skip to main content
research-article

Static analysis for independent app developers

Published:15 October 2014Publication History
Skip Abstract Section

Abstract

Mobile app markets have lowered the barrier to market entry for software producers. As a consequence, an increasing number of independent app developers offer their products, and recent platforms such as the MIT App Inventor and Microsoft's TouchDevelop enable even lay programmers to develop apps and distribute them in app markets.

A major challenge in this distribution model is to ensure the quality of apps. Besides the usual sources of software errors, mobile apps are susceptible to errors caused by the non-determinism of an event-based execution model, a volatile environment, diverse hardware, and others. Many of these errors are difficult to detect during testing, especially for independent app developers, who are not supported by test teams and elaborate test infrastructures.

To address this problem, we propose a static program analysis that captures the specifics of mobile apps and is efficient enough to provide feedback during the development process. Experiments involving 51,456 published TouchDevelop scripts show that our analysis analyzes 98% of the scripts in under a minute, and five seconds on average. Manual inspection of the analysis results for a selection of all scripts shows that most of the alarms are real errors.

References

  1. TouchDevelop Web API cloud statistics. https://www.touchdevelop.com/api/stats. Accessed: 2013-09-17.Google ScholarGoogle Scholar
  2. M. Akhin, N. Tillmann, M. Fähndrich, J. de Halleux, and M. Moskal. Code similarity in TouchDevelop: Harnessing clones. Technical report, Microsoft Technical Report MSRTR-2011-103, 2011.Google ScholarGoogle Scholar
  3. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In Proceedings of PLDI '03. ACM Press, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Y. Bonjour. Must analysis of collection elements. Master's thesis, ETH Zürich, 2013.Google ScholarGoogle Scholar
  5. S. Burckhardt, M. Fähndrich, D. Leijen, and B. Wood. Cloud types for eventual consistency. In Proceedings of ECOOP '12, LNCS. Springer, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. E. Chin, A. P. Felt, K. Greenwood, and D. Wagner. Analyzing inter-application communication in Android. In Proceedings of MobiSys '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. G. Costantini, P. Ferrara, and A. Cortesi. Static analysis of string values. In Proceedings of ICFEM '11, LNCS. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. P. Cousot. The calculational design of a generic abstract interpreter. In Calculational System Design. IOS Press, 1999.Google ScholarGoogle Scholar
  9. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of POPL '77. ACM, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Proceedings of POPL '79. ACM, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Cousot, R. Cousot, and F. Logozzo. A parametric segmentation functor for fully automatic and scalable array content analysis. In Proceedings of POPL '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. I. Dillig, T. Dillig, and A. Aiken. Precise reasoning for programs using containers. In Proceedings of POPL '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Fähndrich and F. Logozzo. Static contract checking with abstract interpretation. In Procedings of FoVeOOS '10, LNCS. Springer, 2010.Google ScholarGoogle Scholar
  14. A. P. Felt, E. Chin, S. Hanna, D. Song, and D.Wagner. Android permissions demystified. In Proceedings of CCS '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. Ferrara. Generic combination of heap and value analyses in abstract interpretation. In Proceedings of VMCAI '14, LNCS. Springer, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Gopan, F. DiMaio, N. Dor, T. Reps, and M. Sagiv. Numeric domains with summarized dimensions. In Proceedings of TACAS '04, LNCS. Springer, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  17. N. Halbwachs and M. Péron. Discovering properties about arrays in simple programs. In Proceedings of PLDI '08. ACM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. D. Hovemeyer, J. Spacco, and W. Pugh. Evaluating and tuning a static analysis to find null pointer bugs. In Proceedings of PASTE '05. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Jeannet and A. Miné. Apron: A library of numerical abstract domains for static analysis. In Proceedings CAV '09, LNCS. Springer, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. M. Marron, R. Majumdar, D. Stefanovic, and D. Kapur. Shape analysis with reference set relations. In Proceedings of VMCAI '10, LNCS. Springer, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. L. Mauborgne and X. Rival. Trace partitioning in abstract interpretation based static analyzers. In Proceedings of ESOP '05, LNCS. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. A. Miné. The octagon abstract domain. Higher-Order and Symbolic Computation, 19(1):31--100, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. T. Nguyen, S. Rumee, C. Csallner, and N. Tillmann. An experiment in developing small mobile phone applications comparing on-phone to off-phone development. In Proceedings of USER '12, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. H. Oh, L. Brutschy, and K. Yi. Access analysis-based tight localization of abstract memories. In Proceedings of VMCAI '11, LNCS. Springer, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. É. Payet and F. Spoto. Static analysis of Android programs. Information and Software Technology, 54(11):1192--1201, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. X. Rival. Understanding the origin of alarms in Astrée. In Proceedings of SAS '05, LNCS. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. ACM Transactions on Programming Languages and Systems, 24(3):217--298, May 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. M. Sridharan, S. Chandra, J. Dolby, S. J. Fink, and E. Yahav. Alias analysis for object-oriented programs. In Aliasing in Object-Oriented Programming, LNCS. Springer, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. N. Tillmann, M. Moskal, J. de Halleux, and M. Fähndrich. TouchDevelop: programming cloud-connected mobile devices via touchscreen. In Proceedings of SPLASH/Onward! '11. ACM, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. D. Wolber, H. Abelson, E. Spertus, and L. Looney. App Inventor. O'Reilly Media, 2011.Google ScholarGoogle Scholar
  31. X. Xiao, N. Tillmann, M. Fähndrich, J. de Halleux, and M. Moskal. User-aware privacy control via extended static-information-flow analysis. In Proceedings of ASE '12. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Static analysis for independent app developers

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM SIGPLAN Notices
            ACM SIGPLAN Notices  Volume 49, Issue 10
            OOPSLA '14
            October 2014
            907 pages
            ISSN:0362-1340
            EISSN:1558-1160
            DOI:10.1145/2714064
            • Editor:
            • Andy Gill
            Issue’s Table of Contents
            • cover image ACM Conferences
              OOPSLA '14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications
              October 2014
              946 pages
              ISBN:9781450325851
              DOI:10.1145/2660193

            Copyright © 2014 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 15 October 2014

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!