471 research outputs found
Temporal Stream Logic: Synthesis beyond the Bools
Reactive systems that operate in environments with complex data, such as
mobile apps or embedded controllers with many sensors, are difficult to
synthesize. Synthesis tools usually fail for such systems because the state
space resulting from the discretization of the data is too large. We introduce
TSL, a new temporal logic that separates control and data. We provide a
CEGAR-based synthesis approach for the construction of implementations that are
guaranteed to satisfy a TSL specification for all possible instantiations of
the data processing functions. TSL provides an attractive trade-off for
synthesis. On the one hand, synthesis from TSL, unlike synthesis from standard
temporal logics, is undecidable in general. On the other hand, however,
synthesis from TSL is scalable, because it is independent of the complexity of
the handled data. Among other benchmarks, we have successfully synthesized a
music player Android app and a controller for an autonomous vehicle in the Open
Race Car Simulator (TORCS.
Efficiently Manifesting Asynchronous Programming Errors in Android Apps
Android, the #1 mobile app framework, enforces the single-GUI-thread model,
in which a single UI thread manages GUI rendering and event dispatching. Due to
this model, it is vital to avoid blocking the UI thread for responsiveness. One
common practice is to offload long-running tasks into async threads. To achieve
this, Android provides various async programming constructs, and leaves
developers themselves to obey the rules implied by the model. However, as our
study reveals, more than 25% apps violate these rules and introduce
hard-to-detect, fail-stop errors, which we term as aysnc programming errors
(APEs). To this end, this paper introduces APEChecker, a technique to
automatically and efficiently manifest APEs. The key idea is to characterize
APEs as specific fault patterns, and synergistically combine static analysis
and dynamic UI exploration to detect and verify such errors. Among the 40
real-world Android apps, APEChecker unveils and processes 61 APEs, of which 51
are confirmed (83.6% hit rate). Specifically, APEChecker detects 3X more APEs
than the state-of-art testing tools (Monkey, Sapienz and Stoat), and reduces
testing time from half an hour to a few minutes. On a specific type of APEs,
APEChecker confirms 5X more errors than the data race detection tool,
EventRacer, with very few false alarms
Analyzing Android applications for specifications and bugs
Android has become one of the leader operating systems for smartphones. Moreover, Android has a big community of developers with over 696500 applications on its market. However, given the complexity of the system, bugs are very common on Android applications--such as security vulnerabilities and energy bugs. Normally Android applications are written using the Java programming language. In contrast to most Java applications, Android applications does not have a single entry point (main function). In addition, these applications can use some system calls and receive events from external entities (such as the user) that affect how their control flows. Therefore, a model of the Android system must be defined in order to understand the behavior of Android applications and define how their control flows. In this thesis, two approaches to define the behavior of Android applications are studied. The first approach is an intra-component analysis that take take in account just the lifecycle of the main components in Android to define control flow of the applications. This approach is evaluated applying a specification miner for energy related specifications on 12 applications from the Android market. We were able to mine 91 specifications on all the applications and 41 of them were validated. For 50% of the applications analyzed, the analysis had less than 40% of false positives specifications. However, for the rest of the applications, the interaction between components was a important factor that increased the false positives. Therefore, the second approach is an inter-component approach that takes in account both, the lifecycle of components and interaction between components to define the control flow of Android applications. We evaluate the approach checking the percentage of code coverage on 8 applications from the Google market. The results are promising with an average coverage of 67%. In addition, we were able to identify bugs related to violations of constraints regarding intecomponent interactions
Verifying Policy Enforcers
Policy enforcers are sophisticated runtime components that can prevent
failures by enforcing the correct behavior of the software. While a single
enforcer can be easily designed focusing only on the behavior of the
application that must be monitored, the effect of multiple enforcers that
enforce different policies might be hard to predict. So far, mechanisms to
resolve interferences between enforcers have been based on priority mechanisms
and heuristics. Although these methods provide a mechanism to take decisions
when multiple enforcers try to affect the execution at a same time, they do not
guarantee the lack of interference on the global behavior of the system. In
this paper we present a verification strategy that can be exploited to discover
interferences between sets of enforcers and thus safely identify a-priori the
enforcers that can co-exist at run-time. In our evaluation, we experimented our
verification method with several policy enforcers for Android and discovered
some incompatibilities.Comment: Oliviero Riganelli, Daniela Micucci, Leonardo Mariani, and Yli\`es
Falcone. Verifying Policy Enforcers. Proceedings of 17th International
Conference on Runtime Verification (RV), 2017. (to appear
Laadunvarmistustyökalujen varmistusvedostus järjestelmätasolla
In modern software development many kinds of verification is performed to prevent regressions and to ensure robustness of the software. Execution of verification tasks is usually automated with continuous delivery (CD) systems built on CD-platforms.
