Abstract
Mobile app markets have lowered the barrier to market entry for software producers. As a consequence, an increasing number of independent app developers offer their products, and recent platforms such as the MIT App Inventor and Microsoft's TouchDevelop enable even lay programmers to develop apps and distribute them in app markets.
A major challenge in this distribution model is to ensure the quality of apps. Besides the usual sources of software errors, mobile apps are susceptible to errors caused by the non-determinism of an event-based execution model, a volatile environment, diverse hardware, and others. Many of these errors are difficult to detect during testing, especially for independent app developers, who are not supported by test teams and elaborate test infrastructures.
To address this problem, we propose a static program analysis that captures the specifics of mobile apps and is efficient enough to provide feedback during the development process. Experiments involving 51,456 published TouchDevelop scripts show that our analysis analyzes 98% of the scripts in under a minute, and five seconds on average. Manual inspection of the analysis results for a selection of all scripts shows that most of the alarms are real errors.
- TouchDevelop Web API cloud statistics. https://www.touchdevelop.com/api/stats. Accessed: 2013-09-17.Google Scholar
- M. Akhin, N. Tillmann, M. Fähndrich, J. de Halleux, and M. Moskal. Code similarity in TouchDevelop: Harnessing clones. Technical report, Microsoft Technical Report MSRTR-2011-103, 2011.Google Scholar
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In Proceedings of PLDI '03. ACM Press, 2003. Google Scholar
Digital Library
- Y. Bonjour. Must analysis of collection elements. Master's thesis, ETH Zürich, 2013.Google Scholar
- S. Burckhardt, M. Fähndrich, D. Leijen, and B. Wood. Cloud types for eventual consistency. In Proceedings of ECOOP '12, LNCS. Springer, 2012. Google Scholar
Digital Library
- E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of MobiSys '11. ACM, 2011. Google Scholar
Digital Library
- G. Costantini, P. Ferrara, and A. Cortesi. Static analysis of string values. In Proceedings of ICFEM '11, LNCS. Springer, 2011. Google Scholar
Digital Library
- P. Cousot. The calculational design of a generic abstract interpreter. In Calculational System Design. IOS Press, 1999.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of POPL '77. ACM, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Proceedings of POPL '79. ACM, 1979. Google Scholar
Digital Library
- P. Cousot, R. Cousot, and F. Logozzo. A parametric segmentation functor for fully automatic and scalable array content analysis. In Proceedings of POPL '11. ACM, 2011. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Precise reasoning for programs using containers. In Proceedings of POPL '11. ACM, 2011. Google Scholar
Digital Library
- M. Fähndrich and F. Logozzo. Static contract checking with abstract interpretation. In Procedings of FoVeOOS '10, LNCS. Springer, 2010.Google Scholar
- A. P. Felt, E. Chin, S. Hanna, D. Song, and D.Wagner. Android permissions demystified. In Proceedings of CCS '11. ACM, 2011. Google Scholar
Digital Library
- P. Ferrara. Generic combination of heap and value analyses in abstract interpretation. In Proceedings of VMCAI '14, LNCS. Springer, 2014.Google Scholar
Digital Library
- D. Gopan, F. DiMaio, N. Dor, T. Reps, and M. Sagiv. Numeric domains with summarized dimensions. In Proceedings of TACAS '04, LNCS. Springer, 2004.Google Scholar
Cross Ref
- N. Halbwachs and M. Péron. Discovering properties about arrays in simple programs. In Proceedings of PLDI '08. ACM, 2008. Google Scholar
Digital Library
- D. Hovemeyer, J. Spacco, and W. Pugh. Evaluating and tuning a static analysis to find null pointer bugs. In Proceedings of PASTE '05. ACM, 2005. Google Scholar
Digital Library
- B. Jeannet and A. Miné. Apron: A library of numerical abstract domains for static analysis. In Proceedings CAV '09, LNCS. Springer, 2009. Google Scholar
Digital Library
- M. Marron, R. Majumdar, D. Stefanovic, and D. Kapur. Shape analysis with reference set relations. In Proceedings of VMCAI '10, LNCS. Springer, 2010. Google Scholar
Digital Library
- L. Mauborgne and X. Rival. Trace partitioning in abstract interpretation based static analyzers. In Proceedings of ESOP '05, LNCS. Springer, 2005. Google Scholar
Digital Library
- A. Miné. The octagon abstract domain. Higher-Order and Symbolic Computation, 19(1):31--100, 2006. Google Scholar
Digital Library
- T. Nguyen, S. Rumee, C. Csallner, and N. Tillmann. An experiment in developing small mobile phone applications comparing on-phone to off-phone development. In Proceedings of USER '12, 2012. Google Scholar
Digital Library
- H. Oh, L. Brutschy, and K. Yi. Access analysis-based tight localization of abstract memories. In Proceedings of VMCAI '11, LNCS. Springer, 2011. Google Scholar
Digital Library
- É. Payet and F. Spoto. Static analysis of Android programs. Information and Software Technology, 54(11):1192--1201, 2012. Google Scholar
Digital Library
- X. Rival. Understanding the origin of alarms in Astrée. In Proceedings of SAS '05, LNCS. Springer, 2005. Google Scholar
Digital Library
- M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems, 24(3):217--298, May 2002. Google Scholar
Digital Library
- M. Sridharan, S. Chandra, J. Dolby, S. J. Fink, and E. Yahav. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming, LNCS. Springer, 2013. Google Scholar
Digital Library
- N. Tillmann, M. Moskal, J. de Halleux, and M. Fähndrich. TouchDevelop: programming cloud-connected mobile devices via touchscreen. In Proceedings of SPLASH/Onward! '11. ACM, 2011. Google Scholar
Digital Library
- D. Wolber, H. Abelson, E. Spertus, and L. Looney. App Inventor. O'Reilly Media, 2011.Google Scholar
- X. Xiao, N. Tillmann, M. Fähndrich, J. de Halleux, and M. Moskal. User-aware privacy control via extended static-information-flow analysis. In Proceedings of ASE '12. ACM, 2012. Google Scholar
Digital Library
Index Terms
Static analysis for independent app developers
Recommendations
Static analysis for independent app developers
OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & ApplicationsMobile app markets have lowered the barrier to market entry for software producers. As a consequence, an increasing number of independent app developers offer their products, and recent platforms such as the MIT App Inventor and Microsoft's TouchDevelop ...
On the Static Analysis of Hybrid Mobile Apps
ESSoS 2016: Proceedings of the 8th International Symposium on Engineering Secure Software and Systems - Volume 9639Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide WebWith the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...







Comments