Who you gonna call? Analyzing Web Requests in Android Applications

Relying on ubiquitous Internet connectivity, applications on mobile devices frequently perform web requests during their execution. They fetch data for users to interact with, invoke remote functionalities, or send user-generated content or meta-data. These requests collectively reveal common practices of mobile application development, like what external services are used and how, and they point to possible negative effects like security and privacy violations, or impacts on battery life. In this paper, we assess different ways to analyze what web requests Android applications make. We start by presenting dynamic data collected from running 20 randomly selected Android applications and observing their network activity. Next, we present a static analysis tool, Stringoid, that analyzes string concatenations in Android applications to estimate constructed URL strings. Using Stringoid, we extract URLs from 30, 000 Android applications, and compare the performance with a simpler constant extraction analysis. Finally, we present a discussion of the advantages and limitations of dynamic and static analyses when extracting URLs, as we compare the data extracted by Stringoid from the same 20 applications with the dynamically collected data

Hyperfine characterization and coherence lifetime extension in Pr3+:La2(WO4)3

Rare-earth ions in dielectric crystals are interesting candidates for storing quantum states of photons. A limiting factor on the optical density and thus the conversion efficiency is the distortion introduced in the crystal by doping elements of one type into a crystal matrix of another type. Here, we investigate the system Pr3+:La2(WO4)3, where the similarity of the ionic radii of Pr and La minimizes distortions due to doping. We characterize the praseodymium hyperfine interaction of the ground state (3H4) and one excited state (1D2) and determine the spin Hamiltonian parameters by numerical analysis of Raman-heterodyne spectra, which were collected for a range of static external magnetic field strengths and orientations. On the basis of a crystal field analysis, we discuss the physical origin of the experimentally determined quadrupole and Zeeman tensor characteristics. We show the potential for quantum memory applications by measuring the spin coherence lifetime in a magnetic field that is chosen such that additional magnetic fields do not shift the transition frequency in first order. Experimental results demonstrate a spin coherence lifetime of 158 ms - almost three orders of magnitude longer than in zero field.Comment: 14 pages, 6 figure

Programming with Specifications

This thesis explores the use of specifications for the construction of correct programs. We go beyond their standard use as run-time assertions, and present algorithms, techniques and implementations for the tasks of 1) program verification, 2) declarative programming and 3) software synthesis. These results are made possible by our advances in the domains of decision procedure design and implementation. In the first part of this thesis, we present a decidability result for a class of logics that support user-defined recursive function definitions. Constraints in this class can encode expressive properties of recursive data structures, such as sortedness of a list, or balancing of a search tree. As a result, complex verification conditions can be stated concisely and solved entirely automatically. We also present a new decision procedure for a logic to reason about sets and constraints over their cardinalities. The key insight lies in a technique to decompose con- straints according to mutual dependencies. Compared to previous techniques, our algorithm brings significant improvements in running times, and for the first time integrates reasoning about cardinalities within the popular DPLL(T ) setting. We integrated our algorithmic ad- vances into Leon, a static analyzer for functional programs. Leon can reason about constraints involving arbitrary recursive function definitions, and has the desirable theoretical property that it will always find counter-examples to assertions that do not hold. We illustrate the flexibility and efficiency of Leon through experimental evaluation, where we used it to prove detailed correctness properties of data structure implementations. We then illustrate how program specifications can be used as a high-level programming construct ; we present Kaplan, an extension of Scala with first-class logical constraints. Kaplan allows programmers to create, manipulate and combine constraints as they would any other data structure. Our implementation of Kaplan illustrates how declarative programming can be incorporated into an existing mainstream programming language. Moreover, we examine techniques to transform, at compile-time, program specifications into efficient executable code. This approach of software synthesis combines the correctness benefits of declarative programming with the efficiency of imperative or functional programming

Implicit and explicit self-esteem as predictors of reactive and proactive aggression in adolescent boys and girls

This study aims at examining gender differences and their association with implicit and explicit self-esteem (SE), and reactive and proactive aggression in adolescents. Hundred and eighteen adolescents (60 boys and 58 girls) performed the Implicit Association Test assessing implicit SE. The Rosenberg Self-Esteem scale was used to measure explicit SE. Reactive and proactive aggression were assessed with the self-report Reactive and Proactive Aggression Scale. Results showed that girls characterized by both low explicit and implicit SE (insecure SE), or by high explicit but low implicit SE (defensive SE), showed more reactive aggression than girls reporting high explicit and implicit SE (secure SE) or low explicit but high implicit SE (anxious SE). In contrast, none of these SE types were associated to reactive aggression in boys. Finally, no significant association was found between the different types of SE and proactive aggression, for both genders

Phantm: PHP analyzer for type mismatch

We present Phantm, a static analyzer that uses a flow-sensitive analysis to detect type errors in PHP applications. Phantm can infer types for nested arrays, and can leverage runtime information and procedure summaries for more precise results. Phantm found over 200 true problems when applied to three applications with over 50'000 lines of code, including the popular DokuWiki code base

Runtime Instrumentation for Precise Flow-Sensitive Type Analysis

We describe a combination of runtime information and static analysis for checking properties of complex and configurable systems. The basic idea of our approach is to 1) let the program execute and thereby read the important dynamic configuration data, then 2) invoke static analysis from this runtime state to detect possible errors that can happen in the continued execution. This approach improves analysis precision, particularly with respect to types of global variables and nested data structures. It also enables the resolution of modules that are loaded based on dynamically computed information. We describe an implementation of this approach in a tool that statically computes possible types of variables in PHP applications, including detailed types of nested maps (arrays). PHP is a dynamically typed language; PHP programs extensively use nested value maps, as well as ’include’ directives whose arguments are dynamically computed file names. We have applied our analysis tool to over 50’000 lines of PHP code, including the popular DokuWiki software, which has a plug-in architecture. The analysis identified 200 problems in the code and in the type hints of the original source code base. Some of these problems can cause exploits, infinite loops, and crashes. Our experiments show that dynamic information simplifies the development of the analysis and decreases the number of false alarms compared to a purely static analysis approach

On Using Static Analysis to Detect Type Errors in PHP Applications

We describe our experience in using abstract interpretation to analyze applications written in PHP. Our work focuses on reconstructing type information from mostly unannotated code. We present the abstract domain of our analysis, focusing on the features that improve analysis precision. We have implemented our approach as a tool that supports the full specification of PHP 5. We describe several bugs that we were able to find in deployed web applications