GATOR: Program Analysis Toolkit For Android
The popularity of Android software has grown dramatically in the last
few years. It is essential for researchers in programming languages
and software engineering to contribute new techniques in this
increasingly important area. Such techniques require a foundation of
program analyses for Android. The target of our work is to provide a
program analysis toolkit for
Android (GATOR). As a first component
of this toolkit, we developed a static reference analysis for GUI
objects in Android software. The second component of GATOR is a
control-flow analysis of user-event-driven callbacks.
An Android application is driven by a graphical user interface (GUI),
with GUI objects responding to user actions. These objects and the
event handlers associated with them ultimately determine the possible
flow of control and data. We proposed
[CGO14,PhD14]
the first static analysis to
model GUI-related Android objects, their flow through the application,
and their interactions with each other via the abstractions defined by
the Android platform. A formal semantics for the relevant Android
constructs was developed to provide a solid foundation for this and
other analyses. Next, we proposed a constraint-based reference analysis
based on the semantics. The analysis employs a constraint graph to
model the flow of GUI objects, the hierarchical structure of these
objects, and the effects of relevant Android operations. Experimental
evaluation on real-world Android applications strongly suggests that
the analysis achieves high precision with low cost.
The analysis enables static modeling of control/data flow that is
foundational for compiler analyses, instrumentation for
event/interaction profiling, static error checking, security analysis,
test generation, and automated debugging.
In subsequent work [ICSE15]
which builds on
[CGO14,PhD14], we focused on
the fundamental problem of static control-flow analysis. Traditional
analyses cannot be directly applied to Android because the
applications are framework-based and event-driven. We considered
user-event-driven components and the related sequences of callbacks
from the Android framework to the application code, both for lifecycle
callbacks and for event handler callbacks.
We proposed a program representation that captures such callback
sequences. This representation is built using context-sensitive static
analysis of callback methods. The analysis performs graph reachability
by traversing context-compatible interprocedural control-flow paths
and identifying statements that may trigger callbacks, as well as
paths that avoid such statements. We also developed a client analysis
that builds a static model of the application's GUI. Experimental
evaluation shows that this context-sensitive approach leads to
substantial precision improvements, while having practical cost.
Follow-up work
[ASE15,JASE18]
generalized the analysis from
[ICSE15] with explicit
modeling of the window stack. The public implementation of this
analysis is included in versions 3.0 and later. This work
supersedes the analysis from
[ICSE15] and is recommended
as a starting point for developing new static analyses based on
GATOR.
Using [ASE15,JASE18] we
developed a static detector of energy-related defects [CC16], test generation
techniques for leak detection [AST16,AST18],
and a responsiveness profiling technique
[MobileSoft16].
The public version of GATOR includes the analysis from
[CC16].
GATOR's documentation is available as part of the download file.
People
Downloads
The software release contains the source code of GATOR, as well as relevant Android
programs used in the experiments. The latest release is available
here.
For usage instructions, please see the README file included in each release
package file. For questions or comments, please contact
Atanas Rountev.
