Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #define DEBUG true // STOPSHIP if true |
| 18 | #include "Log.h" |
| 19 | |
| 20 | #include "AnomalyTracker.h" |
Bookatz | 8f2f3d8 | 2017-12-07 13:53:21 -0800 | [diff] [blame] | 21 | #include "guardrail/StatsdStats.h" |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 22 | |
Bookatz | d1fd242 | 2017-11-22 15:21:03 -0800 | [diff] [blame] | 23 | #include <android/os/IIncidentManager.h> |
| 24 | #include <android/os/IncidentReportArgs.h> |
| 25 | #include <binder/IServiceManager.h> |
Bookatz | 8fcd09a | 2017-12-18 13:01:10 -0800 | [diff] [blame] | 26 | #include <statslog.h> |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 27 | #include <time.h> |
| 28 | |
| 29 | namespace android { |
| 30 | namespace os { |
| 31 | namespace statsd { |
| 32 | |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 33 | // TODO: Get rid of bucketNumbers, and return to the original circular array method. |
Bookatz | 8f2f3d8 | 2017-12-07 13:53:21 -0800 | [diff] [blame] | 34 | AnomalyTracker::AnomalyTracker(const Alert& alert, const ConfigKey& configKey) |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 35 | : mAlert(alert), |
Bookatz | 8f2f3d8 | 2017-12-07 13:53:21 -0800 | [diff] [blame] | 36 | mConfigKey(configKey), |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 37 | mNumOfPastBuckets(mAlert.number_of_buckets() - 1) { |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 38 | VLOG("AnomalyTracker() called"); |
| 39 | if (mAlert.number_of_buckets() <= 0) { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 40 | ALOGE("Cannot create AnomalyTracker with %lld buckets", |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 41 | (long long)mAlert.number_of_buckets()); |
| 42 | return; |
| 43 | } |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 44 | if (!mAlert.has_trigger_if_sum_gt()) { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 45 | ALOGE("Cannot create AnomalyTracker without threshold"); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 46 | return; |
| 47 | } |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 48 | resetStorage(); // initialization |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 49 | } |
| 50 | |
| 51 | AnomalyTracker::~AnomalyTracker() { |
| 52 | VLOG("~AnomalyTracker() called"); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 53 | } |
| 54 | |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 55 | void AnomalyTracker::resetStorage() { |
| 56 | VLOG("resetStorage() called."); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 57 | mPastBuckets.clear(); |
| 58 | // Excludes the current bucket. |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 59 | mPastBuckets.resize(mNumOfPastBuckets); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 60 | mSumOverPastBuckets.clear(); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 61 | } |
| 62 | |
| 63 | size_t AnomalyTracker::index(int64_t bucketNum) const { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 64 | return bucketNum % mNumOfPastBuckets; |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 65 | } |
| 66 | |
| 67 | void AnomalyTracker::flushPastBuckets(const int64_t& latestPastBucketNum) { |
| 68 | VLOG("addPastBucket() called."); |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 69 | if (latestPastBucketNum <= mMostRecentBucketNum - mNumOfPastBuckets) { |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 70 | ALOGE("Cannot add a past bucket %lld units in past", (long long)latestPastBucketNum); |
| 71 | return; |
| 72 | } |
| 73 | |
| 74 | // The past packets are ancient. Empty out old mPastBuckets[i] values and reset |
| 75 | // mSumOverPastBuckets. |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 76 | if (latestPastBucketNum - mMostRecentBucketNum >= mNumOfPastBuckets) { |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 77 | mPastBuckets.clear(); |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 78 | mPastBuckets.resize(mNumOfPastBuckets); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 79 | mSumOverPastBuckets.clear(); |
| 80 | } else { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 81 | for (int64_t i = std::max(0LL, (long long)(mMostRecentBucketNum - mNumOfPastBuckets + 1)); |
| 82 | i <= latestPastBucketNum - mNumOfPastBuckets; i++) { |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 83 | const int idx = index(i); |
| 84 | subtractBucketFromSum(mPastBuckets[idx]); |
| 85 | mPastBuckets[idx] = nullptr; // release (but not clear) the old bucket. |
| 86 | } |
| 87 | } |
| 88 | |
| 89 | // It is an update operation. |
| 90 | if (latestPastBucketNum <= mMostRecentBucketNum && |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 91 | latestPastBucketNum > mMostRecentBucketNum - mNumOfPastBuckets) { |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 92 | subtractBucketFromSum(mPastBuckets[index(latestPastBucketNum)]); |
