley HTTP library public class ImageLoader { private Handler mHandler = new Handler(); private Runnable mRunnable; private void batchResponse(…) { if (mRunnable == null) { mRunnable = new Runnable() { public void run() { // deliver batched request mRunnable = null; } mHandler.post(mRunnable); Looper Thread batchResponse Benign race: read/write access protected by the control flow Runnable.run() batchResponse

11 Benign Race Type 2: No External Visible State Difference
One race reported in AnyMemo app’s QACardActivity startLoading() { for (Loader loader : mLoaders) { loaderManager.initLoader(loader); nRunningLoader++; } Thread-1 Thread-2 checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } onLoadFinished checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } Benign race: no state difference onLoadFinished

12 Our Approach ERVA: Event-race Reproducer and Verifier for Android
Race detection phase Race verification phase Race Report False positive Benign race Harmful race Input log App state comparison Instrumented platform (emulator) Input replay Event flipping Event Racer Input capture Event capture EDG Replay platform (emulator or phone) single execution multiple executions App

13 ERVA Details Input Capture and Replay Event Dependency Graph(EDG)
Input, sensors, IPC, threading events are captured by VALERA(OOPSLA’15) Event Dependency Graph(EDG) Causal relationship between events (strong HB relations) Event Flipping Leverage VALERA’s deterministic schedule replay User defined order of event execution which is allowed by EDG State Recording and Comparison Externally visible state(EVS) EVS = All GUI states(layout & contents) + shared preference data EVS is extensible to dump customized state Race Verification

14 Race Verification: FP Race Type 1
onCreateView() { mHandler = new Handler(); mAdapter = new ArrayAdapter(); } Looper Thread Thread onCreateView onResume() { Thread thrd = new Thread() { public void run() { // query database operation mHandler.post(new Runnable() { mAdapter.clear(); for (RecentItem ri : database) mAdapter.insert(ri); } }); thrd.start(); Dead lock!!! onResume Runnable

15 Race Verification: FP Type 2
Analyze the trace [CoolReaderActivity.java] onStart() { waitForCRDService(new Runnable() { public void run() { Service.getHistory().loadFromDB(…); …… new CRRootView(…); } }); Looper Thread post1(Runnable r1, delay1=0) onStart post2(Runnable r2, delay2=0) onRecentBookListLoaded [History.java] onRecentBookListLoaded(List list) { mBooks = list; } getOrLoadRecentBooks [History.java] getOrLoadRecentBooks(…) { if (mBooks != null && mBooks.size() > 0) // update mBooks. } post1 < post2 && delay1 == delay2

16 Race Verification: Benign Type 1
One race reported in Volley HTTP library public class ImageLoader { private Handler mHandler = new Handler(); private Runnable mRunnable; private void batchResponse(…) { if (mRunnable == null) { mRunnable = new Runnable() { public void run() { // deliver batched request mRunnable = null; } mHandler.post(mRunnable); Looper Thread batchResponse Runnable.run() Flippable batchResponse Different branch condition executed in flipped schedule Racy read write disappear in new schedule

17 Race Verification: Benign Type 2
One race reported in AnyMemo app’s QACardActivity startLoading() { for (Loader loader : mLoaders) { loaderManager.initLoader(loader); nRunningLoader++; } Thread-1 Thread-2 checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } onLoadFinished Flippable checkAllLoaderCompleted() { nRunningLoader--; if (nRunningLoader <= 0) { onAllLoaderComplete(); } Benign race: no state difference onLoadFinished External visible state dumping and comparison

18 Experimental Result High priority: races in app code
Normal priority: races in framework but invoked from app

19 Related Work Race Detection Race Classification Multi-threaded races
Various works: static, dynamic or hybrid approaches Event-based races Web apps: WebRacer, EventRacer Mobile apps: DroidRacer, CAFA, EventRacer Android Race Classification Instruction-level replay, Narayanasamy et al., PLDI’07 Symbolic execution, Kasikci et al., ASPLOS’12

20 Related Work Model checking for event driven systems
Systematically explore all schedules for find concurrency errors R4: OOPSLA’16, for web applications Dynamic partial order reduction + bounded conflict reversal AsyncDroid: CAV’15, for Android applications Delay-bounded prioritized systematic exploration Model checking may have scalability problems Huge number of events, exponential schedules EVRA can help model checkers Use EDG to filter unreachable schedules Use EVS to verify harmful and benign races

