research-article

Detecting atomicity violations for event-driven Node.js applications

Authors:

Xiaoning Chang,

Tao HuangAuthors Info & Claims

ICSE '19: Proceedings of the 41st International Conference on Software Engineering

Pages 631 - 642

https://doi.org/10.1109/ICSE.2019.00073

Published: 25 May 2019 Publication History

Abstract

Node.js has been widely-used as an event-driven server-side architecture. To improve performance, a task in a Node.js application is usually divided into a group of events, which are non-deterministically scheduled by Node.js. Developers may assume that the group of events (named atomic event group) should be atomically processed, without interruption. However, the atomicity of an atomic event group is not guaranteed by Node.js, and thus other events may interrupt the execution of the atomic event group, break down the atomicity and cause unexpected results. Existing approaches mainly focus on event race among two events, and cannot detect high-level atomicity violations among a group of events. In this paper, we propose NodeAV, which can predictively detect atomicity violations in Node.js applications based on an execution trace. Based on happens-before relations among events in an execution trace, we automatically identify a pair of events that should be atomically processed, and use predefined atomicity violation patterns to detect atomicity violations. We have evaluated NodeAV on real-world Node.js applications. The experimental results show that NodeAV can effectively detect atomicity violations in these Node.js applications.

References

[1]

"Node.js Foundation." {Online}. Available: https://nodejs.org/en/.

[2]

"Tracking the Explosive Growth of Open-Source Software." {Online}. Available: https://techcrunch.com/2017/04/07/tracking-the-explosive-growth-of-open-source-software/.

[3]

"The npm Repository." {Online}. Available: https://www.npmjs.com/.

[4]

"Node.js in PayPal." {Online}. Available: https://www.paypal-engineering.com/2013/11/22/node-js-at-paypal/.

[5]

"Node.js in LinkedIn." {Online}. Available: https://venturebeat.com/2011/08/16/linkedin-node/.

[6]

"Node.js in Yahoo." {Online}. Available: https://yahooeng.tumblr.com/node.

[7]

"Node.js in Mozila." {Online}. Available: https://medium.com/mozilla-tech/mozilla-and-node-js-33c13e29beb1.

[8]

J. Wang et al., "A Comprehensive Study on Real World Concurrency Bugs in Node.js," in Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), 2017, pp. 520--531.

Digital Library

[9]

J. Davis, A. Thekumparampil, and D. Lee, "Node. fz: Fuzzing the Server-Side Event-Driven Architecture," in Proceedings of the 12th European Conference on Computer Systems (EuroSys), 2017, pp. 145--160.

Digital Library

[10]

S. Lu, J. Tucek, F. Qin, and Y. Zhou, "AVIO: Detecting Atomicity Violations via Access-Interleaving Invariants," in Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2006, pp. 37--48.

Digital Library

[11]

S. Park, S. Lu, and Y. Zhou, "CTrigger: Exposing Atomicity Violation Bugs from Their Hiding Places," in Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2009, pp. 25--36.

Digital Library

[12]

B. Lucia, J. Devietti, K. Strauss, and L. Ceze, "Atom-Aid: Detecting and Surviving Atomicity Violations," in Proceedings of the 35th Annual International Symposium on Computer Architecture (ISCA), 2008, pp. 277--288.

Digital Library

[13]

G. Upadhyaya, S. P. Midkiff, and V. S. Pai, "Automatic Atomic Region Identification in Shared Memory SPMD Programs," in Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA), 2010, pp. 652--670.

Digital Library

[14]

C.-H. Hsiao et al., "Race Detection for Event-Driven Mobile Applications," in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2014, pp. 326--336.

Digital Library

[15]

P. Maiya, A. Kanade, and R. Majumdar, "Race Detection For Android Applications," in Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2014, pp. 316--325.

Digital Library

[16]

S. Hong, Y. Park, and M. Kim, "Detecting Concurrency Errors in Client-Side Java Script Web Applications," in Proceedings of the 17th International Conference on Software Testing, Verification and Validation (ICST), 2014, pp. 61--70.

Digital Library

[17]

B. Petrov, M. Vechev, M. Sridharan, and J. Dolby, "Race Detection for Web Applications," in Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2012, pp. 251--262.

Digital Library

[18]

G. Safi, A. Shahbazian, W. G. J. Halfond, and N. Medvidovic, "Detecting Event Anomalies in Event-Based Systems," in Proceedings of the 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE), 2015, pp. 25--37.