| 93 | } |
| 94 | } |
| 95 | |
| 96 | void AnomalyTracker::addPastBucket(const HashableDimensionKey& key, const int64_t& bucketValue, |
| 97 | const int64_t& bucketNum) { |
| 98 | flushPastBuckets(bucketNum); |
| 99 | |
| 100 | auto& bucket = mPastBuckets[index(bucketNum)]; |
| 101 | if (bucket == nullptr) { |
| 102 | bucket = std::make_shared<DimToValMap>(); |
| 103 | } |
| 104 | bucket->insert({key, bucketValue}); |
| 105 | addBucketToSum(bucket); |
| 106 | mMostRecentBucketNum = std::max(mMostRecentBucketNum, bucketNum); |
| 107 | } |
| 108 | |
| 109 | void AnomalyTracker::addPastBucket(std::shared_ptr<DimToValMap> bucketValues, |
| 110 | const int64_t& bucketNum) { |
| 111 | VLOG("addPastBucket() called."); |
| 112 | flushPastBuckets(bucketNum); |
| 113 | // Replace the oldest bucket with the new bucket we are adding. |
| 114 | mPastBuckets[index(bucketNum)] = bucketValues; |
| 115 | addBucketToSum(bucketValues); |
| 116 | mMostRecentBucketNum = std::max(mMostRecentBucketNum, bucketNum); |
| 117 | } |
| 118 | |
| 119 | void AnomalyTracker::subtractBucketFromSum(const shared_ptr<DimToValMap>& bucket) { |
| 120 | if (bucket == nullptr) { |
| 121 | return; |
| 122 | } |
| 123 | // For each dimension present in the bucket, subtract its value from its corresponding sum. |
| 124 | for (const auto& keyValuePair : *bucket) { |
| 125 | auto itr = mSumOverPastBuckets.find(keyValuePair.first); |
| 126 | if (itr == mSumOverPastBuckets.end()) { |
| 127 | continue; |
| 128 | } |
| 129 | itr->second -= keyValuePair.second; |
| 130 | // TODO: No need to look up the object twice like this. Use a var. |
| 131 | if (itr->second == 0) { |
| 132 | mSumOverPastBuckets.erase(itr); |
| 133 | } |
| 134 | } |
| 135 | } |
| 136 | |
| 137 | void AnomalyTracker::addBucketToSum(const shared_ptr<DimToValMap>& bucket) { |
| 138 | if (bucket == nullptr) { |
| 139 | return; |
| 140 | } |
| 141 | // For each dimension present in the bucket, add its value to its corresponding sum. |
| 142 | for (const auto& keyValuePair : *bucket) { |
| 143 | mSumOverPastBuckets[keyValuePair.first] += keyValuePair.second; |
| 144 | } |
| 145 | } |
| 146 | |
| 147 | int64_t AnomalyTracker::getPastBucketValue(const HashableDimensionKey& key, |
| 148 | const int64_t& bucketNum) const { |
| 149 | const auto& bucket = mPastBuckets[index(bucketNum)]; |
| 150 | if (bucket == nullptr) { |
| 151 | return 0; |
| 152 | } |
| 153 | const auto& itr = bucket->find(key); |
| 154 | return itr == bucket->end() ? 0 : itr->second; |
| 155 | } |
| 156 | |
| 157 | int64_t AnomalyTracker::getSumOverPastBuckets(const HashableDimensionKey& key) const { |
| 158 | const auto& itr = mSumOverPastBuckets.find(key); |
| 159 | if (itr != mSumOverPastBuckets.end()) { |
| 160 | return itr->second; |
| 161 | } |
| 162 | return 0; |
| 163 | } |
| 164 | |
| 165 | bool AnomalyTracker::detectAnomaly(const int64_t& currentBucketNum, |
| 166 | const DimToValMap& currentBucket) { |
| 167 | if (currentBucketNum > mMostRecentBucketNum + 1) { |
| 168 | addPastBucket(nullptr, currentBucketNum - 1); |
| 169 | } |
| 170 | for (auto itr = currentBucket.begin(); itr != currentBucket.end(); itr++) { |
| 171 | if (itr->second + getSumOverPastBuckets(itr->first) > mAlert.trigger_if_sum_gt()) { |
| 172 | return true; |
| 173 | } |
| 174 | } |
| 175 | // In theory, we also need to check the dimsions not in the current bucket. In single-thread |
| 176 | // mode, usually we could avoid the following loops. |
| 177 | for (auto itr = mSumOverPastBuckets.begin(); itr != mSumOverPastBuckets.end(); itr++) { |
| 178 | if (itr->second > mAlert.trigger_if_sum_gt()) { |
| 179 | return true; |
| 180 | } |
| 181 | } |
| 182 | return false; |
| 183 | } |
| 184 | |
| 185 | bool AnomalyTracker::detectAnomaly(const int64_t& currentBucketNum, const HashableDimensionKey& key, |
| 186 | const int64_t& currentBucketValue) { |
| 187 | if (currentBucketNum > mMostRecentBucketNum + 1) { |
| 188 | addPastBucket(key, 0, currentBucketNum - 1); |
| 189 | } |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 190 | return mAlert.has_trigger_if_sum_gt() |
| 191 | && getSumOverPastBuckets(key) + currentBucketValue > mAlert.trigger_if_sum_gt(); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 192 | } |
| 193 | |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 194 | void AnomalyTracker::declareAnomaly(const uint64_t& timestampNs) { |
| 195 | // TODO: This should also take in the const HashableDimensionKey& key, to pass |
| 196 | // more details to incidentd and to make mRefractoryPeriodEndsSec key-specific. |
| 197 | // TODO: Why receive timestamp? RefractoryPeriod should always be based on real time right now. |