21 Conclusions Event-based races
Most prevalent concurrency errors Prior works on event-based race detectors Imprecise, mostly false positives & benign races Not able to reproduce races Our approach: ERVA Replay based approach to verify race Event flipping to alternate schedule Filter benign races by state comparison Experiment result 3% true positive harmful races

22 Thanks!

23 Android Event Handling
Thread Handler UI Thread Looper msg evt Message Queue Thread msg Handler Hardware Events

24 Deterministic Event Schedule: Recording
UI Thread Looper Message Queue Event Log A B C D 1 2 3 4

25 Deterministic Event Schedule: Replaying
Reconciling different event orders between record and replay Controller = 1 2 4 3 UI Thread Looper Message Queue Event Log B D C A A B C D 1 2 3 4 Pending Queue

Download ppt "Yongjian Hu Iulian Neamtiu Arash Alavi"

Similar presentations

CHESS : Systematic Testing of Concurrent Programs

CHESS : Systematic Testing of Concurrent Programs
Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.

Openflow App Testing Chao SHI, Stephen Duraski. Motivation Network is still a complex stuff ! o Distributed mechanism o Complex protocol o Large state.
Race Detection for Android Applications

Race Detection for Android Applications
A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.

A Randomized Dynamic Program Analysis for Detecting Real Deadlocks Koushik Sen CS 265.
Race Detection for Event-driven Mobile Applications

Race Detection for Event-driven Mobile Applications
Automatic and Scalable Fault Detection for Mobile Applications MobiSys’ 14 Presented by Haocheng Huang

Automatic and Scalable Fault Detection for Mobile Applications MobiSys’ 14 Presented by Haocheng Huang
VanarSena: Automated App Testing. App Testing Test the app for – performance problems – crashes Testing app in the cloud – Upload app to a service – App.

VanarSena: Automated App Testing. App Testing Test the app for – performance problems – crashes Testing app in the cloud – Upload app to a service – App.
Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.

Atomicity in Multi-Threaded Programs Prachi Tiwari University of California, Santa Cruz CMPS 203 Programming Languages, Fall 2004.
S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.

S. Narayanasamy, Z. Wang, J. Tigani, A. Edwards, B. Calder UCSD and Microsoft PLDI 2007.
Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.

Cormac Flanagan UC Santa Cruz Velodrome: A Sound and Complete Dynamic Atomicity Checker for Multithreaded Programs Jaeheon Yi UC Santa Cruz Stephen Freund.
Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.

Presenter: Chi-Hung Lu 1. Problems Distributed applications are hard to validate Distribution of application state across many distinct execution environments.
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
Cooperative Task Management without Manual Stack Management Or, Event-driven Programming is not the Opposite of Thread Programming Atul Adya, John Howell,

Cooperative Task Management without Manual Stack Management Or, Event-driven Programming is not the Opposite of Thread Programming Atul Adya, John Howell,
Timing and Race Condition Verification of Real-time Systems Yann–Hang Lee, Gerald Gannod, and Karam Chatha Dept. of Computer Science and Eng. Arizona State.

Timing and Race Condition Verification of Real-time Systems Yann–Hang Lee, Gerald Gannod, and Karam Chatha Dept. of Computer Science and Eng. Arizona State.
UI Design Patterns & Best Practices Mike Wolfson July 22, 2010.

UI Design Patterns & Best Practices Mike Wolfson July 22, 2010.
Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.

Presented by: Tom Staley. Introduction Rising security concerns in the smartphone app community Use of private data: Passwords Financial records GPS locations.
- 1 - Dongyoon Lee, Peter Chen, Jason Flinn, Satish Narayanasamy University of Michigan, Ann Arbor Chimera: Hybrid Program Analysis for Determinism * Chimera.

- 1 - Dongyoon Lee, Peter Chen, Jason Flinn, Satish Narayanasamy University of Michigan, Ann Arbor Chimera: Hybrid Program Analysis for Determinism * Chimera.
DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University.

DoubleChecker: Efficient Sound and Precise Atomicity Checking Swarnendu Biswas, Jipeng Huang, Aritra Sengupta, and Michael D. Bond The Ohio State University.
Versatile yet Lightweight Record-and-Replay for Android Yongjian Hu Tanzirul Azim Iulian Neamtiu.

Versatile yet Lightweight Record-and-Replay for Android Yongjian Hu Tanzirul Azim Iulian Neamtiu.
Yongjian HuTanzirul Azim Iulian Neamtiu Improving the Android Development Lifecycle with the VALERA Record-and- replay Approach.

Yongjian HuTanzirul Azim Iulian Neamtiu Improving the Android Development Lifecycle with the VALERA Record-and- replay Approach.

Similar presentations

Ads by Google