Flexible Installability of Android Apps with App-level Virtualization based Decomposition

With the popularity of smartphones, users are heavily dependent on mobile applications for daily work and entertainments. However, mobile apps are becoming more and more complicated with more features and increasing size, part of which may be redundant to users. Due to the limitation of current installation mechanism, users have to download full-size applications instead of enjoy only the wanted features. Such full-size apps may consume more resources, including CPU, memory, and energy, which may hurt users' enthusiasm for further installation. We first conduct an empirical study to characterize used features when users interact with mobile applications, and find that users only consume a small set features of target apps. To address this problem, we present AppStarscream, which offers to decompose and run Android apps with app-level virtualization. We have implemented a prototype system and evaluated it with real-world apps showing that AppStarscream is efficient and practical

A Solver for a Theory of Strings and Bit-vectors

We present a solver for a many-sorted first-order quantifier-free theory $T_{w,bv}$ of string equations, string length represented as bit-vectors, and bit-vector arithmetic aimed at formal verification, automated testing, and security analysis of C/C++ applications. Our key motivation for building such a solver is the observation that existing string solvers are not efficient at modeling the string/bit-vector combination. Current approaches either reduce strings to bit-vectors and use a bit-vector solver as a backend, or model bit-vectors as natural numbers and use a solver for the combined theory of strings and natural numbers. Both these approaches are inefficient for different reasons. Modeling strings as bit-vectors destroys structure inherent in string equations thus missing opportunities for efficiently deciding such formulas, and modeling bit-vectors as natural numbers is known to be inefficient. Hence, there is a clear need for a solver that models strings and bit-vectors natively. Our solver Z3strBV is a decision procedure for the theory $T_{w,bv}$ combining solvers for bit-vector and string equations. We demonstrate experimentally that Z3strBV is significantly more efficient than reduction of string/bit-vector constraints to strings/natural numbers. Additionally, we prove decidability for the theory $T_{w,bv}$. We also propose two optimizations which can be adapted to other contexts. The first accelerates convergence on a consistent assignment of string lengths, and the second, dubbed library-aware SMT solving, fixes summaries for built-in string functions (e.g., {\tt strlen} in C/C++), which Z3strBV uses directly instead of analyzing the functions from scratch each time. Finally, we demonstrate experimentally that Z3strBV is able to detect nontrivial overflows in real-world system-level code, as confirmed against 7 security vulnerabilities from CVE and Mozilla database.Comment: 22 pages, 4 figures, submitted to FM201