Digital Library

[19]

S. Artzi, J. Dolby, S. H. Jensen, A. Moller, and F. Tip, "A Framework for Automated Testing of JavaScript Web Applications," in Proceedings of the 33rd International Conference on Software Engineering (ICSE), 2011, pp. 571--580.

Digital Library

[20]

P. Bielik, V. Raychev, and M. Vechev, "Scalable Race Detection for Android Applications," in Proceedings of the ACM SIGPLAN International Conference on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2015, pp. 332--348.

Digital Library

[21]

Y. Hu, I. Neamtiu, and A. Alavi, "Automatically Verifying and Reproducing Event-Based Races in Android Apps," in Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA), 2016, pp. 377--388.

Digital Library

[22]

"Seven Event Queues in Node.js." {Online}. Available: https://nodejs.org/en/docs/guides/event-loop-timers-and-nexttick/.

[23]

"A Node.js Application: Change Propagation." {Online}. Available: https://github.com/wikimedia/change-propagation.

[24]

"No.84 Issue in Change Propagation." {Online}. Available: https://github.com/wikimedia/change-propagation/pull/84.

[25]

"Promises." {Online}. Available: https://www.promisejs.org/.

[26]

"Libuv." {Online}. Available: https://github.com/libuv/libuv.

[27]

"Standard Built-in Objects." {Online}. Available: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects.

[28]

M. C. Loring, M. Marron, and D. Leijen, "Semantics of Asynchronous JavaScript," in Proceedings of the 13th ACM SIGPLAN International Symposium on on Dynamic Languages (DLS), 2017, pp. 51--62.

Digital Library

[29]

"Async Hooks." {Online}. Available: https://nodejs.org/api/async_hooks.html.

[30]

K. Sen, S. Kalasapur, T. Brutch, and S. Gibbs, "Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript," in Proceedings of the 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE), 2013, pp. 488--498.

Digital Library

[31]

"Cloc: count lines of code." {Online}. Available: https://github.com/AlDanial/cloc.

[32]

"Net - Node.js v11.7.0 Documentation." {Online}. Available: https://nodejs.org/api/net.html#net_socket_destroy_exception.

[33]

"A race condition _log() while closing the endpoint." {Online}. Available: https://github.com/michaelwittig/node-logger-file/issues/5.

[34]

"A race condtion logging a file while rolling a file." {Online}. Available: https://github.com/michaelwittig/node-logger-file/issues/4.

[35]

"A race condition invalidateToken while authenticating a request." {Online}. Available: https://github.com/telefonicaid/fiware-pep-steelskin/issues/412.

[36]

Q. Gao, W. Zhang, Z. Chen, M. Zheng, and F. Qin, "2ndStrike: Toward Manifesting Hidden Concurrency Typestate Bugs," in Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2011, pp. 239--250.

Digital Library

[37]

C. Flanagan and S. N. Freund, "FastTrack: Efficient and Precise Dynamic Race Detection," Acm Sigplan Not., vol. 44, no. 6, pp. 121--133, 2009.

Digital Library

[38]

S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T. Anderson, "Eraser: A Dynamic Data Race Detector for Multithreaded Programs," ACM Trans. Comput. Syst., vol. 15, no. 4, pp. 391--411, 1997.

Digital Library

[39]

C. Flanagan and S. N. Freund, "Atomizer: A Dynamic Atomicity Checker for Multithreaded Programs," in Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2004, pp. 256--267.

Digital Library

[40]

P. Maiya and A. Kanade, "Efficient Computation of Happens-Before Relation for Event-Driven Programs," in Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2017, pp. 102--112.

Digital Library

[41]

Y. Hu and I. Neamtiu, "Static Detection of Event-based Races in Android Apps," in Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2018, pp. 257--270.

Digital Library

[42]

V. Raychev, M. Vechev, and M. Sridharan, "Effective Race Detection for Event-Driven Programs," in Proceedings of the ACM SIGPLAN International Conference on Object Oriented Programming, Systems, Languages, & Applications (OOPSLA), 2013, pp. 151--166.

Digital Library

[43]

W. Wang, Y. Zheng, P. Liu, L. Xu, X. Zhang, and P. Eugster, "ARROW: Automated Repair of Races on Client-Side Web Pages," in Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA), 2016, pp. 201--212.

Digital Library

[44]

D. Bonetta, L. Salucci, S. Marr, and W. Binder, "GEMs: Shared-Memory Parallel Programming for Node.js," in Proceedings of ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, & Applications (OOPSLA), 2016, pp. 531--547.

