685 research outputs found
Generating Predicate Callback Summaries for the Android Framework
One of the challenges of analyzing, testing and debugging Android apps is
that the potential execution orders of callbacks are missing from the apps'
source code. However, bugs, vulnerabilities and refactoring transformations
have been found to be related to callback sequences. Existing work on control
flow analysis of Android apps have mainly focused on analyzing GUI events. GUI
events, although being a key part of determining control flow of Android apps,
do not offer a complete picture. Our observation is that orthogonal to GUI
events, the Android API calls also play an important role in determining the
order of callbacks. In the past, such control flow information has been modeled
manually. This paper presents a complementary solution of constructing program
paths for Android apps. We proposed a specification technique, called Predicate
Callback Summary (PCS), that represents the callback control flow information
(including callback sequences as well as the conditions under which the
callbacks are invoked) in Android API methods and developed static analysis
techniques to automatically compute and apply such summaries to construct apps'
callback sequences. Our experiments show that by applying PCSs, we are able to
construct Android apps' control flow graphs, including inter-callback
relations, and also to detect infeasible paths involving multiple callbacks.
Such control flow information can help program analysis and testing tools to
report more precise results. Our detailed experimental data is available at:
http://goo.gl/NBPrKsComment: 11 page
Verifying Policy Enforcers
Policy enforcers are sophisticated runtime components that can prevent
failures by enforcing the correct behavior of the software. While a single
enforcer can be easily designed focusing only on the behavior of the
application that must be monitored, the effect of multiple enforcers that
enforce different policies might be hard to predict. So far, mechanisms to
resolve interferences between enforcers have been based on priority mechanisms
and heuristics. Although these methods provide a mechanism to take decisions
when multiple enforcers try to affect the execution at a same time, they do not
guarantee the lack of interference on the global behavior of the system. In
this paper we present a verification strategy that can be exploited to discover
interferences between sets of enforcers and thus safely identify a-priori the
enforcers that can co-exist at run-time. In our evaluation, we experimented our
verification method with several policy enforcers for Android and discovered
some incompatibilities.Comment: Oliviero Riganelli, Daniela Micucci, Leonardo Mariani, and Yli\`es
Falcone. Verifying Policy Enforcers. Proceedings of 17th International
Conference on Runtime Verification (RV), 2017. (to appear
Automated Repair of Resource Leaks in Android Applications
Resource leaks -- a program does not release resources it previously acquired
-- are a common kind of bug in Android applications. Even with the help of
existing techniques to automatically detect leaks, writing a leak-free program
remains tricky. One of the reasons is Android's event-driven programming model,
which complicates the understanding of an application's overall control flow.
In this paper, we present PlumbDroid: a technique to automatically detect and
fix resource leaks in Android applications. PlumbDroid uses static analysis to
find execution traces that may leak a resource. The information built for
detection also undergirds automatically building a fix -- consisting of release
operations performed at appropriate locations -- that removes the leak and does
not otherwise affect the application's usage of the resource. An empirical
evaluation on resource leaks from the DroidLeaks curated collection
demonstrates that PlumbDroid's approach is scalable and produces correct fixes
for a variety of resource leak bugs. This indicates it can provide valuable
support to enhance the quality of Android applications in practice
Target Directed Event Sequence Generation for Android Applications
Testing is a commonly used approach to ensure the quality of software, of
which model-based testing is a hot topic to test GUI programs such as Android
applications (apps). Existing approaches mainly either dynamically construct a
model that only contains the GUI information, or build a model in the view of
code that may fail to describe the changes of GUI widgets during runtime.
Besides, most of these models do not support back stack that is a particular
mechanism of Android. Therefore, this paper proposes a model LATTE that is
constructed dynamically with consideration of the view information in the
widgets as well as the back stack, to describe the transition between GUI
widgets. We also propose a label set to link the elements of the LATTE model to
program snippets. The user can define a subset of the label set as a target for
the testing requirements that need to cover some specific parts of the code. To
avoid the state explosion problem during model construction, we introduce a
definition "state similarity" to balance the model accuracy and analysis cost.
Based on this model, a target directed test generation method is presented to
generate event sequences to effectively cover the target. The experiments on
several real-world apps indicate that the generated test cases based on LATTE
can reach a high coverage, and with the model we can generate the event
sequences to cover a given target with short event sequences
Anchor: Locating Android Framework-specific Crashing Faults
Android framework-specific app crashes are hard to debug. Indeed, the
callback-based event-driven mechanism of Android challenges crash localization
techniques that are developed for traditional Java programs. The key challenge
stems from the fact that the buggy code location may not even be listed within
the stack trace. For example, our empirical study on 500 framework-specific
crashes from an open benchmark has revealed that 37 percent of the crash types
are related to bugs that are outside the stack traces. Moreover, Android
programs are a mixture of code and extra-code artifacts such as the Manifest
file. The fact that any artifact can lead to failures in the app execution
creates the need to position the localization target beyond the code realm. In
this paper, we propose Anchor, a two-phase suspicious bug location suggestion
tool. Anchor specializes in finding crash-inducing bugs outside the stack
trace. Anchor is lightweight and source code independent since it only requires
the crash message and the apk file to locate the fault. Experimental results,
collected via cross-validation and in-the-wild dataset evaluation, show that
Anchor is effective in locating Android framework-specific crashing faults.Comment: 12 page
- …