Skip to main content
SpringerLink
Log in

DroidLeaks: a comprehensive database of resource leaks in Android apps

  • Published:
Empirical Software Engineering Aims and scope Submit manuscript

Abstract

Resource leaks in Android apps are pervasive. They can cause serious performance degradation and system crashes. In recent years, many resource leak detection techniques have been proposed to help Android developers correctly manage system resources. Yet, there exist no common databases of real-world bugs for effectively comparing such techniques to understand their strengths and limitations. This paper describes our effort towards constructing such a bug database named DroidLeaks. To extract real resource leak bugs, we mined 124,215 code revisions of 34 popular open-source Android apps. After automated filtering and manual validation, we successfully found 292 fixed resource leak bugs, which cover a diverse set of resource classes, from 32 analyzed apps. To understand these bugs, we conducted an empirical study, which revealed the characteristics of resource leaks in Android apps and common patterns of resource management mistakes made by developers. To further demonstrate the usefulness of our work, we evaluated eight resource leak detectors from both academia and industry on DroidLeaks and performed a detailed analysis of their performance. We release DroidLeaks for public access to support future research.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Listing 1
Listing 2
Listing 3
Fig. 1
Listing 4
Listing 5
Fig. 2
Listing 6
Listing 7
Listing 8
Listing 9
Listing 10
Listing 11
Listing 12

Similar content being viewed by others

Notes

  1. https://developer.android.com/reference/android/os/PowerManager.WakeLock

  2. https://github.com/

  3. We do not claim the completeness of our keyword set. With the current keywords, we successfully located a large number of real resource leak bugs in the code repositories of 32 of our 34 app subjects, which are sufficient for our later studies.

  4. In our mining scripts, we defined 32 removal patterns after randomly sampling 1,000+ commit logs. We skip the details in this paper.

  5. For all open-source projects referenced in this paper, we provide the links to their code repository in Table 10 of the Appendix. The readers can find the discussed revisions in the code repository.

  6. Note that it is hard to confirm whether these snapshots had been released to market and affected users due to the lack of data. There is a possibility that the “fixes” of resource leak bugs found by our approach were actually committed to the code repositories to address the warnings generated by IDEs or issues noticed by developers themselves instead of patching bugs observed by the users.

  7. The code in all listings in this article has been simplified for readability. The readers can refer to the corresponding code repositories, whose URLs are provided in Table 10 in the appendix, to check the original code via the Git commit hash.

  8. We observed only four such cases in DroidLeaks and therefore do not specifically discuss them in this paper. Interested readers can refer to our project website for details.

  9. http://tools.android.com/tips/lint-checks

  10. http://findbugs.sourceforge.net/bugDescriptions.html

  11. https://pmd.sourceforge.io/pmd-4.3.0/rules/index.html

  12. https://developer.android.com/studio/releases/

  13. https://plugins.jetbrains.com/plugin/3847-findbugs-idea/

  14. https://plugins.jetbrains.com/plugin/4596-qaplug--pmd/

  15. https://github.com/facebook/infer/releases/tag/v0.15.0

  16. https://github.com/facebook/infer/issues/679

  17. We cannot collect resource leak bug reports by checking issue report labels. None of the 34 projects have labels for resource leak bugs in their issue tracking systems. In fact, the majority of the projects do not even have a clear labeling of bug types and only five of them have labels for general performance bugs.

  18. https://developer.android.com/studio/profile/android-profiler

  19. http://www.eclipse.org/mat/

References

  • Amann S, Nadi S, Nguyen HA, Nguyen TN, Mezini M (2016) Mubench: a benchmark for api-misuse detectors. In: Proceedings of the 2016 IEEE/ACM 13th working conference on mining software repositories (MSR), pp 464–467

  • Android ANR Errors (2018) https://developer.android.com/training/articles/perf-anr.html

  • Android API Guides (2018) https://developer.android.com/guide/

  • Android Processes and Threads (2018) https://developer.android.com/guide/components/processes-and-threads.html

  • Arnold M, Vechev M, Yahav E (2011) Qvm: an efficient runtime for detecting defects in deployed systems. ACM Trans Softw Eng Methodol 21(1):2:1–2:35

    Article  Google Scholar 

  • Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Le Traon Y, Octeau D, McDaniel P (2014) Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN conference on programming language design and implementation, PLDI ’14, pp 259–269

  • Banerjee A, Chong LK, Ballabriga C, Roychoudhury A (2018) Energypatch: repairing resource leaks to improve energy-efficiency of android apps. IEEE Trans Softw Eng 44(5):470–490

