Presentation is loading. Please wait.

Presentation is loading. Please wait.

Race Detection for Event-driven Mobile Applications Chun-Hung Hsiao University of Michigan Jie Yu University of Michigan / Twitter Satish Narayanasamy.

Similar presentations


Presentation on theme: "Race Detection for Event-driven Mobile Applications Chun-Hung Hsiao University of Michigan Jie Yu University of Michigan / Twitter Satish Narayanasamy."— Presentation transcript:

1 Race Detection for Event-driven Mobile Applications Chun-Hung Hsiao University of Michigan Jie Yu University of Michigan / Twitter Satish Narayanasamy University of Michigan Ziyun Kong University of Michigan Cristiano Pereira Intel Gilles Pokam Intel Peter Chen University of Michigan Jason Flinn University of Michigan

2 Rise of Event-Driven Systems Mobile apps Web apps Data-centers 2 Lack tools for finding concurrency errors in these systems

3 Why Event-Driven Programming Model? 3 Need to process asynchronous input from a rich set of sources

4 Events and Threads in Android 4 Event Queue wait(m) rd(x) wr(x) signal(m) Looper Thread Threads Regular Threads send( )

5 Conventional Race Detection 5 Looper Thread Regular Threads rd(x) wr(x) signal(m) wait(m) send( ) Conflict: Read-Write or Write-Write data accesses to same location Causal order: happens- before ( ) defined by synchronization operations Race ( ): Conflicts that are not causally ordered e.g., FastTrack [PLDI’09]

6 6 Looper Thread Regular Threads NullPointerException! Conventional race detectors cannot find such errors in Android Problem: Causality model is too strict Should not assume program order between events Conventional Race Detection: Problem

7 Model Events as Threads? 7 Event Regular Threads Event Race

8 Events as Threads: Problem 8 Regular Threads Event False race send( ) Missing causal order! Problem: Causality model is too weak Android system guarantees certain causal orders between events

9 Challenge 1: Modeling Causality Goal: Precisely infer causal order between events that programmers can assume 9 A → B C || B A B C Looper Thread B

10 Challenge 2: Not All Races are Bugs 10 Races between events (e.g., ~9000 in ConnectBot) Order violations Atomicity violations Not a problem in Android events! Solution: Commutativity analysis identifies races that cause order violations One looper thread executes all events non-preemptively

11 Outline Causality Model Commutativity Analysis Implementation & Results 11

12 Causality Model Android uses both thread-based and event- based models Causal order is derived based on following rules: 1.Conventional causal order in thread-based model 2.Event atomicity 3.Event queue order 12 Conventional causal order; Event atomicity; Event queue order Conventional causal order; Event atomicity; Event queue order

13 fork(thread) send(B) 13 Program order Fork-join Send Looper Thread Regular Thread begin(thread) fork(thread) → begin(thread) end(thread) → join(thread) signal(m) → wait(m) send(event) → begin(event) fork(thread) → begin(thread) end(thread) → join(thread) signal(m) → wait(m) send(event) → begin(event) begin(A) end(A) begin(B) end(B) signal(m) wait(m) Signal-wait Conventional causal order; Event atomicity; Event queue order

14 14 One looper thread executes all events non-preemptively => events are atomic Ordered due to event atomicity begin(A) → end(B) end(A) → begin(B) begin(A) → end(B) end(A) → begin(B) fork(thread) send(B) Looper Thread Regular Thread begin(thread) begin(A) end(A) begin(B) end(B) Conventional causal order; Event atomicity; Event queue order

15 15 Ordered due to FIFO queue order send(A) → send(B) end(A) → begin(B) send(A) → send(B) end(A) → begin(B) send(B) Looper Thread Regular Thread begin(A) end(A) begin(B) end(B) Conventional causal order; Event atomicity; Event queue order Event Queue send(A) A B

16 It’s Not That Simple… Special send APIs can overrule the FIFO order – Event with execution delay – Prioritize an event sendAtFront(event): inserts event to queue’s front 16 Conventional causal order; Event atomicity; Event queue order Special event queue rules handle these APIs. See paper for details. Special event queue rules handle these APIs. See paper for details.

17 Event Orders due to External Input 17 A B C Looper Thread Assume all events generated by the external environment are ordered B

18 What is External Input? 18 External Environment IPC surfaceflinger App context_manager system_server

19 Outline Causality Model Commutativity Analysis Implementation & Results 19

20 Problem: Not All Races are Bugs 20 Races between events Order violations Atomicity violations Not a problem in Android events!

