Mishra, Ashish and Kanade, Aditya and Srikant, Y N (2016) Asynchrony-Aware Static Analysis of Android Applications. In: 14th ACM-IEEE International Conference on Formal Methods and Models for System Design (MEMOCODE), NOV 18-20, 2016, Kanpur, INDIA, pp. 163-172.
PDF
2016_ACM_IEEE_Int_Con_For_Met_Mod_Sys_Des_163_2016.pdf - Published Version Restricted to Registered users only Download (513kB) | Request a copy |
Abstract
Software applications developed for the Android platform are very popular. Due to this, static analysis of these applications has received a lot of attention recently. An Android application is essentially an asynchronous, event-driven program. The Android framework manages the state of the application by invoking callbacks, called lifecycle callbacks, in pre-defined orders. Unfortunately, the existing static analysis techniques treat the callbacks synchronously. Additionally, they do not model all possible orderings of lifecycle callbacks. These may result in unsound analysis results. In this work, we present a precise representation of control flow of Android applications called Android inter-component control flow graph (AICCFG). In this representation, the asynchronous nature of the callbacks is modeled accurately. Further, all interleavings of callbacks of different components of an Android application are modeled in AICCFG. We use this representation to design a typestate analysis of Android applications. Android applications use a rich set of resources such as camera and media player whose safe usage is governed by some state machines. Using the typestate analysis, we can verify whether an application uses a resource safely or not. We have implemented the construction of AICCFG and the typestate analysis in the Soot framework. We have also implemented a variant of typestate analysis which uses the unsound control flow model used commonly in the literature. To compare our AICCFG based analysis with this, we present a benchmark of Android applications called AsyncBench. It comprises applications that use various resources in both safe and unsafe manner. The experiments over this benchmark demonstrate the benefits of our more precise control flow model and the typestate analysis.
Item Type: | Conference Proceedings |
---|---|
Publisher: | IEEE, 345 E 47TH ST, NEW YORK, NY 10017 USA |
Additional Information: | Copy right for this article belongs to the IEEE, 345 E 47TH ST, NEW YORK, NY 10017 USA |
Department/Centre: | Division of Electrical Sciences > Computer Science & Automation |
Date Deposited: | 08 Mar 2017 10:22 |
Last Modified: | 08 Mar 2017 10:22 |
URI: | http://eprints.iisc.ac.in/id/eprint/56317 |
Actions (login required)
View Item |