40 research outputs found
FRAMEWORK SYNTHESIS FOR SYMBOLIC EXECUTION OF EVENT-DRIVEN FRAMEWORKS
Symbolic execution is a powerful program analysis technique, but it is very challenging to apply to programs built using event-driven frameworks, such as Android. The main reason is that the framework code itself is too complex to symbolically execute. The standard solution is to manually create a framework model that is simpler and more amenable to symbolic execution. However, developing and maintaining such a model by hand is difficult and error-prone.
We claim that we can leverage program synthesis to introduce a high-degree of automation to the process of framework modeling. To support this thesis, we present three pieces of work. First, we introduced SymDroid, a symbolic executor for Android. While Android apps are written in Java, they are compiled to Dalvik bytecode format. Instead of analyzing an appās Java source, which may not be available, or decompiling from Dalvik back to Java, which requires significant engineering effort and introduces yet another source of potential bugs in an analysis, SymDroid works directly on Dalvik bytecode.
Second, we introduced Pasket, a new system that takes a first step toward automatically generating Java framework models to support symbolic execution. Pasket takes as input the framework API and tutorial programs that exercise the framework. From these artifacts and Pasket's internal knowledge of design patterns, Pasket synthesizes an executable framework model by instantiating design patterns, such that the behavior of a synthesized model on the tutorial programs matches that of the original framework.
Lastly, in order to scale program synthesis to framework models, we devised adaptive concretization, a novel program synthesis algorithm that combines the best of the two major synthesis strategies: symbolic search, i.e., using SAT or SMT solvers, and explicit search, e.g., stochastic enumeration of possible solutions. Adaptive concretization parallelizes multiple sub-synthesis problems by partially concretizing highly influential unknowns in the original synthesis problem.
Thanks to adaptive concretization, Pasket can generate a large-scale model, e.g., thousands lines of code. In addition, we have used an Android model synthesized by Pasket and found that the model is sufficient to allow SymDroid to execute a range of apps
JSKETCH: Sketching for Java
Sketch-based synthesis, epitomized by the SKETCH tool, lets developers
synthesize software starting from a partial program, also called a sketch or
template. This paper presents JSKETCH, a tool that brings sketch-based
synthesis to Java. JSKETCH's input is a partial Java program that may include
holes, which are unknown constants, expression generators, which range over
sets of expressions, and class generators, which are partial classes. JSKETCH
then translates the synthesis problem into a SKETCH problem; this translation
is complex because SKETCH is not object-oriented. Finally, JSKETCH synthesizes
an executable Java program by interpreting the output of SKETCH.Comment: This research was supported in part by NSF CCF-1139021, CCF- 1139056,
CCF-1161775, and the partnership between UMIACS and the Laboratory for
Telecommunication Science
Translating Video Recordings of Mobile App Usages into Replayable Scenarios
Screen recordings of mobile applications are easy to obtain and capture a
wealth of information pertinent to software developers (e.g., bugs or feature
requests), making them a popular mechanism for crowdsourced app feedback. Thus,
these videos are becoming a common artifact that developers must manage. In
light of unique mobile development constraints, including swift release cycles
and rapidly evolving platforms, automated techniques for analyzing all types of
rich software artifacts provide benefit to mobile developers. Unfortunately,
automatically analyzing screen recordings presents serious challenges, due to
their graphical nature, compared to other types of (textual) artifacts. To
address these challenges, this paper introduces V2S, a lightweight, automated
approach for translating video recordings of Android app usages into replayable
scenarios. V2S is based primarily on computer vision techniques and adapts
recent solutions for object detection and image classification to detect and
classify user actions captured in a video, and convert these into a replayable
test scenario. We performed an extensive evaluation of V2S involving 175 videos
depicting 3,534 GUI-based actions collected from users exercising features and
reproducing bugs from over 80 popular Android apps. Our results illustrate that
V2S can accurately replay scenarios from screen recordings, and is capable of
reproducing 89% of our collected videos with minimal overhead. A case
study with three industrial partners illustrates the potential usefulness of
V2S from the viewpoint of developers.Comment: In proceedings of the 42nd International Conference on Software
Engineering (ICSE'20), 13 page
SymDroid: Symbolic Execution for Dalvik Bytecode
Apps on Google's Android mobile device platform are written in Java, but are compiled to a special bytecode language called Dalvik. In this paper, we introduce SymDroid, a symbolic executor that operates directly on Dalvik bytecode. SymDroid begins by first translating Dalvik into mu-Dalvik, a simpler language that has only 16 instructions, in contrast to Dalvik's more than 200 instructions. We present a formalism for SymDroid's symbolic executor, which can be described with a small number of operational semantics rules; this semantics may be of independent interest. In addition to modeling bytecode instructions, SymDroid also contains models of some key portions of the Android platform, including libraries and the platform's lifecycle control code. We evaluated SymDroid in two ways. First, we ran it on the Android Compatibility Test Suite, and found it passed all tests except ones that used library or system routines we have not yet implemented. On this test suite, SymDroid runs about twice as slow as the Dalvik VM, and about twice as fast as the Java VM. Second, we used SymDroid to discover the (path) conditions under which contacts may be accessed on an Android app, and found it was able to do so successfully. These results suggest that SymDroid, while still a prototype, is a promising first step in enabling direct, precise analysis of Android apps
Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android
Googleās Android platform includes a permission model that protects
access to sensitive capabilities, such as Internet access, GPS use, and
telephony. We have found that Androidās current permissions are often
overly broad, providing apps with more access than they truly require.
