Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Static Analysis of Context Leaks in Android Applications

44 views

Published on

This is the presentation brought to ICSE 2018

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Static Analysis of Context Leaks in Android Applications

  1. 1. Static Analysis of Context Leaks in Android Applications Flavio Toffalini, Sun Jun, and Martín Ochoa Singapore University of Technology and Design
  2. 2. Outline • Goal • Android Life-cycle • Context Memory Leaks • Our Analysis • Experiments
  3. 3. Detect Context memory leaks in Android applications
  4. 4. Android employs a garbage collector Developers cannot trigger memory deallocation Automatic garbage collection is not perfect Some objects are not deallocated Android life-cycle
  5. 5. Android life-cycle Some objects follow a life-cycle (e.g., Activities) Only Android can change the state of an object The developer can only drive objects status by implementing callback functions It is impossible to avoid an object destruction BUT it is possible to intercept events and close it gracefully Life-cycle objects are “subclasses” of Context classes
  6. 6. Context Memory Leaks Static-fields Thread-like objects Manager (interfaces)
  7. 7. Context Memory Leaks – Static Fields // things for handling a GUI static Activity a; void method1() {} int setA() {} void getA() {} Class CActivity A (subclass of Context) Created Running… Running… Running… Destroyed This field does not allow the GC to deallocate A’s memory
  8. 8. Context Memory Leaks – Thread-like objects // things for handling a GUI void run() { // I’m doing my long // long process! } Thread T (inner class) Activity A (subclass of Context) Created Running… Thread running… Running… Destroyed This is a synthetic field that does not allow the GC to deallocate A’s memory till the thread T is running
  9. 9. Context Memory Leaks – Managers // things for handling a GUI void onCallbackFuntion() { // I do my callback duties } void a() { setManager(this); } Activity A implement Callback (subclass of Context) Created Running… Callback assignment Running… Destroyed This assignment does not allow the GC to deallocate A’s memory
  10. 10. Our Analysis – overview APK Warnings Julia analyzer
  11. 11. Our Analysis – overview APK Warnings Julia analyzer What Julia does: - Simulate android life-cycle - Create a full CFG (besides reflection) - Implement abstract interpretation (e.g., for backward analysis)
  12. 12. Our Analysis - intuition Not all Context are bad guys.. Context Activity Service ApplicationContextBroadcastReceiver This is a safe Context It is valid as long as the application is running
  13. 13. Our Analysis - intuition Application Context is returned by getApplicationContext() Activity a = …; Context c = (Context)a; Context c = getApplicationContext(); Bad Context Good Context!
  14. 14. Our Analysis How can a field reach a Context? - It points to a Context subclass - It points to a Context-container That’s trivial That’s not trivial at all
  15. 15. Our Analysis – Context-container static Class2 c2 // GUI stuffs Class1 Class2 Activity Class3 c3 Class4 c4 Class3 Context-containers
  16. 16. Our Analysis 1. List all fields that point to a Context subclass or to a context-container 2. Backward analysis to identify the nature of the fields: 1. If all producers are ApplicationContext or Null, the field does not leak 2. Else, the field will leak
  17. 17. Evaluation We selected 8 open source applications Compared to another memory leak analyzers: Lint
  18. 18. Evaluation
  19. 19. Thanks! Q&A

×