ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
An Until Hierarchy for Temporal Logic
LICS '96 Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science
Finding and preventing run-time error handling mistakes
OOPSLA '04 Proceedings of the 19th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Android permissions demystified
Proceedings of the 18th ACM conference on Computer and communications security
QVM: An Efficient Runtime for Detecting Defects in Deployed Systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Testing android apps through symbolic execution
ACM SIGSOFT Software Engineering Notes
Hi-index | 0.00 |
Smartphone applications' quality is vital. Many smartphone applications, however, suffer from various defects. One major reason is that developers lack viable techniques to expose potential defects in their applications. This paper presents a tool VeriDroid to help automatically verify Android applications. We built VeriDroid by extending Java PathFinder (JPF), a widely-used verification framework for general Java programs. Our extension addresses two technical challenges. First, Android applications are event-driven and lack explicit calling relationships between event handlers for verification. Second, Android applications closely hinge on different framework libraries, whose implementations are platform-dependent. To address these challenges, we derive event handler scheduling policies from Android documentations, and encode them to guide JPF to realistically execute Android applications. Besides, we model side effects for a critical set of Android APIs such that one can conduct verification precisely. By doing so, our VeriDroid can verify Android applications in a fully automated manner. We implemented a prototype checker on VeriDroid and applied it to detect null-pointer dereference and resource leak defects in Android applications. Our experiments with five large-scale and popularly-downloaded subjects showed that VeriDroid can effectively detect real defects and provide actionable information to facilitate program debugging.