This deviation from least privilege increases the threat from
vulnerabilities and malware. To address this issue, we present a novel
system that can replace existing platform permissions with finer-grained
ones. A key property of our approach is that it runs today, on stock
Android devices, requiring no platform modifications. Our solution is
composed of two parts: Mr. Hide, which runs in a separate process on a
device and provides access to sensitive data as a service; and Dr.
Android (Dalvik Rewriter for Android), a tool that transforms existing
Android apps to access sensitive resources via Mr. Hide rather than
directly through the system. Together, Dr. Android and Mr. Hide can
completely remove several of an appās existing permissions and replace
them with finer-grained ones, leveraging the platform to provide
complete mediation for protected resources. We evaluated our ideas on
several popular, free Android apps. We found that we can replace many
commonly used "dangerous" permissions with finer-grained permissions.
Moreover, apps transformed to use these finer-grained permissions run
largely as expected, with reasonable performance overhead
Akkermansia muciniphila-derived extracellular vesicles influence gut permeability through the regulation of tight junctions
The gut microbiota has an important role in the gut barrier, inflammation and metabolic functions. Studies have identified a close association between the intestinal barrier and metabolic diseases, including obesity and type 2 diabetes (T2D). Recently, Akkermansia muciniphila has been reported as a beneficial bacterium that reduces gut barrier disruption and insulin resistance. Here we evaluated the role of A. muciniphila-derived extracellular vesicles (AmEVs) in the regulation of gut permeability. We found that there are more AmEVs in the fecal samples of healthy controls compared with those of patients with T2D. In addition, AmEV administration enhanced tight junction function, reduced body weight gain and improved glucose tolerance in high-fat diet (HFD)-induced diabetic mice. To test the direct effect of AmEVs on human epithelial cells, cultured Caco-2 cells were treated with these vesicles. AmEVs decreased the gut permeability of lipopolysaccharide-treated Caco-2 cells, whereas Escherichia coli-derived EVs had no significant effect. Interestingly, the expression of occludin was increased by AmEV treatment. Overall, these results imply that AmEVs may act as a functional moiety for controlling gut permeability and that the regulation of intestinal barrier integrity can improve metabolic functions in HFD-fed mice.11Ysciescopuskc
Verified lifting of stencil computations
This paper demonstrates a novel combination of program synthesis and verification to lift stencil computations from low-level Fortran code to a high-level summary expressed using a predicate language. The technique is sound and mostly automated, and leverages counter-example guided inductive synthesis (CEGIS) to find provably correct translations. Lifting existing code to a high-performance description language has a number of benefits, including maintainability and performance portability. For example, our experiments show that the lifted summaries can enable domain specific compilers to do a better job of parallelization as compared to an off-the-shelf compiler working on the original code, and can even support fully automatic migration to hardware accelerators such as GPUs. We have implemented verified lifting in a system called STNG and have evaluated it using microbenchmarks, mini-apps, and real-world applications. We demonstrate the benefits of verified lifting by first automatically summarizing Fortran source code into a high-level predicate language, and subsequently translating the lifted summaries into Halide, with the translated code achieving median performance speedups of 4.1X and up to 24X for non-trivial stencils as compared to the original implementation.United States. Department of Energy. Office of Science (Award DE-SC0008923)United States. Department of Energy. Office of Science (Award DE-SC0005288