| 198 | if (isInRefractoryPeriod(timestampNs)) { |
| 199 | VLOG("Skipping anomaly declaration since within refractory period"); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 200 | return; |
| 201 | } |
| 202 | // TODO(guardrail): Consider guarding against too short refractory periods. |
Bookatz | 857aaa5 | 2017-12-19 15:29:06 -0800 | [diff] [blame] | 203 | mLastAnomalyTimestampNs = timestampNs; |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 204 | |
| 205 | // TODO: If we had access to the bucket_size_millis, consider calling resetStorage() |
| 206 | // if (mAlert.refractory_period_secs() > mNumOfPastBuckets * bucketSizeNs) { resetStorage(); } |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 207 | |
| 208 | if (mAlert.has_incidentd_details()) { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 209 | if (mAlert.has_name()) { |
Bookatz | 857aaa5 | 2017-12-19 15:29:06 -0800 | [diff] [blame] | 210 | ALOGI("An anomaly (%s) has occurred! Informing incidentd.", |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 211 | mAlert.name().c_str()); |
| 212 | } else { |
| 213 | // TODO: Can construct a name based on the criteria (and/or relay the criteria). |
Bookatz | 857aaa5 | 2017-12-19 15:29:06 -0800 | [diff] [blame] | 214 | ALOGI("An anomaly (nameless) has occurred! Informing incidentd."); |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 215 | } |
Bookatz | d1fd242 | 2017-11-22 15:21:03 -0800 | [diff] [blame] | 216 | informIncidentd(); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 217 | } else { |
Bookatz | 857aaa5 | 2017-12-19 15:29:06 -0800 | [diff] [blame] | 218 | ALOGI("An anomaly has occurred! (But informing incidentd not requested.)"); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 219 | } |
Bookatz | 8f2f3d8 | 2017-12-07 13:53:21 -0800 | [diff] [blame] | 220 | |
| 221 | StatsdStats::getInstance().noteAnomalyDeclared(mConfigKey, mAlert.name()); |
Bookatz | 8fcd09a | 2017-12-18 13:01:10 -0800 | [diff] [blame] | 222 | |
| 223 | android::util::stats_write(android::util::ANOMALY_DETECTED, mConfigKey.GetUid(), |
| 224 | mConfigKey.GetName().c_str(), mAlert.name().c_str()); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 225 | } |
| 226 | |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 227 | void AnomalyTracker::detectAndDeclareAnomaly(const uint64_t& timestampNs, |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 228 | const int64_t& currBucketNum, |
| 229 | const HashableDimensionKey& key, |
| 230 | const int64_t& currentBucketValue) { |
| 231 | if (detectAnomaly(currBucketNum, key, currentBucketValue)) { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 232 | declareAnomaly(timestampNs); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 233 | } |
| 234 | } |
| 235 | |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 236 | void AnomalyTracker::detectAndDeclareAnomaly(const uint64_t& timestampNs, |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 237 | const int64_t& currBucketNum, |
| 238 | const DimToValMap& currentBucket) { |
| 239 | if (detectAnomaly(currBucketNum, currentBucket)) { |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 240 | declareAnomaly(timestampNs); |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 241 | } |
| 242 | } |
| 243 | |
Bookatz | 857aaa5 | 2017-12-19 15:29:06 -0800 | [diff] [blame] | 244 | bool AnomalyTracker::isInRefractoryPeriod(const uint64_t& timestampNs) const { |
| 245 | return mLastAnomalyTimestampNs >= 0 && |
| 246 | timestampNs - mLastAnomalyTimestampNs <= mAlert.refractory_period_secs() * NS_PER_SEC; |
Bookatz | cc5adef | 2017-11-21 14:36:23 -0800 | [diff] [blame] | 247 | } |
| 248 | |
Bookatz | d1fd242 | 2017-11-22 15:21:03 -0800 | [diff] [blame] | 249 | void AnomalyTracker::informIncidentd() { |
| 250 | VLOG("informIncidentd called."); |
| 251 | if (!mAlert.has_incidentd_details()) { |
| 252 | ALOGE("Attempted to call incidentd without any incidentd_details."); |
| 253 | return; |
| 254 | } |
| 255 | sp<IIncidentManager> service = interface_cast<IIncidentManager>( |
| 256 | defaultServiceManager()->getService(android::String16("incident"))); |
| 257 | if (service == NULL) { |
| 258 | ALOGW("Couldn't get the incident service."); |
| 259 | return; |
| 260 | } |
| 261 | |
| 262 | IncidentReportArgs incidentReport; |
| 263 | const Alert::IncidentdDetails& details = mAlert.incidentd_details(); |
| 264 | for (int i = 0; i < details.section_size(); i++) { |
| 265 | incidentReport.addSection(details.section(i)); |
| 266 | } |
| 267 | // TODO: Pass in mAlert.name() into the addHeader? |
| 268 | |
| 269 | service->reportIncident(incidentReport); |
| 270 | } |
| 271 | |
Yangster-mac | e2cd6d5 | 2017-11-09 20:38:30 -0800 | [diff] [blame] | 272 | } // namespace statsd |
| 273 | } // namespace os |
| 274 | } // namespace android |