Third-party Python modules are usually implemented as binary extensions by using native code (C/C++) to provide additional features and runtime acceleration. In native code, the heap-allocated PyObjects are managed by the reference counting mechanism provided in Python/C APIs for automatic reclaiming. Hence, improper refcount manipulations can lead to memory leaks and use-after-free problems, and cannot be detected by simply pairing the occurrence of source and sink points. To detect such problems, state-of-the-art approaches have made groundbreaking contributions to identifying inappropriate final refcount values before returning from native code to Python. However, not all problems can be exposed at the end of a path. To detect those hidden in the middle of a path in native code, it is also crucial to track the lifecycle state of PyObjects through the refcount and lifecycle operations in API calls.

To achieve this goal, we propose the PyObject State Transition Model (PSTM) recording the lifecycle states and refcount values of PyObjects to describe the effects of Python/C API calls and pointer operations. We track state transitions of PyObjects with symbolic execution based on the model, and report problems when a statement triggers a transition to buggy states. The program state is also expanded to handle pointer nullity checks and smart pointers of PyObjects. We conduct experiments on 12 open-source projects and detect 259 real problems out of 280 reports, which is twice as many bugs as state-of-the-art approaches. We submit 168 real bugs to those active projects, and 106 issues are either confirmed or resolved.

Xutong Ma

State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

Jiwei Yan

Institute of Software at Chinese Academy of Sciences, China

China

Hao Zhang

Institute of Software, Chinese Academy of Sciences

Jun Yan

Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences

China

Jian Zhang

Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences

China

Components are the fundamental building blocks of Android applications. Different functional modules represented by components often rely on inter-component communication mechanisms to achieve cross-module data transfer and method invocation. It is necessary to conduct robustness testing on components to prevent component launching crashes and privacy leaks caused by unexpected input parameters. However, as the complexity of the input parameter structure and the diversity of possible inputs, developers may overlook specific inputs that result in exceptions. At the same time, the vast input space also brings challenges to efficient component testing. In this paper, we designed an automated testing tool for Android application components named \textit{\textbf{ICTDroid}}, which combines static parameter extraction and adaptive-strength combinatorial testing generation to detect bugs with a compact test suite. Experiments have shown that the tool triggers 205 unique exceptions in 30 open-source applications with 1,919 test cases in 83 minutes, where the developers have confirmed three of six issues we reported. The tool and demostration video of \textit{ICTDroid} is available at https://lightningrs.github.io/tools/ICTDroid.html.

Shixin Zhang

Institute of Software, Chinese Academy of Sciences

China

Shanna Li

Beijing Jiaotong University

Xi Deng

Institute of Software, Chinese Academy of Sciences

Jiwei Yan

Institute of Software at Chinese Academy of Sciences, China

China

Jun Yan

Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences

China

The fundamental asynchronous thread (java.lang.Thread) in Java can be easily misused, due to the lack of deep understanding for garbage collection and thread interruption mechanism. For example, a careless implementation of asynchronous thread may cause no response to the interrupt mechanism in time, resulting in unexpected thread-related behaviors, especially resource leak/waste. Currently, few works aim at these misuses and related works adopt either the dynamic approach which lacks effective inputs or the static path-sensitive approach with high time consumption due to the path explosion, causing false negatives. We have found that the behavior of threads and the interaction between threads and its referencing objects can be abstracted. In this paper, we propose an event analysis approach to detect the defects in Java programs and Android apps, which focuses on the existence or the order of the events to reduce the false negatives. We extract the misuse-related events, containing the thread events and the destroy events of the object referenced by the thread. Then we analyze the events with loop identification, happens-before relationship construction and alias determination. Finally, we implement an automatic tool named Leopard and evaluate it on real world Java programs and Android apps. Experiments show that it is efficient when comparing with the existing approach (misuse: 723 vs 47, time: 60s vs 30min), which also outperforms the existing work in precision. The manual check indicates that Leopard is more efficient and effective than existing work. Besides, 66 issues reported by us have been confirmed and 21 of them have been fixed by developers.

Baoquan Cui

Institute of Software at Chinese Academy of Sciences, China

MiaoMiao Wang

Technology Center of Software Engineering, ISCAS, China. University of Chinese Academy of Sciences, China.

Chi Zhang

State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

Jiwei Yan

Institute of Software at Chinese Academy of Sciences, China

China

Jun Yan

Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences

China

Jian Zhang

Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences

China