CN105183655A - Android application program data race detection based on predictability analysis - Google Patents

Android application program data race detection based on predictability analysis Download PDF

Info

Publication number
CN105183655A
CN105183655A CN201510626507.2A CN201510626507A CN105183655A CN 105183655 A CN105183655 A CN 105183655A CN 201510626507 A CN201510626507 A CN 201510626507A CN 105183655 A CN105183655 A CN 105183655A
Authority
CN
China
Prior art keywords
thread
activity
android
track
constraint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510626507.2A
Other languages
Chinese (zh)
Other versions
CN105183655B (en
Inventor
许蕾
孙全
陈林
徐宝文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Original Assignee
Nanjing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University filed Critical Nanjing University
Priority to CN201510626507.2A priority Critical patent/CN105183655B/en
Publication of CN105183655A publication Critical patent/CN105183655A/en
Application granted granted Critical
Publication of CN105183655B publication Critical patent/CN105183655B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention relates to a method for Android application program data race detection based on predictability analysis. The method comprises the steps that based on an Android development framework and a multi-thread model of the Android development framework, an Android application program is instrumented and operated dynamically to extract a single executing track, the executing track is then analyzed through a predictability analysis method, the happening order relation (Happens-Before) among activities of the Android application program is structured, multiple executing tracks are generated through prediction, on this basis, all activities in the executing tracks are subjected to constraint coding through combination of variable slacking and path slacking, and codes are finally put into a constrain solver to be solved to complete detection of data races. By means of the method, the false alarm rate of the data races can be effectively decreased, expansibility is good, efficiency is high, only the single executing track needs to be collected, and thus the labor cost is greatly reduced.