    Article  Google Scholar 

  • Bond MD, McKinley KS (2006) Bell: bit-encoding online memory leak detection. In: Proceedings of the 12th international conference on architectural support for programming languages and operating systems, ASPLOS XII, pp 61–72

  • Cabral B, Marques P (2007) Exception handling: a field study in java and .net. In: Proceedings of the 21st European conference on object-oriented programming, pp 151–175

  • Dallmeier V, Zimmermann T (2007) Extraction of bug localization benchmarks from history. In: Proceedings of the twenty-second IEEE/ACM international conference on automated software engineering, ASE ’07, pp 433–436

  • Dillig I, Dillig T, Yahav E, Chandra S (2008) The closer: automating resource management in java. In: Proceedings of the 7th international symposium on memory management, ISMM ’08, pp 1–10

  • Do H, Elbaum S, Rothermel G (2005) Supporting controlled experimentation with testing techniques: an infrastructure and its potential impact. Empirical Softw Engg 10(4):405–435

    Article  Google Scholar 

  • F-Droid (2018) A catalogue of open-source android apps. https://f-droid.org/

  • Facebook (2018) Infer: a tool to detect bugs in java and C/C++/Objective-C code. http://fbinfer.com/

  • Felt AP, Chin E, Hanna S, Song D, Wagner D (2011) Android permissions demystified. In: Proceedings of the 18th ACM conference on computer and communications security, CCS ’11, pp 627–638

  • Google (2018a) Android lint: a code scanning tool for android apps. https://developer.android.com/studio/write/lint.html

  • Google (2018b) Android studio. https://developer.android.com/studio/index.html

  • Guo C, Zhang J, Yan J, Zhang Z, Zhang Y (2013) Characterizing and detecting resource leaks in android applications. In: Proceedings of the 28th IEEE/ACM international conference on automated software engineering (ASE), pp 389–398

  • Hauswirth M, Chilimbi TM (2004) Low-overhead memory leak detection using adaptive statistical profiling. In: Proceedings of the 11th international conference on architectural support for programming languages and operating systems, ASPLOS XI, pp 156–164

  • Hovemeyer D, Pugh W (2004) Finding bugs is easy. SIGPLAN Not 39 (12):92–106. ISSN 0362-1340

    Article  Google Scholar 

  • Hutchins M, Foster H, Goradia T, Ostrand T (1994) Experiments on the effectiveness of dataflow- and control-flow-based test adequacy criteria. In: Proceedings of 16th international conference on software engineering, pp 191–200

  • Jalbert N, Pereira C, Pokam G, Sen K (2011) Radbench: a concurrency bug benchmark suite. In: Proceedings of the 3rd USENIX conference on hot topic in parallelism, HotPar’11, pp 2–2

  • Java API Specifications (2018) https://docs.oracle.com/javase/7/docs/api/

  • JetBrains (2018) Code inspection in IntelliJ IDEA. https://www.jetbrains.com/help/idea/2016.3/code-inspection.html

  • Jump M, McKinley KS (2007) Cork: dynamic memory leak detection for garbage-collected languages. In: Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on principles of programming languages, POPL ’07, pp 31–38

  • Just R, Jalali D, Ernst MD (2014) Defects4j: a database of existing faults to enable controlled testing studies for java programs. In: Proceedings of the 2014 international symposium on software testing and analysis, ISSTA 2014, pp 437–440

  • Lin Y, Radoi C, Dig D (2014) Retrofitting concurrency for android applications through refactoring. In: Proceedings of the 22nd ACM SIGSOFT international symposium on foundations of software engineering, FSE 2014, pp 341–352

  • Linares-Vásquez M, Vendome C, Tufano M, Poshyvanyk D (2017) How developers micro-optimize android apps. J Syst Softw 130(C):1–23

    Article  Google Scholar 

  • Liu Y, Xu C, Cheung SC, Lü J (2014) Greendroid : automated diagnosis of energy inefficiency for smartphone applications. IEEE Trans Softw Eng 40(9):911–940

    Article  Google Scholar 

  • Liu J, Wu T, Yan J, Zhang J (2016a) Fixing resource leaks in android apps with light-weight static analysis and low-overhead instrumentation. In: 2016 IEEE 27th international symposium on software reliability engineering (ISSRE), pp 342–352

  • Liu Y, Xu C, Cheung S-C, Terragni V (2016b) Understanding and detecting wake lock misuses for android applications. In: Proceedings of the 2016 24th ACM SIGSOFT international symposium on foundations of software engineering, FSE 2016, pp 396–409

  • Lovins J (1968) Development of a stemming algorithm. Mechanical Translation and Computational Linguistics 11(1 and 2):22–31