Version 3.8, released on 9/9/2019
This release contains the following changes:
- Bug fixes and performance enhancements for GUI structural analysis and WTG construction
Version 3.7, released on 7/26/2019
[Contact us to obtain this old release]
This release contains the following changes:
- Bug fixes and performance enhancements, based on extensive testing with over 17K popular apps from Google Play
- Faster version of the GUI structural analysis (option
-fast
) useful for initial testing and debugging of client analyses
- Options to enable string analysis of GUI widget text properties
Version 3.6, released on 5/22/2019
[Contact us to obtain this old release]
This release contains the following changes:
- Bug fixes and performance enhancements, based on testing with 17K+ popular Android apps
- Support to run as a Docker container
- List of predefined 3rd party library classes excluded from the analysis scope
Version 3.5, released on 8/23/2018
[Contact us to obtain this old release]
This release contains the following changes:
- Bug fixes and performance enhancement of GATOR
- Build system is changed to Gradle
- GUIHierarchyPrinterClient will print out widget’s title
- Support of Android Eclipse projects is deprecated
Version 3.4, released on 11/24/2017
[Contact us to obtain this old release]
Compared to release 3.3, release 3.4 contains the following changes:
- Performance optimizations to reduce the cost of the GUI analyses
Version 3.3, released on 7/27/2017
[Contact us to obtain this old release]
Compared to release 3.2, release 3.3 contains the following changes:
- Handling of GUI event handlers defined in XML layout files
- Minor enhancements and bug fixes
Version 3.2, released on 3/10/2017
[Contact us to obtain this old release]
Compared to release 3.1, release 3.2 contains the following changes:
-
Added support for Android Studio projects
- Stabilized support for APKs
- Added support for apps that require API level higher than android-17
- Added support for Android framework jars which are located in the Android SDK; compiling AOSP is no longer necessary
- Several bug fixes and optimizations
Version 3.1, released on 3/14/2016
[Contact us to obtain this old release]
Compared to release 3.0, release 3.1 contains the following changes:
- Static analysis to detect energy-related defects [CC16] together with the analyzed
benchmarks for that paper
- A generic WTG [ASE15] traversal facility, to
allow various clients to analyze valid paths in the WTG
- More substantial documentation, including details of the generic WTG traversal
- Additional details in the README file
Version 3.0, released on 10/1/2015
[Contact us to obtain this old release]
Compared to release 2.2, release 3.0 contains the following changes:
- Static analysis to construct the WTG [ASE15], as well as a sample
client analysis
- Minor extensions and bug fixes
- Additional details in the README file
Version 2.2, released on 4/16/2015
[Contact us to obtain this old release] Compared to release 2.1, release 2.2 contains the following changes:
- Replace dex2jar with dexpler (from Soot analysis framework) to preprocess APK files
- Optimizations of the control-flow analysis of callbacks
described in
[ICSE15]
- Minor tweaks and bug fixes
- Additional details added in the README file
Version 2.1, released on 02/02/2015
[Contact us to obtain this old release]
Compared to release 2.0, release 2.1 contains the following changes:
- Optimizations of the control-flow analysis of callbacks
described in
[ICSE15]
- Minor tweaks and bug fixes
- Additional details added in the README file
Version 2.0, released on 02/02/2015
[Contact us to obtain this old release]
Compared to release 1.2, release 2.0 contains the following changes:
- Static context-sensitive control-flow analysis of callbacks
[ICSE15]
- Minor extensions in the analysis of XML layout files
Version 1.2, released on 10/27/2014
[Contact us to obtain this old release]
Compared to release 1.1, release 1.2 contains the following changes:
- Allows analysis of APK files, using a pre-processing step
- Minor fixes/extensions in the analysis and the app configurations
- Splitting the analysis and the benchmark Android programs into two archives (gator-1.2 and bench-1.2),
in order to reduce download size
Version 1.1, released on 07/10/2014
[Contact us to obtain this old release]
Release 1.1 corresponds to the analysis described in Chapter 5 of Dacong Yan's
PhD dissertation (an extended version of [CGO14]). Compared to release
1.0, it contains the following new contributions:
- An easier way to write client analysis without hard-coding
- A more precise resolution of listener objects
- Handling of additional Android features (e.g., dialogs)
- A new client that prints the GUI hierarchy of activities, menus, and
dialogs, and prints the event handlers associated with the GUI objects
- Miscellaneous bug fixes and code cleanup
Version 1.0, released on 02/16/2014
[Contact us to obtain this old release]
Release 1.0 corresponds to the GUI analysis described in [CGO14]
plus
handling of some additional Android features (e.g., menus).
Acknowledgments
This material is based upon work supported by the U.S. National Science
Foundation under grants CCF-1017204, CCF-1319695, and
CCF-1526459, and by a Google Faculty
Research Award. Any opinions, findings, and conclusions or recommendations
expressed in this material are those of the author(s) and do not necessarily
reflect the views of the National Science Foundation or Google Inc.
This page was last updated on May 22, 2019