Description

Android application data competition based on anticipate detects
Technical field
The invention belongs to field of computer technology, especially software technology field.The invention provides the data contention problem in a kind of usage forecastings analytical approach detection Android application program, for Software Quality Assurance.
Background technology
In cybertimes, cell phone is easy to carry, and on it, application program (MobileApp) obtains the favor of wide variety of user.Due to the opening of Android and numerous Google application of seamless combination, make manufacturer can release multiple product that is rich and varied, that differ from one another at low cost.The market share shared by Android has risen to 84.7% of the second quarter in 2014 from 79.6% of the second quarter in 2013.But due to opening and the freedom of Android platform, Android application program has of a great variety, that isomery is autonomous feature, and low, the prevailing of Open Source Code of exploitation threshold makes application program inadequate natural endowment in software quality, how to ensure that quality that Android applies is concerning developer being a huge difficult problem.
Android application program is event driven, and Android system has the characteristics such as unique threading mechanism, callback method and multiple entry.Android system provides 4 large assemblies for developer:
(1) movable, Activity, can carry out mutual interface with it for user provides, the interface of each user interactions is an Activity and has a mainActivity in whole application program, the interface entered time namely initial user starts;
(2) serve, Service, performs long playing task on backstage, and other assembly can be opened and bind a Service;
(3) content provider, ContentProviders, provides a kind of data storage management mechanism in Android system, other assembly can the data access of necessity in ContentProviders for the exchanging of user-to-user information;
(4) broadcast, Broadcast, be used for monitoring that Android system produces that some are movable, such as receive information, accept phone etc., App can accept sort of activity by BroadcastReceiver, and can make respective handling by it.
Android system carrys out the operation of Management Unit by the life cycle methodology calling a series of assembly.Create a new assembly, the component class that an Android system provides must be inherited.In subclass, also must realize the callback method that some are fixing, for can the operation of Management Unit well when assembly carries out State Transferring.
The callback method of following several life cycle is had in Activity:
1.onCreate (): create;
2.onStart (): call startup immediately after onCreate () callback method;
3.onResume (): status user can carry out alternately with interface;
4.onPause: suspend current component;
5.onStop (): stop and discharging some resources;
6.onDestory (): destroy assembly;
7.onRestart (): restart assembly.
Service is then following callback method:
Start Service:onCreate (), onStartCommand (), onDestroy ();
Binding Service:onCreate (), onBind (), onUnBind (), onDestroy ().
Under default situations, in Android system, all component of an application operates in identical processor with above identical thread.Run processor can certainly be specified by the Android:process attribute arranging assembly.In the middle of assembly operating, consider the efficiency of operation, developer often uses the task that different thread execution is different, to improve the performance of application.From application start, system can maintain a main thread, runs through the whole life cycle of application, for allocation activities, administration interface, the operation of process respective logic.Simultaneously developer can create extra asynchronous thread and comes concurrently to carry out relevant work, is also referred to as worker thread, comprises: directly inherit Thread class or realize Runnable interface; To open or binding extra Service executes the task on backstage; Use AsyncTask to open a worker thread and perform asynchronous task.
Due to the multi-thread mechanism of Android system and its distinctive callback method, developer is easy to write out the code causing existing in flow process such as deadlock, perform the problems such as unreachable activity, data contention, and wherein data contention phenomenon is the most general.Data contention refers to: in multithread programs, and two of different threads operations to the not specific order of the access of identical shared variable, and wherein have at least one to be the situation of write operation.Once data contention occurs, then application program may be caused to run quickly routed, the situation such as data are inconsistent, bring serious harm.
Tradition concurrent program field compares deep research to data contention, and conventional method has based on occurred sequence and the detection method based on lock collection.In Android application data competition context of detection, existing method is confined to occurred sequence.The present invention by provide a kind of newly, the data contention problem detected based on the method for anticipate in Android application program, to improve precision and the efficiency of detection.
Summary of the invention
The problem to be solved in the present invention is: simulation Android application program running environment, formulates Android Parallel Semantics rule, and uses new, detect Android application program based on the detection technique of anticipate data contention, to ensure its quality.
Technical scheme of the present invention is: the Android application data competition based on anticipate detects, it is characterized in that based on Android Development Framework and its multithreading model, pitching pile Android application program dynamic operation extracts single execution track, re-use anticipate method to analyze execution track, construct the occurred sequence relation (Happens-Before) between its activity and the multiple execution track of prediction generation, to relax in conjunction with variable on this basis and path relaxation carries out constraint to all activities performed in track and encodes, finally put into constraint solver to solve, carry out the detection of data contention.
