Static Analysis of Android Programs
Abstract
Android is a programming language based on Java and an operating system for embedded or mobile devices whose upper layers are written in that language. It features an extended event-based library and dynamic inflation of graphical views from declarative XML layout files. A static analyzer for Android programs must consider such features, for correctness and precision. This article is an in-depth description of how we extended the Julia system, based on abstract interpretation, to run formally correct analyses of Android programs, of the difficulties that we faced and of the results that we obtained. Namely, we have analyzed with Julia the whole set of Android sample applications by Google and a few larger open-source programs. We have applied seven static analyses, including classcast, dead code, nullness and termination analysis. Julia has found, automatically, bugs and flaws both in the Google samples and in the open-source applications.
Domains
Computer Science [cs]Origin | Explicit agreement for this submission |
---|
Loading...