Currently available CD-platforms (Jenkins, Concourse, GoCD) are essentially job schedulers based on traditional job scheduling model. They execute tasks to completion in order of arrival. This model is known to cause user dissatisfaction due to long wait-times when the variation in task execution times is high. It's also known to exhibit low resource utilization. This prevents integration of new kinds of verification, reduces cost-effectiveness and decreases developer productivity.
Preemption, that is task-switching, enables much more flexibility to scheduling. It greatly improves the system's responsiveness by reducing wait-times. It solves the problem of short tasks having to wait extendedly for long tasks to complete. By enabling time-slicing of resources it increases their utilization. The result is interactive service for developers, supporting more kinds of verification in CD and enabling more value to be extracted of available compute resources.
Implementation of preemption requires ability to suspend and resume the execution of verification tools. We evaluate system-level checkpointing, a technique used for preemption in high performance computing, that does not require modification of the verification tools. We selected Checkpoint and Restore in Userspace (CRIU) as the checkpointing utility to be evaluated. We evaluated CRIU's capability to checkpoint verification tools and measured checkpoint creation time and checkpoint image size. We selected AFL, AddressSanitizer, Valgrind and Android Emulator as the tools to be tested.
Our results show CRIU is not yet capable of preempting arbitrary verification tools as only AFL and Valgrind were checkpointable. Checkpoint creation was fast making it feasible for interactive use in a CD-system. Checkpoint image's size was found to depend on the verification tool's memory size, as expected, meaning most tools would be feasible for preemption to network storage in a cluster.Nykypäivän ohjelmistokehityksessä käytetään monenlaisia laadunvarmistusmenetelmiä regressioiden estämiseen ja ohjelmistojen vikasietoisuuden takaamiseksi. Tällaisten tehtävien suoritus yleensä automatisoidaan jatkuvan toimituksen (CD) järjestelmillä, jotka on rakennettu jollekin CD-alustalle.
Saatavilla olevat CD-alustat (Jenkins, Concourse, GoCD) ovat pääpiirteissään perinteiseen ryväslaskennan vuoronnusmalliin pohjautuvia tehtävävuorontajia. Ne suorittavat tehtäviä saapumisjärjestyksessä alusta loppuun. Tehtävien keston vaihdellessa odotusajat kasvavat pitkiksi, joten mallin käyttökokemus on huono. Resursseja ei myöskään hyödynnetä tehokkaasti. Nämä estävät uusien varmistusmenetelmien käytön sekä heikentävät kustannustehokkuutta ja ohjelmistokehittäjien tuottavuutta.
Tehtävien vuorottelu tekee vuoronnuksesta joustavaa. Se lyhentää odotusaikoja huomattavasti. Lyhyet tehtävät eivät enää joudu odottamaan pitkäkestoisten tehtävien päättymistä ja resursseja hyödynnetään tehokkaammin. Näillä saavutetaan ohjelmistokehittäjille vuorovaikutteinen käyttökokemus, uudenlaisia varmistusmenetelmiä voidaan ottaa käyttöön ja laskentaresursseista saadaan parempi hyöty.
Vuorottelun toteuttamiseksi laadunvarmistustyökaluiden suoritus täytyy olla keskeytettävissä. Työssä arvioimme järjestelmätason varmistusvedostusta, joka on suurteholaskennassa käytetty menetelmä tehtävien vuorotteluun. Menetelmä ei vaadi muutoksia työkaluihin. Tarkastelemme Checkpoint and Restore in Userspace (CRIU)-varmistusvedostustyökalua, sen kykyä laadunvarmistustyökalujen vuorotteluun sekä vedoksen luontiin kuluvaa aikaa ja vedoksen kokoa. Kokeiltuja laadunvarmistustyökaluja olivat AFL, AddressSanitizer, Valgrind sekä Android Emulator.