Invention specifically comprises the following steps:
1) according to Android Development Framework and its multithreading model, design pitching pile point and the activity that will record, pitching pile Android application source program, and Dynamic Execution obtains single execution track.
2) according to the Parallel Semantics rule of Android application program, structure performs the Happens-Before set of relations of track.
3) analyze the Happens-Before set of relations performing track, the scheduling between the rationally change activity of usage forecastings analytical approach, to generate multiple execution track.
4) constraint coding is carried out to all activities performed in track, and reduce rate of false alarm in conjunction with variable is lax with path relaxation.
5) solve constraint condition by constraint solver, complete the detection of data contention.
Step 1) in, analyze Android Development Framework, in conjunction with its distinctive multithreading model, the former Android application program of pitching pile, dynamic operation performs track to obtain Android application.
Wherein, track T=<e is performed 1, e 2..., e n> is an active flow, and for source program SourceAPK, we think that each statement in it has carried out different operations, are called activity.Our record wherein, activity that may cause data contention relevant to concurrent, comprising: the threading operation such as initialization, a unlatching thread of thread; The read-write operation of shared variable; The application releasing operation of lock collection; The mandate relevant to task, start, the operation such as end task.
Step 2) in, based on the Parallel Semantics rule of Android, the Happens-Before set of relations between tectonic activity.The Parallel Semantics rule of Android comprises rule (Intra-ThreadHappens-Before), cross-thread rule (Inter-ThreadHappens-Before), callback method rule (CallBackHappens-Before) in thread.
In thread, rule comprises: distribute in authorized appropriation (PowerPost-Intra) in sequence (Order-Intra), thread in thread, thread and start (PostBegin-Intra), task atomicity (TaskAtomic-Intra), movable transmission (Trans-Intra).
Cross-thread rule comprises: cross-thread authorized appropriation (PowerPost-Inter), cross-thread distribute beginning (PostBegin-Inter), cross-thread activity transitivity (Trans-Inter), Fork, Join, lock rule (Lock).
Callback method rule comprises: movable readjustment (activitycallback), service readjustment (servicecallback).
Happens-Before set of relations=<E, R>, wherein E performs the movable <e in track 1, e 2..., e n>, R={<e j< e k| j, k ∈ [1, n] ∧ j ≠ k>}, e j< e kexpression activity is to (e j, e k) meet Android Parallel Semantics and movable e jprior to movable e koccur.
Step 3) in, the scheduling between usage forecastings analysis rationally change activity generates multiple execution track.
Perform track T=<e 1, e 2..., e n> is movable once scheduling, and due to the uncertainty that multithreading performs, each activity scheduling performed is all different.In single execution track, some activity must follow specific successively order relation, but can scheduling mode be changed between some read-write activity, that is: meeting on constant Android Parallel Semantics rule-based approach, variable active operation is rearranged, to obtain new activity scheduling, thus generate multiple execution track from single execution trajectory predictions, solution space widely can be detected thus.
Step 4) in, application variables relaxes and path relaxation, to obtain the expression of some constraint condition.
In traditional predictive method, require that the read value of same variable necessarily equals the last value write this variable, because this constraint exists, impliedly be applied with constraint to reading " activity after same thread " and writing " activity before same thread ", but in fact such constraint condition is too strict, can cause failing to report of result.We relax the constraint to this variable read-write, are referred to as variable and relax.
In the once execution of program, if run into branch's situation, then can only perform a wherein branch.Traditional anticipate method requires that former state performs, and cannot cover the defect hidden in other branches.We, by enforcing other branches to the negate of control statement branch condition value, are referred to as path relaxation.
After completing aforesaid operations, obtain the execution track of multiple predictability, generate some constraint condition accordingly, as follows.
Variable bound (ValueConstraints): the assignment concrete to variable retrains;
Control constraints (ControlConstraints): the controlled condition of branch statement is retrained;
Sequence constraints (OrderConstraints): Android Parallel Semantics is retrained;
Data contention constraint (RaceConstraints): the activity that data contention may occur is retrained;
Cross-thread activity scheduling constraint (Inter-threadActConstraints): by rearranging the read-write alignment constraints between same variable, multiple scheduling mode can be obtained, thus prediction generates multiple execution track.
Step 5) in, institute's Constrained is put into constraint solver and solves, thus complete the detection of data contention.Wherein, constraint solver adopts the Z3 solver of Microsoft, if there is solution, then shows to there is data contention problem in tested Android application program.
The present invention, by adopting above technical scheme, has the following advantages:
1. extensibility is good: the present invention is based on anticipate method, remains the advantage of dynamic analysing method, and for large-scale application program, extendability is strong.
2. not wrong report: obtained by actual motion because perform track, and be carry out forecast analysis based on the single execution track of reality, thus can avoid wrong report.
3. accuracy rate is high: present invention uses the optimisation techniques such as the lax and path relaxation of variable, decrease and fail to report, improve the precision of testing result.
Accompanying drawing explanation
Fig. 1 is process flow diagram of the present invention.
Fig. 2 is the partial source symbols of tested Android application program MusicPlayer.
Fig. 3 is the part running orbit of MusicPlayer.
Embodiment
