Unveiling Exception Handling Bug Hazards in Android Based on GitHub and Google Code Issues

This paper reports on a study mining the exception stack traces included in 159,048 issues reported on Android projects hosted in GitHub (482 projects) and Google Code (157 projects). The goal of this study is to investigate whether stack trace information can reveal bug hazards related to exception handling code that may lead to a decrease in application robustness. Overall 6,005 exception stack traces were extracted, and subjected to source code and byte code analysis. The out-comes of this study include the identification of the following bug hazards: (i) unexpected cross-type exception wrappings (for instance, trying to handle an instance of Out Of Memory Error "hidden" in a checked exception) which can make the exception-related code more complex and negatively impact the application robustness, (ii) undocumented runtime exceptions thrown by both the Android platform and third party libraries, and (iii) undocumented checked exceptions thrown by the Android Platform. Such undocumented exceptions make it difficult, and most of the times infeasible for the client code to protect against "unforeseen" situations that may happen while calling third-party code. This study provides further insights on such bug hazards and the robustness threats they impose to Android apps as well as to other systems based on the Java exception model.

[1]  Carlos José Pereira de Lucena,et al.  Unveiling and taming liabilities of aspects in the presence of exceptions: A static analysis based approach , 2011, Inf. Sci..

[2]  Cecília M. F. Rubira,et al.  Extracting Error Handling to Aspects: A Cookbook , 2007, 2007 IEEE International Conference on Software Maintenance.

[3]  Mangala Gowri Nanda,et al.  Accurate Interprocedural Null-Dereference Analysis for Java , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[4]  P. Marques,et al.  Unchecked Exceptions : Can the Programmer be Trusted to Document Exceptions ? , 2006 .

[5]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[6]  Swarat Chaudhuri,et al.  A Study of Android Application Security , 2011, USENIX Security Symposium.

[7]  Cecília M. F. Rubira,et al.  A comparative study of exception handling mechanisms for building dependable object-oriented software , 2001, J. Syst. Softw..

[8]  Yu Luo,et al.  Simple Testing Can Prevent Most Critical Failures: An Analysis of Production Failures in Distributed Data-Intensive Systems , 2014, OSDI.

[9]  Ahmed E. Hassan,et al.  Understanding reuse in the Android Market , 2012, 2012 20th IEEE International Conference on Program Comprehension (ICPC).

[10]  Guy L. Steele,et al.  Java Language Specification, Second Edition: The Java Series , 2000 .

[11]  Georgios Gousios,et al.  The GHTorent dataset and tool suite , 2013, 2013 10th Working Conference on Mining Software Repositories (MSR).

[12]  Alberto Bacchelli,et al.  Content classification of development emails , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[13]  Gabriele Bavota,et al.  API change and fault proneness: a threat to the success of Android apps , 2013, ESEC/FSE 2013.

[14]  Sebastian G. Elbaum,et al.  Amplifying tests to validate exception handling code , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[15]  Mary Campione,et al.  The Java tutorial , 1996 .

[16]  Miryung Kim,et al.  An Empirical Study of API Stability and Adoption in the Android Ecosystem , 2013, 2013 IEEE International Conference on Software Maintenance.

[17]  Yannis Smaragdakis,et al.  JCrasher: an automatic robustness tester for Java , 2004, Softw. Pract. Exp..

[18]  Anthony I. Wasserman,et al.  Software engineering issues for mobile application development , 2010, FoSER '10.

[19]  Jan S. Rellermeyer,et al.  An empirical study of the robustness of Inter-component Communication in Android , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[20]  Shujuan Jiang,et al.  Fault localization and repair for Java runtime exceptions , 2009, ISSTA.

[21]  Foutse Khomh,et al.  Classifying field crash reports for fixing bugs: A case study of Mozilla Firefox , 2011, 2011 27th IEEE International Conference on Software Maintenance (ICSM).

[22]  Rebecca Wirfs-Brock Toward Exception-Handling Best Practices and Patterns , 2006, IEEE Software.

[23]  Gordon Fraser,et al.  1600 faults in 100 projects: automatically finding faults while achieving high coverage with EvoSuite , 2015, Empirical Software Engineering.

[24]  Eric Steegmans,et al.  Combining the robustness of checked exceptions with the flexibility of unchecked exceptions using anchored exception declarations , 2005, OOPSLA '05.

[25]  Paulo Marques,et al.  Exception Handling: A Field Study in Java and .NET , 2007, ECOOP.

[26]  Anand R. Tripathi,et al.  Issues with Exception Handling in Object-Oriented Systems , 1997, ECOOP.

[27]  Shaohua Wang,et al.  Improving bug localization using correlations in crash reports , 2013, 2013 10th Working Conference on Mining Software Repositories (MSR).

[28]  Diomidis Spinellis,et al.  Undocumented and unchecked: exceptions that spell trouble , 2014, MSR 2014.

[29]  Thomas Zimmermann,et al.  Extracting structural information from bug reports , 2008, MSR '08.

[30]  Nachiappan Nagappan,et al.  Crash graphs: An aggregated view of multiple crashes to improve crash triage , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[31]  Ming Zhang,et al.  Bootstrapping energy debugging on smartphones: a first look at energy bugs in mobile devices , 2011, HotNets-X.

[32]  Thomas Zimmermann,et al.  Predicting method crashes with bytecode operations , 2013, ISEC.

[33]  Bohn Stafleu van Loghum,et al.  Online … , 2002, LOG IN.

[34]  John B. Goodenough,et al.  Exception handling: issues and a proposed notation , 1975, CACM.

[35]  Kwangkeun Yi,et al.  An uncaught exception analysis for Java , 2004, J. Syst. Softw..

[36]  Bertrand Meyer,et al.  Advances in object-oriented software engineering , 1992 .

[37]  Jerri L. Ledford,et al.  Google Analytics , 2006 .

[38]  Thomas Zimmermann,et al.  What Makes a Good Bug Report? , 2008, IEEE Transactions on Software Engineering.

[39]  Rahul Premraj,et al.  Do stack traces help developers fix bugs? , 2010, 2010 7th IEEE Working Conference on Mining Software Repositories (MSR 2010).

[40]  Martin P. Robillard,et al.  Designing robust Java programs with exceptions , 2000, SIGSOFT '00/FSE-8.

[41]  Carlos José Pereira de Lucena,et al.  Assessing the Impact of Aspects on Exception Flows: An Exploratory Study , 2008, ECOOP.

[42]  Dalton Serey Guerrero,et al.  Design tests: An approach to programmatically check your code against design rules , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[43]  Philip Wadler,et al.  Monads for functional programming , 1995, NATO ASI PDC.

[44]  Robert V. Binder,et al.  Testing Object-Oriented Systems: Models, Patterns, and Tools , 1999 .

[45]  Hina Shah,et al.  Understanding Exception Handling: Viewpoints of Novices and Experts , 2010, IEEE Transactions on Software Engineering.

[46]  Porfirio Tramontana,et al.  Using GUI ripping for automated testing of Android applications , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.