Riganelli Oliviero, Micucci Daniela, Mariani Leonardo
Dipartimento Informatica Sistemistica e Comunicazione Università degli Studi di Milano-Bicocca Milan Italy.
Softw Pract Exp. 2019 Mar;49(3):540-548. doi: 10.1002/spe.2672. Epub 2018 Dec 13.
Android apps share resources, such as sensors, cameras, and Global Positioning System, that are subject to specific usage policies whose correct implementation is left to programmers. Failing to satisfy these policies may cause resource leaks, that is, apps may acquire but never release resources. This might have different kinds of consequences, such as apps that are unable to use resources or resources that are unnecessarily active wasting battery. Researchers have proposed several techniques to detect and fix resource leaks. However, the unavailability of public benchmarks of faulty apps makes comparison between techniques difficult, if not impossible, and forces researchers to build their own data set to verify the effectiveness of their techniques (thus, making their work burdensome). The aim of our work is to define a public benchmark of Android apps affected by resource leaks. The resulting benchmark, called AppLeak, is publicly available on GitLab and includes faulty apps, versions with bug fixes (when available), test cases to automatically reproduce the leaks, and additional information that may help researchers in their tasks. Overall, the benchmark includes a body of 40 faults that can be exploited to evaluate and compare both static and dynamic analysis techniques for resource leak detection.
安卓应用会共享一些资源,比如传感器、摄像头和全球定位系统,这些资源受特定使用策略的约束,而策略的正确实施则由程序员负责。若未能满足这些策略,可能会导致资源泄漏,也就是说,应用可能获取了资源但从未释放。这可能会引发各种不同的后果,比如应用无法使用资源,或者资源不必要地处于活跃状态从而消耗电池电量。研究人员已经提出了几种检测和修复资源泄漏的技术。然而,由于缺乏有故障应用的公开基准测试,使得技术之间的比较即便不是不可能,也是困难的,这迫使研究人员构建自己的数据集来验证其技术的有效性(因此,增加了他们的工作负担)。我们工作的目标是定义一个受资源泄漏影响的安卓应用的公开基准测试。由此产生的基准测试名为AppLeak,可在GitLab上公开获取,它包括有故障的应用、修复了漏洞的版本(如果有)、用于自动重现泄漏的测试用例,以及可能有助于研究人员完成任务的其他信息。总体而言,该基准测试包含40个故障实例,可用于评估和比较用于资源泄漏检测的静态和动态分析技术。
