Generating Predicate Callback Summaries for the Android Framework

One of the challenges of analyzing, testing and debugging Android apps is that the potential execution orders of callbacks are missing from the apps' source code. However, bugs, vulnerabilities and refactoring transformations have been found to be related to callback sequences. Existing work on control flow analysis of Android apps have mainly focused on analyzing GUI events. GUI events, although being a key part of determining control flow of Android apps, do not offer a complete picture. Our observation is that orthogonal to GUI events, the Android API calls also play an important role in determining the order of callbacks. In the past, such control flow information has been modeled manually. This paper presents a complementary solution of constructing program paths for Android apps. We proposed a specification technique, called Predicate Callback Summary (PCS), that represents the callback control flow information (including callback sequences as well as the conditions under which the callbacks are invoked) in Android API methods and developed static analysis techniques to automatically compute and apply such summaries to construct apps' callback sequences. Our experiments show that by applying PCSs, we are able to construct Android apps' control flow graphs, including inter-callback relations, and also to detect infeasible paths involving multiple callbacks. Such control flow information can help program analysis and testing tools to report more precise results. Our detailed experimental data is available at: http://goo.gl/NBPrKsComment: 11 page

Overcoming Language Dichotomies: Toward Effective Program Comprehension for Mobile App Development

Mobile devices and platforms have become an established target for modern software developers due to performant hardware and a large and growing user base numbering in the billions. Despite their popularity, the software development process for mobile apps comes with a set of unique, domain-specific challenges rooted in program comprehension. Many of these challenges stem from developer difficulties in reasoning about different representations of a program, a phenomenon we define as a "language dichotomy". In this paper, we reflect upon the various language dichotomies that contribute to open problems in program comprehension and development for mobile apps. Furthermore, to help guide the research community towards effective solutions for these problems, we provide a roadmap of directions for future work.Comment: Invited Keynote Paper for the 26th IEEE/ACM International Conference on Program Comprehension (ICPC'18

Efficiently Manifesting Asynchronous Programming Errors in Android Apps

Android, the #1 mobile app framework, enforces the single-GUI-thread model, in which a single UI thread manages GUI rendering and event dispatching. Due to this model, it is vital to avoid blocking the UI thread for responsiveness. One common practice is to offload long-running tasks into async threads. To achieve this, Android provides various async programming constructs, and leaves developers themselves to obey the rules implied by the model. However, as our study reveals, more than 25% apps violate these rules and introduce hard-to-detect, fail-stop errors, which we term as aysnc programming errors (APEs). To this end, this paper introduces APEChecker, a technique to automatically and efficiently manifest APEs. The key idea is to characterize APEs as specific fault patterns, and synergistically combine static analysis and dynamic UI exploration to detect and verify such errors. Among the 40 real-world Android apps, APEChecker unveils and processes 61 APEs, of which 51 are confirmed (83.6% hit rate). Specifically, APEChecker detects 3X more APEs than the state-of-art testing tools (Monkey, Sapienz and Stoat), and reduces testing time from half an hour to a few minutes. On a specific type of APEs, APEChecker confirms 5X more errors than the data race detection tool, EventRacer, with very few false alarms

iPerfDetector: Characterizing and Detecting Performance Anti-patterns in iOS Applications

Performance issues in mobile applications (i.e., apps) often have a direct impact on the user experience. However, due to limited testing resources and fast-paced software development cycles, many performance issues remain undiscovered when the apps are released. As found by a prior study, these performance issues are one of the most common complaints that app users have. Unfortunately, there is a limited support to help developers avoid or detect performance issues in mobile apps. In this thesis, we conduct an empirical study on performance issues in iOS apps written in Swift language. To the best of our knowledge, this is the first study on performance issues of apps on the iOS platform. We manually studied 235 performance issues that are collected from four open source iOS apps. We found that most performance issues in iOS apps are related to inefficient UI design, memory issues, and inefficient thread handling. We also manually uncovered four performance anti-patterns that recurred in the studied issue reports. To help developers avoid these performance anti-patterns in the code, we implemented a static analysis tool called iPerfDetector. We evaluated iPerfDetector on eight open source and three commercial apps. iPerfDetector successfully detected 34 performance anti-pattern instances in the studied apps, where 31 of them are already confirmed and accepted by developers as potential performance issues. Our case study on the performance impact of the anti-patterns shows that fixing the anti-pattern may improve the performance (i.e., response time, GPU, or CPU) of the workload by up to 80%

Concurrency in Android development – Kotlin Coroutines and RxJava

A faulty concurrency system may have an impact in the user experience of the software product and consequently to the company that owns that product. The main goal of this research is to understand the impact of concurrency in Android development and further help developers/companies to discretise the best approaches for concurrency. The research initially centres on the importance of concurrency in Android applications as well as the main approaches for concurrency/threading in Android development. It further illustrates why some asynchronous programming approaches do not fit modern Android development. This allowed the research to concentrate on the most relevant approaches to concurrency and consequently produce more pertinent results for the current state of Android development. After acknowledging Kotlin Coroutines and RxJava as the most relevant approaches to concurrency for Android (at the time of writing this document), this research moved on with the development of a case study application. This application was implemented using both Kotlin Coroutines and RxJava while reusing as much code as possible. There is a single module dedicated to the main user interface of the application and two modules (one for Kotlin Coroutines and one for RxJava) dedicated to concurrently run the necessary steps for each feature and further propagating the necessary data to the user interface. This allowed a clear separation of the specific code needed to perform the same features with Kotlin Coroutines and RxJava, facilitating its later comparison. The design of this application and its features required prior assessment of common use cases for concurrency in Android to form a fitting case study. With the intent of assessing the impact of using Kotlin Coroutines and RxJava in Android applications, we discretised the main software quality attributes to consider for Android development. By taking this step, we were able to focus mainly on the Performance and Maintainability of an Android application and understand how the usage of both Kotlin Coroutines and RxJava affects these attributes. The impact of each library in the performance and maintainability of an Android application was measured using software metrics that were provided by a combination of static analysis, benchmarks, and profiling tests. The process of designing the set of tests, setting up the required tools and the overall development of the test environment for this research is also explored in this document. The results for Kotlin Coroutines and RxJava were then illustrated, compared, and interpreted to fulfil our objective of understanding if, at the time of writing this document, there is a more sensible approach to concurrency for Android development according to our set of tests. The results for our set of tests and case study application revealed that RxJava and Kotlin Coroutines do not differently compromise the performance and maintainability of an Android application, for what developers and companies should not be limited when choosing between these libraries