GATOR: Program Analysis Toolkit For Android

The popularity of Android software has grown dramatically in the last few years. It is essential for researchers in programming languages and software engineering to contribute new techniques in this increasingly important area. Such techniques require a foundation of program analyses for Android. The target of our work is to provide a program analysis toolkit for Android (GATOR). As a first component of this toolkit, we developed a static reference analysis for GUI objects in Android software. The second component of GATOR is a control-flow analysis of user-event-driven callbacks.

An Android application is driven by a graphical user interface (GUI), with GUI objects responding to user actions. These objects and the event handlers associated with them ultimately determine the possible flow of control and data. We propose [CGO14] the first static analysis to model GUI-related Android objects, their flow through the application, and their interactions with each other via the abstractions defined by the Android platform. A formal semantics for the relevant Android constructs is developed to provide a solid foundation for this and other analyses. Next, we propose a constraint-based reference analysis based on the semantics. The analysis employs a constraint graph to model the flow of GUI objects, the hierarchical structure of these objects, and the effects of relevant Android operations. Experimental evaluation on real-world Android applications strongly suggests that the analysis achieves high precision with low cost. The analysis enables static modeling of control/data flow that is foundational for compiler analyses, instrumentation for event/interaction profiling, static error checking, security analysis, test generation, and automated debugging. It provides a key component to be used by static analysis researchers in the growing area of Android software.

In subsequent work [ICSE15] which builds on [CGO14], we focus on the fundamental problem of static control-flow analysis. Traditional analyses cannot be directly applied to Android because the applications are framework-based and event-driven. We consider user-event-driven components and the related sequences of callbacks from the Android framework to the application code, both for lifecycle callbacks and for event handler callbacks. We propose a program representation that captures such callback sequences. This representation is built using context-sensitive static analysis of callback methods. The analysis performs graph reachability by traversing context-compatible interprocedural control-flow paths and identifying statements that may trigger callbacks, as well as paths that avoid such statements. We also develop a client analysis that builds a static model of the application's GUI. Experimental evaluation shows that this context-sensitive approach leads to substantial precision improvements, while having practical cost. This work presents novel contributions in static control-flow analysis and GUI model generation for Android.

Follow-up work [ASE15] generalizes the analysis from [ICSE15] with explicit modeling of the window stack. The public implementation of this analysis is included in versions 3.0 and later. This work supersedes the analysis from [ICSE15] and is recommended as a starting point for developing new static analyses based on GATOR.

Using [ASE15] we developed a static detector of energy-related defects [CC16], test generation technique for leak detection [AST16], and a responsiveness profiling technique [MobileSoft16]. The latest public version of GATOR includes the analysis from [CC16].


People


Downloads

The software release contains the source code of GATOR, as well as relevant Android programs used in the experiments. The latest release is available here. For usage instructions, please see the README file included in each release package file. For questions or comments, please contact Atanas Rountev.

Version 3.3, released on 7/27/2017

Compared to release 3.2, release 3.3 contains the following changes:
  1. Handling of GUI event handlers defined in XML layout files
  2. Minor enhancements and bug fixes

Version 3.2, released on 3/10/2017

[Contact us to obtain this old release] Compared to release 3.1, release 3.2 contains the following changes:
  1. Added support for Android Studio projects
  2. Stabilized support for APKs
  3. Added support for apps that require API level higher than android-17
  4. Added support for Android framework jars which are located in the Android SDK; compiling AOSP is no longer necessary
  5. Several bug fixes and optimizations

Version 3.1, released on 3/14/2016

[Contact us to obtain this old release] Compared to release 3.0, release 3.1 contains the following changes:
  1. Static analysis to detect energy-related defects [CC16] together with the analyzed benchmarks for that paper
  2. A generic WTG [ASE15] traversal facility, to allow various clients to analyze valid paths in the WTG
  3. More substantial documentation, including details of the generic WTG traversal
  4. Additional details in the README file

Version 3.0, released on 10/1/2015

[Contact us to obtain this old release] Compared to release 2.2, release 3.0 contains the following changes:
  1. Static analysis to construct the WTG [ASE15], as well as a sample client analysis
  2. Minor extensions and bug fixes
  3. Additional details in the README file

Version 2.2, released on 4/16/2015

[Contact us to obtain this old release] Compared to release 2.1, release 2.2 contains the following changes:
  1. Replace dex2jar with dexpler (from Soot analysis framework) to preprocess APK files
  2. Optimizations of the control-flow analysis of callbacks described in [ICSE15]
  3. Minor tweaks and bug fixes
  4. Additional details added in the README file

Version 2.1, released on 02/02/2015

[Contact us to obtain this old release] Compared to release 2.0, release 2.1 contains the following changes:
  1. Optimizations of the control-flow analysis of callbacks described in [ICSE15]
  2. Minor tweaks and bug fixes
  3. Additional details added in the README file

Version 2.0, released on 02/02/2015

[Contact us to obtain this old release] Compared to release 1.2, release 2.0 contains the following changes:
  1. Static context-sensitive control-flow analysis of callbacks [ICSE15]
  2. Minor extensions in the analysis of XML layout files

Version 1.2, released on 10/27/2014

[Contact us to obtain this old release] Compared to release 1.1, release 1.2 contains the following changes:
  1. Allows analysis of APK files, using a pre-processing step
  2. Minor fixes/extensions in the analysis and the app configurations
  3. Splitting the analysis and the benchmark Android programs into two archives (gator-1.2 and bench-1.2), in order to reduce download size

Version 1.1, released on 07/10/2014

[Contact us to obtain this old release] Release 1.1 corresponds to the analysis described in Chapter 5 of Dacong Yan's PhD dissertation (an extended version of [CGO14]). Compared to release 1.0, it contains the following new contributions:
  1. An easier way to write client analysis without hard-coding
  2. A more precise resolution of listener objects
  3. Handling of additional Android features (e.g., dialogs)
  4. A new client that prints the GUI hierarchy of activities, menus, and dialogs, and prints the event handlers associated with the GUI objects
  5. Miscellaneous bug fixes and code cleanup

Version 1.0, released on 02/16/2014

[Contact us to obtain this old release] Release 1.0 corresponds to the GUI analysis described in [CGO14] plus handling of some additional Android features (e.g., menus).

Acknowledgments

This material is based upon work supported by the U.S. National Science Foundation under grants CCF-1017204, CCF-1319695, and CCF-1526459, and by a Google Faculty Research Award. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation or Google Inc.
This page was last updated on July 27, 2017