The inventive method is first based on Android Development Framework and its multithreading model, pitching pile Android application program dynamic operation extracts single execution track, re-use anticipate method to analyze execution track, construct the occurred sequence relation (Happens-Before) between its activity and the multiple execution track of prediction generation, to relax in conjunction with variable on this basis and path relaxation carries out constraint to all activities performed in track and encodes, finally put into constraint solver to solve, thus complete the detection of data contention.
Flow process of the present invention as shown in Figure 1, specifically comprises following five steps.
The first step: analyze Android Development Framework, in conjunction with its distinctive multithreading model, the former Android application program of pitching pile, dynamic operation obtains Android and performs track, performs track T=<e 1, e 2..., e n> is an active flow, and for source program SourceAPK, we think that each statement in it has carried out different operations, are called activity.Our record wherein, activity that may cause data contention relevant to concurrent, comprising: the threading operation such as initialization, a unlatching thread of thread; The read-write operation of shared variable; The application releasing operation of lock collection; The mandate relevant to task, start, the operation such as end task.
The situation movable concrete according to bar every in program, we summarize the correlated activation that we will record, and identify one by one and record in source program.
Definition 1: the basic activity of record
1) .threadinit (t): current thread initialization;
2) .threadexit (t): current thread execution is complete;
3) .fork (t, s, t '): create new t ' thread in t thread, s is the type of thread;
4) .join (t, s, t '): thread execution is complete, returns results;
5) .wait (t): current thread is blocked and waits for;
6) .notify (t) or notifyAll (t): notice wait () thread can continue to perform;
7) .beginTask (t, p): execute the task p in thread t;
8) .endTask (t, p): terminate to execute the task p in thread t;
9) .touchEvent (t, e): thread t response events, comprises following event: launch: initiate app; Home:home key uses; Click: click; Rotate: rotate; Sliding: slide; Back: rollback, the triggering of each activity can cause the change of Android component lifecycle;
10) .acq (t, 1): process t application lock I;
11) .reI (t, I): process t release lock I;
12) .read (t, m): process t carries out internal memory reading to m;
13) .write (t, m, value): process t carries out internal memory write to m;
14) .post (t, p, t '): transmit and execute the task p to thread t ';
15) .hasRunPower (t, p): task p has the right to perform.
Second step: based on the Parallel Semantics rule of Android, the Happens-Before set of relations between tectonic activity.
Definition 2:Happens-Before relation
Happens-Before is a kind of partial ordering relation being used for describing program activity introduced by LesileLamport at first.If AHBB in program, so B just can see the operation (no matter whether A and B is same thread) of A.
Here the execution of multithreading is regarded as the track of movable E by us, and activity here refers to JMM action, also i.e. Java memory model action (JavaMemoryModelAction).According to the multithreading model of definition 2 and Android, we can obtain definition 3, Android Parallel Semantics rule.
Definition 3: the Parallel Semantics rule of Android
(1) cross-thread Happens-Before relation (intra-thread)
I. sequence relation (Order-Intra) in thread: if movable e i, e ibelong to same thread t, and e jcontrol depends on e i, then e is had i< intrae j;
Ii. authorized appropriation in thread (PowerPost-Intra): if movable e ihave the authority and e that perform certain task i=hasRunPower (t, p), movable e jdistribute this task (e j=Post (t, p, _)), and e i, e jbelong to same thread, then e i< intrae j;
Iii. distribute in thread and start (PostBegin-Intra): being distributed in before this task starts of a task occurs, even e i=Post (t, p, t), e j=beginTask (t, p) and e i, e jbelong to same thread, then e i< intrae i;
Task atomicity (TaskAtomic-Intra): if before a task starts from another task, then this task also can terminate before another task starts, if i.e.: e k=beginTask (t, p1), e i=endTask (t, p1), e j=beginTask (t, p2), e k< e j, then e i< intrae j;
Iv. transitive relation (Trans-Intra) in thread: if e i, e kmeet Happens-Before relation in thread, and e k, e jmeet Happens-Before relation in thread, then e i, e jmeet Happens-Before relation in thread.
(2) cross-thread Happens-Before relation (inter-thread)
I. cross-thread authorized appropriation (PowerPost-Inter): if movable e ihave the authority performing certain task, i.e. e i=hasRunPower (t, p), movable e jdistribute this task (e j=Post (t, p, _)), and e i, e jdo not belong to same thread, then e i< intere j;
Ii. cross-thread distributes and starts (PostBegin-Intra): being distributed in before this task starts of a task occurs, if i.e. e i=Post (t, p, t), e j=beginTask (t, p) and e i, e jdo not belong to same thread, then e i< intere j;
Iii. cross-thread transitive relation Trans-Intra: if e i, e kmeet cross-thread Happens-Before relation, and e k, e jmeet cross-thread Happens-Before relation, then e i, e jmeet cross-thread Happens-Before relation;
Iv.Fork: if movable e i, e jdo not belong to same thread, and have e i=fork (t, t '), e j=threadinit (t '), then: e i< intere j;
V.Join: if movable e i, e jdo not belong to same thread, and have e i=threadexit (t '), e j=join (t, t '), then: e i< intere j;
Vi. (Lock) is locked: if movable e i, e ido not belong to same thread and e i=release (t, 1) e j=acquire (t ', 1), then: e i< intere j.
(3) life cycle callback Happens-Before relation (callbackmethod)
Activity:
i.onCreate()<cbonStart()<cbonResume();
ii.onResume()<cbonPause()[<cbonStop()];
iii.onStop()<cbonDestory();
iv.onStop()<cbonRestart()<cbonStart();
v.onPause()<cbonResume();
vi.onStop()<cbonCreate()。
Service
i.onCreate()<cbonStartCommand()<cbonDestory();
ii.onCreate()<cbonBind()<cbonUnbind()<cbonDestory()。
According to definition 1 and definition 3, we analyze and perform track and the activity in it that constructs unmodifiable Happens-Before set of relations < E, the R > that must meet.
Definition 4:<E, R> relation