21 Order Violations in Events 21 Looper Thread Race between non-commutative events => order violation

22 Races in Commutative Events 22 Hard to determine if events are commutative! Looper Thread racy events are commutative => not a race bug racy events are commutative => not a race bug

23 Report races between known non-commutative operations -- uses & frees Solution: Commutativity Analysis 23 Free A B C Looper Thread Use Heuristics to handle commutative events with uses and frees. See paper for details. Heuristics to handle commutative events with uses and frees. See paper for details. B

24 Outline Causality Model Commutativity Analysis Implementation & Results 24

25 CAFA: Race Detection Tool for Android 25 Logs synchronization operations for causality inference Logs data access operations related to uses and frees Also logs the system service processes for complete causality Logger device in the kernel for trace collection Offline race detector based on graph reachability test surfaceflinger App context_manager system_server Android Kernel Java Libs Dalvik VM Native Libs IPC Binder CAFA Analyzer Java Libs Dalvik VM Native Libs Java Libs Dalvik VM Native Libs CAFA Analyzer Logger Java Libs Dalvik VM Native Libs IPC Binder

26 Tested Applications 26

27 Use-after-Free Races 115 races; 69 race bugs (67 unknown bugs) 27 38 (33.0%) 31 (27.0%) 46 (40.0%) Races in conventional causality model Races in Android causality model False positives 32 benign races (27.8%): Imprecise commutative analysis 14 false races (12.2%): Imprecise causal order: -- Imperfect implementation 25 (21.7%) 13 (11.3%)

28 Performance Overhead 28 Trace collection – 2x to 6x; avg: ~3.2x – Interactive performance is fair Offline analysis – Depends on number of events – 30 min. to 16 hrs. for analyzing ~3000 to ~7000 events

29 Summary Races due to asynchronous events is wide spread Contributions – Causality model for Android events – Commutativity analysis identifies races that can cause order violations – Found 67 unknown race bugs with 60% precision Future work – Commutativity analysis for finding a broader set of order violations – Optimize performance 29

30 Looper Thread Event Queue Event-Driven Execution Model 30

31 Looper Thread Event Queue A Race Bug within a Thread 31 NullPointerException! No existing concurrency tools can find such errors in Android [Petrov, et. al., PLDI’12]

32 The Other Extreme: No Event Orders 32 Event Regular Threads Treat events as threads Event Race bug Problem: Will miss some causal order between events!

33 Challenge 2: Not All Races are Bugs 8,918 races are found in 33 Order violations Atomicity violations racy events are commutative => not a race bug racy events are commutative => not a race bug No problem in Android events!

34 Concurrency in a Mobile Application 34 A B C A → B C || B Race bug Looper Thread Events are processed serially in a looper thread But events in a thread may be logically concurrent Races in logically concurrent events may lead to bugs

35 What is a Race? 35 A B C Looper Thread Race Conflict: Read-Write or Write-Write data accesses to same location Race: Conflicts that are not causally ordered Conflict: Read-Write or Write-Write data accesses to same location Race: Conflicts that are not causally ordered

36 Events with Delays Event Queue send(B, 3) B send(C, 0) C B C 36 A A time t time t+1 time t+2 time t+3 time t+4 time t+5 B is not available till time t+3C is available immediatelyB becomes available Looper Thread Worker Thread B executes before C

37 Events with Delays Event Queue send(B, 3) B send(C, 0) C C B 37 A time t time t+1 time t+2 time t+3 time t+4 B is not available till time t+3C is available immediatelyB becomes available B executes after C No causal order between B and C can be assumed A Looper Thread Worker Thread

38 38 Traditional causal order; Event atomicity; Event queue order send(A) → send(B) && A.delay ≤ B.delay => end(A) → begin(B send(A) → send(B) && A.delay ≤ B.delay => end(A) → begin(B Revised Rule

39 Use heuristics to detect common programming patterns for commutative events – If-Guard check – Intra-event-allocation Solution: Commutativity Analysis 39 Free A B C Looper Thread Guarded use

40 Use heuristics to detect common programming patterns for commutative events – If-Guard check – Intra-event-allocation Solution: Commutativity Analysis 40 Free A B C Looper Thread Allocated use

41 CAFA: Race Detection Tool for Android 41 Logs synchronization operations for causality inference Logs data access operations related to uses and frees Also logs the system service processes for complete causality Logger device in the kernel for trace collection Offline race detector based on graph reachability test


Download ppt "Race Detection for Event-driven Mobile Applications Chun-Hung Hsiao University of Michigan Jie Yu University of Michigan / Twitter Satish Narayanasamy."

Similar presentations


Ads by Google