Applications for smartphones or other mobile devices (“apps”) are used by billions of subscribers worldwide. Apps and their users are at risk, however: due to their unique and unprecedented properties, apps have a high potential for faults and errors, and due to their popularity, apps have become a lucrative target for attackers’ malicious activities.
This dissertation introduces static and dynamic analysis techniques for fault discovery, localization, and recovery in apps. The existing approaches for fault discovery and localization either are not mature enough (i.e., lack of sound static and dynamic techniques and low coverage with high overhead) or have severe limitations (e.g., work only on emulators).
We facilitate the discovery of faults through Automatic Android App Explorer
(A3E). As the name suggests, A3E generates test cases on-the-fly and exercises them. It achieves that through two distinctive strategies: an exploration in a depth-first manner and targeted exploration from a particular activity (page) inside the app. After fault discovery, fault localization is necessary to contain the error. To permit fault localization we
have developed three techniques: app state recreation through user defined deep links, automatic GUI-input generation through AndroidArrow, and the program slicing framework AndroidSlicer. uLink, our next solution, is a demand-driven record-and-replay library that creates replayable links on-the-fly; these links can be directly re-executed to re-construct
a particular application state. AndroidArrow is a toolset to generate UI element event sequences which can be injected into an app to trigger a target method or program point. Our next localization strategy is AndroidSlicer; a slicing framework for Android apps. While
program slicing is not new, no substantial slicing work has been done so far for smartphone platforms. As smartphone apps have new, unprecedented characteristics, slicing techniques need to evolve accordingly. Apart from fault localization, slicing has many other applications, such as improving dynamic taint analysis, finding relevant inputs, and undo computing. Finally, we have developed an app recovery technique that uses automated
patching while the app runs to seal off faulty code with specific recovery routines, so the app can recover from faults on-the-fly.
In summary, this dissertation explores and employs static and dynamic analysis and techniques, algorithms and, in some cases, improves existing approaches to creating high coverage test cases (fault discovery), identifying program faults (fault localization), and finally, sealing off erroneous code blocks (fault recovery) to render a smooth and uninterrupted
app experience.