Characterize the Happens-Before relation between Android activity, wherein E performs the movable <e in track 1, e 2..., e n>, R={<e j< e k| j, k ∈ [1, n] ∧ j ≠ k>}, e j< e kexpression activity is to (e j, e k) meet Android Parallel Semantics and movable e jprior to movable e koccur.
3rd step: the scheduling between the rationally change activity of usage forecastings analytical approach generates multiple execution track.
Perform track T=<e 1, e 2..., e n> is movable once scheduling, and due to the uncertainty that multithreading performs, each activity scheduling performed is all different.In single execution track, some activity must follow specific successively order relation, but can scheduling mode be changed between some read-write activity, that is: meeting on constant Android Parallel Semantics rule-based approach, variable active operation is rearranged, to obtain new activity scheduling, thus generate multiple execution track from single execution trajectory predictions, solution space widely can be detected thus.
Such as, to a variable v, thread 1 has first carried out read operation to it, then has carried out write operation (being designated as W1, R1); Thread 2 has equally also carried out read operation and write operation (being designated as W2, R2) to it.In once performing, we may only obtain a kind of scheduling mode (being designated as scheduling 1:W1, W2, R1, R2) to mutual between thread 1 and 2.But due to multithreading mutual between uncertainty, also may there is scheduling 2:W1, W2, R2, R1; Scheduling 3:W1, R1, W2, R2; Scheduling 4.... etc.
Anticipate method, is exactly based on constant Android Parallel Semantics rule, once performing on the basis of the scheduling 1 obtained, rationally changes interaction sequences between variable activity, predicting and generating multiple execution track.
4th step: according to Parallel Semantics rule (definition 3) and the Happens-Before set of relations (definition 4) of Android, application variables relaxes and path relaxation carries out constraint coding to all activities performed in track.
In traditional predictive method, require necessarily to equal the last value write this variable to the read value of same variable, because this constraint exists, impliedly be applied with constraint to reading " activity after same thread " and writing " activity before same thread ", but in fact such constraint condition is too strict, can cause failing to report of result.This kind of constraint between variable relaxes and to relax variable operant activity, improves accuracy.
Use O j, O jdeputy activity e i, e jappearance order, replace the possible value of program internal variable with symbolic execution technique.To the one scheduling R1 of a variable, W1, R2, W2, if use traditional predictive method, then W1, R2 will meet cross-thread Happens-Before relation, again according to Happens-Before rule in thread: (R1, W1), (R2, W2) and transitivity rule, can R1 be obtained, between W2 activity, there is Happens-Before relation.But under truth due to multithreading mutual between uncertainty, may there is data contention between R1, W2, original method will cause and fail to report.In the present invention, we are relaxed by variable and improve the accuracy of detection, and specific implementation is ensured by various constraint condition.
In the once execution of program, if run into branch's situation, then can only perform a wherein branch.Traditional anticipate method requires that former state performs, and cannot cover the defect hidden in other branch.We, by enforcing other branch to the negate of control statement branch condition value, are referred to as path relaxation.Because Android application program is event driven program, different events can cause the execution of different callback methods, and in order to detect Android application source program in all directions, we have also carried out path relaxation.
After completing the lax and path relaxation of above-mentioned variable, can obtain the execution track of multiple predictability, corresponding constraint condition is expressed as follows.
Variable bound (ValueConstraints): such as: representative certain variable in a program, wherein line number 1 represents position, the variable name in subscript y representation program, and W represents write operation, then this constraint representation: in the first row of program, and y variable is 3 by clear and definite assignment.Variable bound to be used in logging program variable by the operant activity of clear and definite assignment.
Control constraints (ControlConstraints): such as: represent certain variable in program, wherein line number 1 represents position, and subscript x represents variable name, and R represents read operation, then this constraint representation: in the first row of program, and the value of the x variable read is greater than 3.Control constraints constrains the trend of program, describes the controlled condition needing when program is run to follow.
Sequence constraints (OrderConstraints): in Android multithread programs between activity order relation one constraint.Such as, 2 movable e j, e jif meet the priority order relation R in definition 4, then use O i< O jrepresent.
Data contention constraint (RaceConstraints): the form of expression is O i=O j, wherein movable i, j belong to 2 different threads respectively, and operate (having a write operation at least) same variable, and two movable sequence constraints are equal, just represent that they can concurrence performance, meet the definition of data contention.
Cross-thread retrains alternately (Inter-threadConstraints): such as: the dispatch situation that representation program is movable different, expression equals the value write this variable in the first row to the value that variable x reads at the second row, and corresponding movable O 1prior to movable O 2occur, use or action link between multiple constraint like this.It is the one constraint of dispatching variable active in program that cross-thread retrains alternately.
5th step: institute's Constrained is put into constraint solver and solves, thus complete the detection of data contention.
The process that constraint solver solves feasible execution track is: substitute in constraint solver by all constraint condition in execution track after encoding, obtain solution space, solution space is all feasible execution track meeting constraint condition.Cataloged procedure converts the discernible form of solver to by conditional expression, and the conditional expression form that different solver needs is slightly different.
The present invention adopts Z3 solver.Z3 solver is a Statistical Model Theory (SatisfiabilityModuloTheories) solver developed by Microsoft Research, can be used for logarithm value type, Boolean type expression formula to carry out constraint solving.
Do concrete implementation below in conjunction with a real case MusicPlayer, the present invention is only for being applicable to this example.
MusicPlayer is an Android application program, and its function is down-load music and play music from website.Fig. 2 illustrates its code snippet, comprises two classes: DwFileAct class and FileDwTask class.DwFileAct inherits Activity, is an Activity assembly, provides the interface with user interactions, and wherein onPlayClick method makes user can click Play buttons play music.FileDwTask inherits AsyncTask class, and AsyncTask provides a kind of framework performing asynchronous task, makes FileDwTask can in the task of backstage executive chairman time down-load music.
The detailed process of this application program being carried out to data contention detection is as follows:
1. analyze Android Development Framework, in conjunction with its distinctive multithreading model, the former Android application program of pitching pile, dynamic operation obtains Android and performs track.
The activity of recording has: threadinit (t), threadexit (t), fork (t, s, t '), join (t, s, t '), wait (t), notify (t) or notifyAll (t), beginTask (t, p), endTask (t, p), touchEvent (t, e), acq (t, I), reI (t, I), read (t, m), write (t, m, value), post (t, p, t '), hasRuPower (t, p), detailed description can referring to definition 1.
Fig. 3 presents the execution path segment of MusicPlayer, and have 3 threads in figure, thread t0 represents system ActivityManagerService, for managing the assembly of Android application program; Thread t1 is main thread main, the DwFileAct namely in source code; Thread t2 represents the worker thread performing asynchronous task, the FileDwTask class namely in source code.In execution track, first main thread initializes, afterwards movable execution LAUNCH_ACTIVITY authority, after the notice of thread t0, perform LAUNCH_ACTIVITY task, then initialization object, carry out write operation, opened asynchronous thread by fork operation subsequently and perform inter-related task; Asynchronous thread have read DwFileAct-obj in Processing tasks, notifies that main thread performs onPostExecute task subsequently; Main thread performs onPostExecute task after receiving post; During this period, owing to performing LAUNCH_ACTIVITY, main thread has had the authority performing onDestroy task, all may perform onDestroy task in any moment subsequently.
2. the Happens-Before set of relations between tectonic activity.
The Parallel Semantics rule of Android is as follows:
1) Happens-Before rule in thread
Distribute in authorized appropriation rule (PowerPost-Intra), thread in sequence rules (Order-Intra), thread in thread and start transitive relation rule (Trans-Intra) in rule (PostBegin-Intra), task atomicity rule (TaskAtomic-Intra), thread.
2) cross-thread Happens-Before rule
Cross-thread right assignment rule (PowerPost-Inter), cross-thread distribute beginning rule (PostBegin-Inter), cross-thread delivery rules (Trans-Inter), Fork, Join, lock rule (Lock).
3) life cycle callback Happens-Before rule
Active rule (Activity)
Service regulation (Service)
Detailed description can referring to definition 3.The Happens-Before relation of structure MusicPlayer, summary record following (directly using line number deputy activity).
i.Order-Intra:
1<2<4<5<6<7<8
9<10<11<12
13<14<15<16
18<19<20
ii.PowerPost-Inter
2<3;7<17
iii.PostBegin-Inter
3<4;11<13;17<18
iv.Fork
6<9
v.Activitycallback
4<18
vi.TaskAtomic-Intra
8<18
3. analyze the Happens-Before set of relations performing track, the scheduling between the rationally change activity of usage forecastings method generates multiple execution track.As Fig. 3, here we can see that the 5th row, the 10th row, the 14th row, the 19th row have carried out obtaining operation to variable, are respectively application variables relaxes, and rearrange these activities, generate new scheduling mode, centre connects by OR operation.Therefore cross-thread retrains as follows alternately:
4. application variables relax and path relaxation to all activities that Fig. 3 performs in track carry out constraint encode
ValueConstraints: W dw 5 = false , W dw 19 = true .
OrderConstraints: see the 2nd step.
InterThreadConstraints: see the 3rd step.
ControlConstraints: empty.
RaceConstraints:5=10,5=14,10=19,14=19,5=19。Because active set shared variable DwFileAct-obj being carried out to write operation is { 5,19}, carrying out read operation set is { 10,14}, according to the definition of data contention, it is right that we can obtain 5 activities that may produce data contention: <5,10>, <5,14>, <10,19>, <14,19>, <5,19>.
5. solve constraint coding by constraint solver, complete the detection of data contention.
Institute's Constrained of the 4th step is put into z3 solver solve, under the constraint of 14=19 and 10=19 data contention, we obtain feasible solution, and other data contention constrains in solution space without feasible solution.
Analyze:
1. due to <5,6>, <6,9>, <9,10> is Happens-Before relation, according to the known <5 of transitivity, 10> also belongs to Happens-Before relation, so <5,10> can not cause data contention.
2. due to <5,10>, <10,11<, <11,13>, <13,14> is Happens-Before relation, and known <5,14> belong to Happens-Before relation, so <5,14> can not cause data contention.
3. due to <5,7>, <7,17>, <17,18>, <18,19> is Happens-Before relation, and known <5,19> belong to Happens-Before relation, so <5,19> can not cause data contention.
As fully visible, the inventive method is by single execution track, and usage forecastings analysis obtains multiple execution track and analyzes, and efficiency is high.Application variables is lax simultaneously carries out coding bound with path relaxation to execution route activity, reduces rate of false alarm.Thus the inventive method efficiently accurately can detect the data contention mistake in Android application program.