Digital Library

[45]

M. Madsen, F. Tip, and O. Lhoták, "Static Analysis of Event-Driven Node.js JavaScript Applications," Acm Sigplan Not., vol. 50, no. 10, pp. 505--519, 2015.

Digital Library

[46]

J. Davis, G. Kildow, and D. Lee, "The Case of the Poisoned Event Handler: Weaknesses in the Node.js Event-Driven Architecture," in Proceedings of the European Workshop on Systems Security (EuroSec), 2017, pp. 1--6.

Digital Library

[47]

A. Ojamaa and K. Düüna, "Assessing the Security of Node. js Platform," in Proceedings of the International Conference for Internet Technology and Secured Transactions (ICITST), 2012, pp. 348--355.

[48]

C.-A. Staicu, M. Pradel, and B. Livshits, "Understanding and Automatically Preventing Injection Attacks on Node.js," in Proceedings of Network and Distributed Systems Security (NDSS), 2018.

Cited By

Yu BTian CXing HYang ZSu JLu XYang JZhao LLi XDuan ZChandra SBlincoe KTonella P(2023)Detecting Atomicity Violations in Interrupt-Driven Programs via Interruption Points Selecting and Delayed ISR-TriggeringProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616276(1153-1164)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616276
Li CChen RWang BWang ZYu TJiang YGu BYang MJust RFraser G(2023)An Empirical Study on Concurrency Bugs in Interrupt-Driven Embedded SoftwareProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598140(1345-1356)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598140
Zhou JXu LLu GZhang WZhang XJust RFraser G(2023)NodeRT: Detecting Races in Node.js Applications PracticallyProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598139(1332-1344)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598139
Show More Cited By

Recommendations

NodeRT: Detecting Races in Node.js Applications Practically
ISSTA 2023: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis

Node.js has become one of the most popular development platforms due to its superior concurrency support. However, races induced by the nondeterministic execution order of event handlers may occur in Node.js applications, causing serious runtime ...
A comprehensive study on real world concurrency bugs in Node.js
ASE '17: Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering

Node.js becomes increasingly popular in building server-side JavaScript applications. It adopts an event-driven model, which supports asynchronous I/O and non-deterministic event processing. This asynchrony and non-determinism can introduce intricate ...
Race detection for event-driven Node.js applications
ASE '21: Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering

Node.js has become a widely-used event-driven architecture for server-side and desktop applications. Node.js provides an effective asynchronous event-driven programming model, and supports asynchronous tasks and multi-priority event queues. Unexpected ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '19: Proceedings of the 41st International Conference on Software Engineering

May 2019

1318 pages

General Chair:
Joanne M. Atlee
University of Waterloo, Canada
,
Program Chairs:
Tevfik Bultan
University of California, Santa Barbara
,
Jon Whittle
Monash University, Australia

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS: Computer Society

Publisher

IEEE Press

Publication History

Published: 25 May 2019

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '19

Sponsor:

SIGSOFT
IEEE-CS

ICSE '19: 41st International Conference on Software Engineering

May 25 - 31, 2019

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
237
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)1

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yu BTian CXing HYang ZSu JLu XYang JZhao LLi XDuan ZChandra SBlincoe KTonella P(2023)Detecting Atomicity Violations in Interrupt-Driven Programs via Interruption Points Selecting and Delayed ISR-TriggeringProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616276(1153-1164)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616276
Li CChen RWang BWang ZYu TJiang YGu BYang MJust RFraser G(2023)An Empirical Study on Concurrency Bugs in Interrupt-Driven Embedded SoftwareProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598140(1345-1356)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598140
Zhou JXu LLu GZhang WZhang XJust RFraser G(2023)NodeRT: Detecting Races in Node.js Applications PracticallyProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598139(1332-1344)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598139
Li CChen RWang BYu TGao DYang MRyu SSmaragdakis Y(2022)Precise and efficient atomicity violation detection for interrupt-driven programs via staged path pruningProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534412(506-518)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534412
Wang TXu QChang XDou WZhu JXie JDeng YYang JYang JWei JHuang TDwyer MDamian DZeller A(2022)Characterizing and detecting bugs in WeChat mini-programsProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510114(363-375)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510114
Tominaga EArahori YGondow KHung CHong JBechini ASong E(2021)DiverJSProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3442049(1768-1777)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3442049

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents