Case Study on Message Races in Data Distribution Service ... - SERSC

Download PDF
5 downloads 23243 Views 513KB Size Report
Comment
program. Figure 4 is an example of a message race. In the figure, P1, P2, and P3 refer to ..... Ok-Kyoon Ha, He received the BS degree in Computer Science.
International Journal of Software Engineering and Its Applications Vol. 10, No. 3 (2016), pp. 95-106 http://dx.doi.org/10.14257/ijseia.2016.10.3.09

Case Study on Message Races in Data Distribution Service Programs Hyun-Ji Kim1, Ok-Kyoon Ha2, Yong-Kee Jun2, and Hee-Dong Park3* 1

2

AeroMaster Corporation, Republic of Korea Department of Informatics, Gyeongsang National University, Republic of Korea 3 Department of IT, Joongbu University, Republic of Korea [email protected], {jassmin, jun}@gnu.ac.kr, [email protected] Abstract

Data Distribution Service (DDS) is a dependable communication middleware architecture to provide real-time interoperable data exchanges for airborne software. It is important to efficiently detect message races for debugging DDS programs, because it is the most serious type of software faults. Because message races in DDS cause unpredictable results, they must be detected for debugging. However, there has been no report yet on the existence and its confirmation of unintended message races in DDS programs. This paper empirically presents fault cases how it lead to message races on the different order of events. In order to prove it, we show four cases of message races considering the order of two write events and the quality of service (QoS), which lead to nondeterministic results. Keywords: Data distribution service (DDS), concurrent faults, message races, DDS applications

1. Introduction Data Distribution Service (DDS) [1-4] is a dependable communication middleware for distributed systems released by Object Management Group (OMG) [5,6], and is a standard to provide real-time interoperable data exchanges for publish/subscribe programming model [7]. DDS provides a simple way to make a complex data flow with creating a communication architecture. However, the strict data communication in DDS may lead to concurrent faults, such as message races, between publishers and subscribes. Message races [8-12] are the most serious class of concurrent faults which occur when two or more messages are transmitted to a waiting receive event on a communication channel and their arrival order is not guaranteed. Because message races in DDS cause unpredictable results, they must be detected for debugging. According to a prior work, Pardo-Castellote [13] mentioned that there is an increased complexity to implement a safe data communication since an event on a thread does not guarantee the sequence to read messages released by other threads in a same participant. Mutschler and Philippsen [14] say that DDS causes out-of-order events and cannot fix the order of events, but it is possible to rearrange their order through EBS‟s event detector. However, there has been no report yet on the existence and its confirmation of unintended message races in DDS programs. Therefore, it is necessary to prove that races may occur due to out-of-events in DDS programs and the races refer to not data races but message races. This is because it is difficult to locate races because they do not occur in every execution of DDS programs.

*

Corresponding author

ISSN: 1738-9984 IJSEIA Copyright ⓒ 2016 SERSC

International Journal of Software Engineering and Its Applications Vol. 10, No. 3 (2016)

P1

W

P2

P3

W R

Figure 1. An Example of Message Races This unintended message race is the most difficult and serious software fault, and it takes at least days or sometimes months to debug them. If it is proved that there are message races, then it is required to develop technology and tools to detect and remove them. This paper demonstrates the presence of message races by experiment. In order to prove it, we show four cases of message races considering the order of two write events and the quality of service (QoS), which lead to nondeterministic results. The remainder of this paper is organized as follows. Section 2 provides background for understanding our work. In Section 3 and Section 4, we present our own findings on the cases of massage races on DDS. Finally, we conclude our paper and give directions for future work in Section 5.

2. Background Transmitting information anonymously and asynchronously is a common requirement for split applications such as controlling system, sensor network, and industrial automation system. DDS, made by Object Management Group (OMG) [5,6], is a publishsubscribe data distribution middleware, which provides a data-centric publish-subscribe standard. During the data exchange in DDS programs, unintended races may occur because of network delay or a mistake by the programmer. Unintended races must be detected and removed for debugging DDS programs, because they are the most difficult software fault, which can cause serious consequences. This section introduces DDS and message races, and explains their importance and risks. 2.1. Data Distribution Service It is essential to construct information exchange platform between modules in the publish-subscribe (PS) system. The PS model connects publisher and subscriber anonymously. The system consists of multiple processes, which are executed in the separated address space of different computers. Each process is called participant, and a participant publishes and subscribes information at the same time through Global Data Space (GDS). Figure 2 illustrates a communication model using GDS. Exchanging data in DDS programs employs following entities:

96

Copyright ⓒ 2016 SERSC

International Journal of Software Engineering and Its Applications Vol. 10, No. 3 (2016)

Figure 2. DDS Communication Model  GDS.

DomainParticipant allows to connect applications into DDS Domain, such as

 Topic is a string to control the object group in GDS. A topic consists of name and data type, and connects data related by QoS. 

Publisher is an object to release data considering data types.

 Subscriber is an object to receive data released by publishers. They make to use the data for participants. 

DataWriter defines a value of data considering a data type.



DataReader reads a required data considering a data type.



QoS Policy is a rule to configure a DDS system.

 Listener is an object to identify the events of applications, such as new publishers and data.

Figure 3. Object Model for DDS Figure 3 illustrates a situation that two participants publish and subscribe data based on GDS using a topic in a domain. A participant with publisher uses datawriter to publish data in GDS by writing it in topic, and then a participant with subscriber uses datareader to read data-instance stored in topic and subscribes the message it wants. The topic refers to atomically swapping information unit between publisher and subscriber, and consists of

Copyright ⓒ 2016 SERSC

97

International Journal of Software Engineering and Its Applications Vol. 10, No. 3 (2016)

instances that are several specific data. Publisher or subscriber can use listener, which reports information when a new publisher/subscriber appears or new data are received. DDS uses Quality of Service (QoS) to meet the requirements of applications, and QoS makes service to do what it is given to do. The participants that share the same topic must use the same QoS, through which they can control the process of exchanging messages. When different participants access GDS to exchange data in DDS programs, they publish and subscribe the data they want without chronological order, which may result in message races. P1

W

P2

R

R

P3

P1

W W

P2

R

P3 W

R

Figure 4. A Message Race in DDS 2.2. Message Races In message-passing parallel programs widely used in parallel computers, message race is one of the serious concurrency bugs. Message race may occur when two or more participants send messages over a same communication channel without guaranteeing the order of their arrivals. Message races must be detected for debugging DDS programs because their nondeterministic arrival leads to unintended nondeterministic results of the program. Figure 4 is an example of a message race. In the figure, P1, P2, and P3 refer to parallel processes, circles on the processes mean send/receive events, and arrows refer to transferring messages. P1 sends the message „x=0‟ to P2, and P3 sends the message „x=1‟ to P2 while P2 receives these messages from P1 and P3 in the order they arrive. In the receive event r of P2, a message race may occur, because the order relation between messages of P1 and P3 is not guaranteed. Mutschler and Philippsen [14] say that DDS causes out-of-order events and cannot fix the order of events, but it is possible to rearrange their order through EBS‟s event detector. However, there has been no report yet on the existence and its confirmation of unintended message races in DDS programs.

3. Experiment of Message Races without QoS To prove the presence of unintended message races in DDS programs, we experiment on every case where message races may occur depending on the arrival order of w to find out all cases lead to nondeterministic results. There may be two types of unintended message races depending on which w occurs earlier. In this section, we check and compare the read values of r based on the order of w for the two types. For this experiment, we suppose that there are two publishers and a subscriber. The publishers include their own datawriter to send a message defined by w and the subscriber includes its own datareader to receive a message denoted by r. In our experiments, we redefine w events as wp1 for publisher1 and wp2 for publisher2, and r event as rs for subscriber. wp1 and wp2 send messages to rs, and their arrival order is not guaranteed, which may lead to unintended message races. Figure 5 is an example of message races without QoS. In the figure, wp1 sends the message 'hello' to rs and wp2 sends the message 'world' to rs. In this case, rs reads either „hello‟ or „world‟ depending on the order they

98

Copyright ⓒ 2016 SERSC

International Journal of Software Engineering and Its Applications Vol. 10, No. 3 (2016)

arrive because the arrival order is not guaranteed. Therefore, the experiment shows unintended results, indicating that message races may occur.

Pub1

Sub

Pub2

R

W

W

R : ‘hello’ or ‘world’ Figure 5. An Example of Message Races without QoS 3.1. Two Cases of Message Races in DDS Program 3.1.1. wp2→rs after wp1→rs case: In Figure 6 (a), r s reads the message „hello‟ that wp1 sends and then the other message „world‟ that w p2 sends. This is because when wp1 and wp2 send the messages, „hello‟ is stored earlier than „world in the queue. Figure 6 and Figure 8 display program codes of publisher 1 and publisher 2 respectively, which transmit messages to a subscriber at the same time, while Figure 7 shows a program code of the subscriber. In Figure 6 and Figure 8, the string data „hello‟ and „world‟ to be sent are stored in the line 2 respectively, and each message to be sent to the subscriber is published in the line 10. In Figure 7, the message that the subscriber receives first is subscribed in the line 7 by calling the callback function. The received message is printed in the lines 12 to 14. In this experiment, the subscriber receives the message „hello‟ of publisher 1 in advance. 01: … 02: char A[5] = {'H','e','l','l','o'}; 03: … 04: int main( ) { 05: … 06: for(i=0;i