Claims (7)

1. the Android application data competition based on anticipate detects, it is characterized in that based on Android Development Framework and its multithreading model, pitching pile Android application program dynamic operation extracts single execution track, re-use anticipate to analyze execution track, construct the occurred sequence relation (Happens-Before) between its activity and the multiple execution track of prediction generation, to relax in conjunction with variable on this basis and path relaxation carries out constraint to all activities performed in track and encodes, finally put into the detection that constraint solver carries out having solved data contention.
2. the competition of the Android application data based on anticipate according to claim 1 detects, and it is characterized in that comprising the following steps:
1) according to Android Development Framework and its multithreading model, design pitching pile point and the activity that will record, pitching pile Android application source program, and Dynamic Execution obtains single execution track.
2) according to the Parallel Semantics rule of Android application program, structure performs the Happens-Before set of relations of track.
3) analyze the Happens-Before set of relations performing track, the scheduling between the rationally change activity of usage forecastings analytical approach, to generate multiple execution track.
4) constraint coding is carried out to all activities performed in track, and reduce rate of false alarm in conjunction with variable is lax with path relaxation.
5) solve constraint condition by constraint solver, complete the detection of data contention.
3. the competition of the Android application data based on anticipate according to claim 2 detects, it is characterized in that step 1) in, analyze Android Development Framework, in conjunction with its distinctive multithreading model, the former Android application program of pitching pile, dynamic operation performs track to obtain Android application.
Wherein, track T=<e is performed 1, e 2..., e n> is an active flow, for source program SourceAPK, thinks that each statement in it has carried out different operations, is called activity.Record is, the activity that may cause data contention relevant to concurrent wherein, comprising: the threading operation such as initialization, a unlatching thread of thread; The read-write operation of shared variable; The application releasing operation of lock collection; The mandate relevant to task, start, the operation such as end task.
4. the competition of the Android application data based on anticipate according to claim 2 detects, and it is characterized in that step 2) in, based on the Parallel Semantics rule of Android, the Happens-Before set of relations between tectonic activity.The Parallel Semantics rule of Android comprises rule (Intra-ThreadHappens-Before), cross-thread rule (Inter-ThreadHappens-Before), callback method rule (CallBackHappens-Before) in thread.
In thread, rule comprises: distribute in authorized appropriation (PowerPost-Intra) in sequence (Order-Intra), thread in thread, thread and start (PostBegin-Intra), task atomicity (TaskAtomic-Intra), movable transmission (Trans-Intra).
Cross-thread rule comprises: cross-thread authorized appropriation (PowerPost-Inter), cross-thread distribute beginning (PostBegin-Inter), cross-thread activity transitivity (Trans-Inter), Fork, Join, lock rule (Lock).
Callback method rule comprises: movable readjustment (activitycallback), service readjustment (servicecallback).
Happens-Before set of relations=<E, R>, wherein E performs the movable <e in track 1, e 2..., e n>, e j< e kexpression activity is to (e j, e k) meet Android Parallel Semantics and movable e jprior to movable e koccur.
5. the competition of the Android application data based on anticipate according to claim 2 detects, and it is characterized in that step 3) in, the scheduling between the rationally change activity of usage forecastings analytical approach generates multiple execution track.
Perform track T=<e 1, e 2..., e n> is movable once scheduling, and due to the uncertainty that multithreading performs, each activity scheduling performed is all different.In single execution track, some activity must follow specific successively order relation, but can scheduling mode be changed between some read-write activity, that is: meeting on constant Android Parallel Semantics rule-based approach, variable active operation is rearranged, to obtain new activity scheduling, thus generate multiple execution track from single execution trajectory predictions, solution space widely can be detected thus.
6. the competition of the Android application data based on anticipate according to claim 2 detects, and it is characterized in that step 4) in, application variables relaxes and path relaxation, to obtain the expression of some constraint condition.
In traditional predictive method, require that the read value of same variable necessarily equals the last value write this variable, because this constraint exists, impliedly be applied with constraint to reading " activity after same thread " and writing " activity before same thread ", but in fact such constraint condition is too strict, can cause failing to report of result.Loosen the constraint to this variable read-write, be referred to as variable and relax.
In the once execution of program, if run into branch's situation, then can only perform a wherein branch.Traditional anticipate method requires that former state performs, and cannot cover the defect hidden in other branch.By enforcing other branch to the negate of control statement branch condition value, be referred to as path relaxation.
After completing aforesaid operations, obtain the execution track of multiple predictability, generate some constraint condition accordingly, as follows.
Variable bound (ValueConstraints): the assignment concrete to variable retrains;
Control constraints (ControlConstraints): the controlled condition of branch statement is retrained;
Sequence constraints (OrderConstraints): Android Parallel Semantics is retrained;
Data contention constraint (RaceConstraints): the activity that data contention may occur is retrained;
Cross-thread activity scheduling constraint (Inter-threadActConstraints): by rearranging the read-write alignment constraints between same variable, multiple scheduling mode can be obtained, thus prediction generates multiple execution track.
7. the competition of the Android application data based on anticipate according to claim 2 detects, and it is characterized in that step 5) in, institute's Constrained is put into constraint solver and solves, thus complete the detection of data contention.Wherein, constraint solver adopts the Z3 solver of Microsoft, if there is solution, then shows to there is data contention problem in tested Android application program.
CN201510626507.2A 2015-09-25 2015-09-25 Android application program data contention detection based on predictability analysis Active CN105183655B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510626507.2A CN105183655B (en) 2015-09-25 2015-09-25 Android application program data contention detection based on predictability analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510626507.2A CN105183655B (en) 2015-09-25 2015-09-25 Android application program data contention detection based on predictability analysis