Ilmeni, että CRIU ei vielä kykene kaikkien laadunvarmistustyökalujen vuorotteluun sillä kokeilluista työkaluista vain AFL ja Valgrind voitiin vedostaa. Vedoksen luonti oli nopeaa, mikä tekee varmistusvedostuksesta käyttökelpoisen vuorovaikutteisissa CD-järjestelmissä. Kuten oletettiin, vedoksen koko riippui laadunvarmistustyökalun muistin koosta, joten yleisimpien työkalujen vuorottelu verkkotallennusta käyttävissä laskentaryppäissä olisi mahdollista
Large-Scale Analysis of Framework-Specific Exceptions in Android Apps
Mobile apps have become ubiquitous. For app developers, it is a key priority
to ensure their apps' correctness and reliability. However, many apps still
suffer from occasional to frequent crashes, weakening their competitive edge.
Large-scale, deep analyses of the characteristics of real-world app crashes can
provide useful insights to guide developers, or help improve testing and
analysis tools. However, such studies do not exist -- this paper fills this
gap. Over a four-month long effort, we have collected 16,245 unique exception
traces from 2,486 open-source Android apps, and observed that
framework-specific exceptions account for the majority of these crashes. We
then extensively investigated the 8,243 framework-specific exceptions (which
took six person-months): (1) identifying their characteristics (e.g.,
manifestation locations, common fault categories), (2) evaluating their
manifestation via state-of-the-art bug detection techniques, and (3) reviewing
their fixes. Besides the insights they provide, these findings motivate and
enable follow-up research on mobile apps, such as bug detection, fault
localization and patch generation. In addition, to demonstrate the utility of
our findings, we have optimized Stoat, a dynamic testing tool, and implemented
ExLocator, an exception localization tool, for Android apps. Stoat is able to
quickly uncover three previously-unknown, confirmed/fixed crashes in Gmail and
Google+; ExLocator is capable of precisely locating the root causes of
identified exceptions in real-world apps. Our substantial dataset is made
publicly available to share with and benefit the community.Comment: ICSE'18: the 40th International Conference on Software Engineerin
Enhancing Automated GUI Exploration Techniques for Android Mobile Applications
Mobile software applications ("apps") are used by billions of smartphone owners worldwide. The demand for quality to these apps has grown together with their spread. Therefore, effective techniques and tools are being requested to support developers in mobile app quality engineering activities.
Automation tools can facilitate these activities since they can save humans from routine, time consuming and error prone manual tasks. Automated GUI exploration techniques are widely adopted by researchers and practitioners in the context of mobile apps for supporting critical engineering tasks such as reverse engineering, testing, and network traffic signature generation. These techniques iteratively exercise a running app by exploiting the information that the app exposes at runtime through its GUI to derive the set of input events to be fired.
Although several automated GUI exploration techniques have been proposed in the literature, they suffer from some limitations that may hinder them from a thorough app exploration.
This dissertation proposes two novel solutions that contribute to the literature in Software Engineering towards improving existing automated GUI exploration techniques for mobile software applications.
The former is a fully automated GUI exploration technique that aims to detect issues tied to the app instances lifecycle, a mobile-specific feature that allows users to smoothly navigate through an app and switch between apps. In particular, this technique addresses the issues of crashes and GUI failures, that consists in the manifestation of unexpected GUI states. This work includes two exploratory studies that prove that GUI failures are a widespread problem in the context of mobile apps.
The latter solution is a hybrid exploration technique that combines automated GUI exploration with capture and replay through machine learning. It exploits app-specific knowledge that only human users can provide in order to explore relevant parts of the application that can be reached only by firing complex sequences of input events on specific GUIs and by choosing specific input values.
Both the techniques have been implemented in tools that target the Android Operating System, that is today the world’s most popular mobile operating system. The effectiveness of the proposed techniques is demonstrated through experimental evaluations performed on real mobile apps
- …