Relda2: An effective static analysis tool for resource leak detection in Android apps

Resource leak is a common bug in Android applications (apps for short). In general, it is caused by missing release operations of the resources provided by Android (like Camera, Media Player and Sensors) that require programmers to explicitly release them. It might lead to several serious problems for the app and system, such as performance degradation and system crash. This paper presents Relda2, a light-weight, scalable and practical static analysis tool, for detecting resource leaks in the byte-code of Android apps automatically. It supports two analysis techniques (flow-insensitive for quick scanning and flow-sensitive for accurate scanning), and performs inter-procedural analysis to get more precise bug reports. In addition, our tool is practical to analyze real-world apps, and has been applied to 103 Android apps, including industry applications and open source programs. We have found 67 real resource leaks in these apps, which we confirmed manually. A demo video of our tool can be found at the website: https://www.youtube.com/watch?v=Mk-MFcHpTds.

[1]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[2]  Jun Yan,et al.  Characterizing and detecting resource leaks in Android applications , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[3]  Atanas Rountev,et al.  Systematic testing for resource leaks in Android applications , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[4]  Hojung Cha,et al.  WakeScope: Runtime WakeLock anomaly management scheme for Android platform , 2013, 2013 Proceedings of the International Conference on Embedded Software (EMSOFT).

[5]  Julian Dolby,et al.  Scalable and precise taint analysis for Android , 2015, ISSTA.

[6]  Jun Yan,et al.  Light-Weight, Inter-Procedural and Callback-Aware Resource Leak Detection for Android Apps , 2016, IEEE Transactions on Software Engineering.

[7]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.

[8]  Yan Wang,et al.  Static Control-Flow Analysis of User-Driven Callbacks in Android Applications , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[9]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[10]  Yepang Liu,et al.  Where has my battery gone? Finding sensor related energy black holes in smartphone applications , 2013, 2013 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[11]  Christopher Krügel,et al.  EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework , 2015, NDSS.

[12]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.