Publications (2)

Publication Number Publication Date
CN105183655A true CN105183655A (en) 2015-12-23
CN105183655B CN105183655B (en) 2017-12-12

Family

ID=54905747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510626507.2A Active CN105183655B (en) 2015-09-25 2015-09-25 Android application program data contention detection based on predictability analysis

Country Status (1)

Country Link
CN (1) CN105183655B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106294169A (en) * 2016-08-17 2017-01-04 华中科技大学 The detection of a kind of data contention based on semiology analysis virtual machine and playback method
CN106529304A (en) * 2016-10-27 2017-03-22 南京大学 Android application concurrent vulnerability detection system
CN106802866A (en) * 2017-01-23 2017-06-06 浙江大学 A kind of restoring method of the execution route of Android program
CN109885489A (en) * 2019-01-31 2019-06-14 清华大学 Data contention detection method and device in driver
CN110851353A (en) * 2019-10-22 2020-02-28 天津大学 Concurrent program defect positioning method based on Delta debug and constraint solution
CN111431737A (en) * 2020-03-02 2020-07-17 苏州市职业大学 Predictive method for detecting data competition in software defined network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077144A (en) * 2014-07-07 2014-10-01 西安交通大学 Data race detection and evidence generation method based on multithreaded program constraint building
CN104077226A (en) * 2014-07-07 2014-10-01 西安交通大学 Multithreaded program output uniqueness detection and evidence generation method based on program constraint building
CN104572445A (en) * 2014-12-17 2015-04-29 南京大学 Method for detecting BPEL (business process execution language) process data competition in Web service combination

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077144A (en) * 2014-07-07 2014-10-01 西安交通大学 Data race detection and evidence generation method based on multithreaded program constraint building
CN104077226A (en) * 2014-07-07 2014-10-01 西安交通大学 Multithreaded program output uniqueness detection and evidence generation method based on program constraint building
CN104572445A (en) * 2014-12-17 2015-04-29 南京大学 Method for detecting BPEL (business process execution language) process data competition in Web service combination

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ARUN K.RAJAGOPALAN: "《Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering》", 4 September 2015 *
ROBERT O"CALLAHAN等: "《Proceedings of the ninth ACM SIGPLAN symposium on Principles and practice of parallel programming 》", 30 June 2003 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106294169A (en) * 2016-08-17 2017-01-04 华中科技大学 The detection of a kind of data contention based on semiology analysis virtual machine and playback method
CN106294169B (en) * 2016-08-17 2018-08-03 华中科技大学 A kind of data contention detection and playback method based on semiology analysis virtual machine
CN106529304A (en) * 2016-10-27 2017-03-22 南京大学 Android application concurrent vulnerability detection system
CN106529304B (en) * 2016-10-27 2019-06-14 南京大学 A kind of Android applies concurrent leakage location
CN106802866A (en) * 2017-01-23 2017-06-06 浙江大学 A kind of restoring method of the execution route of Android program
CN106802866B (en) * 2017-01-23 2019-12-10 浙江大学 method for restoring execution path of Android program
CN109885489A (en) * 2019-01-31 2019-06-14 清华大学 Data contention detection method and device in driver
CN109885489B (en) * 2019-01-31 2020-07-21 清华大学 Data race detection method and device in driver
CN110851353A (en) * 2019-10-22 2020-02-28 天津大学 Concurrent program defect positioning method based on Delta debug and constraint solution
CN110851353B (en) * 2019-10-22 2023-03-31 天津大学 Concurrent program defect positioning method based on Delta debug and constraint solution
CN111431737A (en) * 2020-03-02 2020-07-17 苏州市职业大学 Predictive method for detecting data competition in software defined network

Also Published As

Publication number Publication date
CN105183655B (en) 2017-12-12

Similar Documents

Publication Publication Date Title
Xu et al. Krace: Data race fuzzing for kernel file systems
CN105183655A (en) Android application program data race detection based on predictability analysis
Cai et al. MagicFuzzer: Scalable deadlock detection for large-scale applications
Wang et al. Coverage guided systematic concurrency testing
Tan et al. Visual, log-based causal tracing for performance debugging of mapreduce systems
Böhme STADS: Software testing as species discovery
US9792161B2 (en) Maximizing concurrency bug detection in multithreaded software programs
Farzan et al. Predicting null-pointer dereferences in concurrent programs
CN109635568B (en) Concurrent vulnerability detection method based on combination of static analysis and fuzzy test
CN101639803A (en) Exception handling method and exception handling device for multithread application system
Belli et al. Event-oriented, model-based GUI testing and reliability assessment—approach and case study
EP2713277B1 (en) Latent defect identification
Theelen et al. Model checking of scenario-aware dataflow with CADP
Long et al. Mutation-based exploration of a method for verifying concurrent Java components
Ehlers Self-adaptive performance monitoring for component-based software systems
Bradbury et al. Defining a catalog of programming anti-patterns for concurrent java
JP4997144B2 (en) Multitask processing apparatus and method
Nikolaidis et al. Event-Driven Testing For Edge Applications
Wang et al. Tracking runtime concurrent dependences in java threads using thread control profiling
de Matos Pedro Dynamic contracts for verification and enforcement of real-time systems properties
Duttagupta et al. Software bottleneck analysis during performance testing
Chang et al. Transformation from activity diagrams with time properties to Timed Coloured Petri Nets
Taheri ANALYSIS AND DEBUGGING TOOLS FOR CONCURRENT PROGRAMS
Alvarado et al. Realizing energy-efficient thread affinity configurations with supervised learning
Sun et al. XGBoost Dynamic Detection for Data Race in Multithreaded Programs

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant