Light-Weight, Inter-Procedural and Callback-Aware Resource Leak Detection for Android Apps

Android devices include many embedded resources such as Camera, Media Player and Sensors. These resources require programmers to explicitly request and release them. Missing release operations might cause serious problems such as performance degradation or system crash. This kind of defects is called resource leak. Despite a large body of existing works on testing and analyzing Android apps, there still remain several challenging problems. In this work, we present Relda2, a light-weight and precise static resource leak detection tool. We first systematically collected a resource table, which includes the resources that the Android reference requires developers release manually. Based on this table, we designed a general approach to automatically detect resource leaks. To make a more precise inter-procedural analysis, we construct a Function Call Graph for each Android application, which handles function calls of user-defined methods and the callbacks invoked by the Android framework at the same time. To evaluate Relda2's effectiveness and practical applicability, we downloaded 103 apps from popular app stores and an open source community, and found 67 real resource leaks, which we have confirmed manually.

[1]  Hojung Cha,et al.  WakeScope: Runtime WakeLock anomaly management scheme for Android platform , 2013, 2013 Proceedings of the International Conference on Embedded Software (EMSOFT).

[2]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[3]  Jingling Xue,et al.  Static memory leak detection using full-sparse value-flow analysis , 2012, ISSTA 2012.

[4]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.

[5]  Julian Dolby,et al.  Scalable and precise taint analysis for Android , 2015, ISSTA.

[6]  Christopher Krügel,et al.  EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework , 2015, NDSS.

[7]  Yepang Liu,et al.  Where has my battery gone? Finding sensor related energy black holes in smartphone applications , 2013, 2013 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[8]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[9]  Porfirio Tramontana,et al.  Using GUI ripping for automated testing of Android applications , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[10]  Ming Zhang,et al.  Where is the energy spent inside my app?: fine grained energy accounting on smartphones with Eprof , 2012, EuroSys '12.

[11]  Éric Tanter,et al.  Foundations of Typestate-Oriented Programming , 2014, ACM Trans. Program. Lang. Syst..

[12]  Hongseok Yang,et al.  Automated concolic testing of smartphone apps , 2012, SIGSOFT FSE.

[13]  Atanas Rountev,et al.  Systematic testing for resource leaks in Android applications , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[14]  George C. Necula,et al.  Exceptional situations and program reliability , 2008, TOPL.

[15]  Hao Chen,et al.  AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale , 2012, TRUST.

[16]  Tao Xie,et al.  A Grey-Box Approach for Automated GUI-Model Generation of Mobile Applications , 2013, FASE.

[17]  Atanas Rountev,et al.  Static Reference Analysis for GUI Objects in Android Software , 2014, CGO '14.

[18]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[19]  Lei Yang,et al.  Accurate online power estimation and automatic battery behavior based power model generation for smartphones , 2010, 2010 IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS).

[20]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[21]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[22]  Sigmund Cherem,et al.  Practical memory leak detection using guarded value-flow analysis , 2007, PLDI '07.

[23]  Huai Liu,et al.  How Effectively Does Metamorphic Testing Alleviate the Oracle Problem? , 2014, IEEE Transactions on Software Engineering.

[24]  Sam Malek,et al.  A whitebox approach for automated security testing of Android applications on the cloud , 2012, 2012 7th International Workshop on Automation of Software Test (AST).

[25]  Mira Mezini,et al.  Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[26]  Michael D. Bond,et al.  LeakChaser: helping programmers narrow down causes of memory leaks , 2011, PLDI '11.

[27]  K. Yi,et al.  Static Analyzer for Detecting Privacy Leaks in Android Applications , 2012 .

[28]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[29]  Bernhard Steffen,et al.  The Value Flow Graph: A Program Representation for Optimal Program Transformations , 1990, ESOP.

[30]  Michael D. Bond,et al.  Leak pruning , 2009, ASPLOS.

[31]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[32]  Per Runeson,et al.  Detection of Duplicate Defect Reports Using Natural Language Processing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[33]  Jun Yan,et al.  Characterizing and detecting resource leaks in Android applications , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[34]  Emina Torlak,et al.  Effective interprocedural resource leak detection , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[35]  Gokhan Memik,et al.  Into the wild: Studying real user activity patterns to guide power optimizations for mobile architectures , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[36]  Jian Lu,et al.  GreenDroid: Automated Diagnosis of Energy Inefficiency for Smartphone Applications , 2014, IEEE Transactions on Software Engineering.

[37]  MalekSam,et al.  Testing android apps through symbolic execution , 2012 .

[38]  Yan Wang,et al.  Static Control-Flow Analysis of User-Driven Callbacks in Android Applications , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[39]  Miryung Kim,et al.  An Empirical Study of API Stability and Adoption in the Android Ecosystem , 2013, 2013 IEEE International Conference on Software Maintenance.

[40]  Étienne Payet,et al.  Static Analysis of Android Programs , 2011, CADE.

[41]  Mukul R. Prasad,et al.  Automated testing with targeted event sequence generation , 2013, ISSTA.

[42]  Eran Yahav,et al.  Effective typestate verification in the presence of aliasing , 2006, TSEM.

[43]  Jonathan Aldrich,et al.  Typestate-oriented programming , 2009, OOPSLA Companion.

[44]  Atanas Rountev,et al.  LeakChecker: Practical Static Memory Leak Detection for Managed Languages , 2014, CGO '14.

[45]  Iulian Neamtiu,et al.  Automating GUI testing for Android applications , 2011, AST '11.

[46]  Atanas Rountev,et al.  Precise memory leak detection for java software using container profiling , 2013, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[47]  Nick Mitchell,et al.  LeakBot: An Automated and Lightweight Tool for Diagnosing Memory Leaks in Large Java Applications , 2003, ECOOP.

[48]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[49]  Sam Malek,et al.  Testing android apps through symbolic execution , 2012, ACM SIGSOFT Softw. Eng. Notes.

[50]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[51]  Iulian Neamtiu,et al.  Targeted and depth-first exploration for systematic testing of android apps , 2013, OOPSLA.

[52]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[53]  Samuel P. Midkiff,et al.  What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps , 2012, MobiSys '12.

[54]  Andreas Zeller,et al.  Search-based system testing: high coverage, no false alarms , 2012, ISSTA 2012.