    Google Scholar 

  • Lu S, Li Z, Qin F, Tan L, Zhou P, Zhou Y (2005) Bugbench: benchmarks for evaluating bug detection tools. In: Proceedings of the workshop on the evaluation of software defect detection tools

  • Mitchell N, Sevitsky G (2003) Leakbot: an automated and lightweight tool for diagnosing memory leaks in large java applications. In: Proceedings of the 17th European conference on object-oriented programming, pp 351–377

    Chapter  Google Scholar 

  • Pathak A, Jindal A, Hu YC, Midkiff SP (2012) What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps. In: Proceedings of the 10th international conference on mobile systems, applications, and services, MobiSys ’12, pp 267–280

  • PMD (2018) A java source code analyzer. http://pmd.sourceforge.net/

  • Soot (2018) A framework for analyzing and transforming java and android apps. http://sable.github.io/soot/

  • Torlak E, Chandra S (2010) Effective interprocedural resource leak detection. In: Proceedings of the 32nd ACM/IEEE international conference on software engineering - volume 1, ICSE ’10. ISBN 978-1-60558-719-6, pp 535–544

  • Vekris P, Jhala R, Lerner S, Agarwal Y (2012) Towards verifying android apps for the absence of no-sleep energy bugs. In: Proceedings of the 2012 USENIX conference on power-aware computing and systems, HotPower’12, pp 3–3

  • Weimer W, Necula GC (2004) Finding and preventing run-time error handling mistakes. In: Proceedings of the 19th annual ACM SIGPLAN conference on object-oriented programming, systems languages, and applications, OOPSLA ’04, pp 419–431

  • Wu H, Wang Yan, Rountev A (2018) Sentinel: generating gui tests for android sensor leaks. In: Proceedings of the 13th international workshop on automation of software test, AST ’18, pp 27–33

  • Wu T, Liu J, Xu Z, Guo C, Zhang Y, Yan J, Zhang J (2016) Light-weight, inter-procedural and callback-aware resource leak detection for android apps. IEEE Trans Soft Eng 42(11):1054–1076

    Article  Google Scholar 

  • Xu G, Mitchell N, Arnold M, Rountev A, Schonberg E, Sevitsky G (2010) Finding low-utility data structures. In: Proceedings of the 31st ACM SIGPLAN conference on programming language design and implementation, PLDI ’10, pp 174–186

  • Yan D, Yang S, Rountev A (2013) Systematic testing for resource leaks in android applications. In: Proceedings of the 2013 IEEE 24th international symposium on software reliability engineering (ISSRE), pp 411–420

  • Zhang H, Wu H, Rountev A (2016) Automated test generation for detection of leaks in android applications. In: Proceedings of the 11th international workshop on automation of software test, AST ’16, pp 64–70

Download references

Acknowledgements

We would like to thank the reviewers for their valuable comments and improvement suggestions. This work is supported by the National Natural Science Foundation of China (Grant Nos. 61802164, 61690204, and 61672505), the Hong Kong RGC/GRF (Grant No. 16202917), the Science and Technology Innovation Committee Foundation of Shenzhen (Grant No. ZDSYS201703031748284) and the Program for University Key Laboratory of Guangdong Province (Grant No. 2017KSYS008). The authors would also like to thank the support from the Collaborative Innovation Center of Novel Software Technology and Industrialization, Jiangsu, China.

Author information

Authors and Affiliations

  1. Shenzhen Key Laboratory of Computational Intelligence, Department of Computer Science and Engineering, Southern University of Science and Technology, Shenzhen, China

    Yepang Liu

  2. State Key Laboratory for Novel Software Technology and Department of Computer Science and Technology, Nanjing University, Nanjing, China

    Jue Wang & Chang Xu

  3. Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Hong Kong, China

    Lili Wei & Shing-Chi Cheung

  4. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Tianyong Wu, Jun Yan & Jian Zhang

  5. University of Chinese Academy of Sciences, Beijing, China

    Tianyong Wu, Jun Yan & Jian Zhang

Authors
  1. Yepang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jue Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lili Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chang Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shing-Chi Cheung
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Tianyong Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Jun Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Jian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yepang Liu.

Additional information

Communicated by: David Lo, Meiyappan Nagappan, Sebastian Panichella and Fabio Palomba

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix: Open-Source Projects Referenced in the Paper

Appendix: Open-Source Projects Referenced in the Paper

Table 10 The URLs of the code repositories of the open-source projects
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, Y., Wang, J., Wei, L. et al. DroidLeaks: a comprehensive database of resource leaks in Android apps. Empir Software Eng 24, 3435–3483 (2019). https://doi.org/10.1007/s10664-019-09715-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10664-019-09715-8

Keywords

Search

Navigation