Concurrency-Focused Dynamic Analysis

Presented as part of the 2013 HCSS conference.

ABSTRACT:

Android programmers are often surprised by unexpected outcomes resulting from the weak memory model implemented by the ARM processors. The weak memory model is an unavoidable consequence of the more aggressive pipeline reorderings used in ARM to enhance execution efficiency. While the reorderings are meaning-preserving in purely single-threaded executions, bad outcomes can often result when there are multiple threads sharing data.Correct use of concurrency is not assured by the Android SDK, and Java programs that seem to execute correctly on x86 chips may fail on ARM chips, surprising Android programmers. This is because some programs that fail to respect the Java Memory Model may nonetheless give correct results on x86 chips. In other words, while the concurrency challenges in standard Java and Android are
similar, the differences in hardware place Android developers in more peril.

We present our work in concurrency-focused dynamic analysis technology and describe its role in developing and evaluating mobile applications for safety and security. We show how a concurrency-focused dynamic analysis tool can help Java and Android programmers understand their program's behavior with regard to shared state, lock use and ordering, and happens-before events as defined by the Java Memory Model. We present our experiences with the tool on Android applications taken from "the wild," noting differences between the Android

environment and standard Java. We also discuss the tool's internal design, including sources of efficiency and how it can be tailored to support ongoing monitoring in operations. Finally, we discuss the integration of the tool into developer/evaluator workflow, including design considerations for efficient user experience and the role of dynamic analysis in informing sound static analysis to verify correct use of locks, threads, thread confinement, etc. 

BIO:

Tim Halloran is a software engineer with over two decades of experience developing and maintaining government and military software systems for the U.S. Air Force, NATO, and industry. His experience includes simulation, weapon system test analysis, and airborne command and control software systems. He has led several development teams in efforts to modernize large (above 1 million LOC) legacy systems—redeveloping operational software systems using modern software and hardware technology while at the same time enhancing the system to support current operational requirements.

Halloran is currently the Director of Engineering at SureLogic, Inc.—a small company that produces state-of-the art program analysis tools. He holds a Ph.D. in Software Engineering from the School of Computer Science at Carnegie Mellon University, an M.S. in Computer Engineering from the Air Force Institute of Technology, and a B.S. from the U.S. Air Force Academy. His research interest is in practical artifact analysis—direct positive assurance of software properties by the examination of a system’s code. In addition, he has studied the portal tools and techniques used to enable distributed collaborative software development by successful open source projects. He has published papers on open source software practice and program analysis. He has been a technical reviewer on several books, including Effective Java by Joshua Bloch.