DDroid-instrumentor is an automated instrumentation tool for Android apps. It is built on ASM and Gradle Transformer to automatically instrument apps at the event handlers to uniquely log executed UI events. Specifically, ASM is an all purpose Java bytecode manipulation and analysis framework, which can modify existing classes or dynamically generate classes in the binary form.
In our work, DDroid-instrumentor is used to instrument the apps from Themis, a representative benchmark with diverse types of real-world bugs for Android.
Fig. 1 shows DDroid-instrumentor's workflow.
Given an app, we automatically instrument event handler methods to obtain an instrumented app. Specifically, we get the .class files through Gradle Transformer and our custom Gradle plugin, and use ASM to traverse all the .class files. If the event handler method is traversed, our custom function will scan the parameter list of the current event handler method, and insert specific API-call statements into the current event handler method according to the type of the UI component bounded to the event handler to get UI-Infos of the event handler method. For example, onClick (View v) is a typical event handler method, and the UI component type in its parameter list is android.view.View. Then we instrument at the beginning of the onClick method body to log the id, className and location of the View component, as well as the global qualified name of its corresponding event handler method.
In this step, we manually replay the bug-retriggering-trace on the instrumented app obtained in step 1, and the customized functions will log the UI-Infos of the executed events to a .txt file. Then we extract the UI-Info of each pivot event, and use UI-Info as event-signature ground truth to uniquely identify a pivot event.
In this step, we automatically run the GUI testing tool on the instrumented buggy app obtained in step 1 to get the Raw Logs of UI-Infos.
In this step, we analyze the Raw Logs obtained in step 3, and identify which pivot events were executed in step 3 based on the event-signature ground truth obtained in step 2.
Specifically, DDroid-instrumentor requires the following steps to enable the app instrumentation.
You need to obtain the app source code and the Gradle version and AGP version of the app.
You can import the module asm-method-plugin into your app project, or you can create a new module in your project according to the above directory of module asm-method-plugin.
First, modify Gradle version in build.gradle in module asm-method-plugin to the same version as your project, e.g.:
dependencies {
implementation gradleApi()
implementation localGroovy()
// modify Gradle version
implementation 'com.android.tools.build:gradle:3.5.0'
}Then, do the following to generate the plugin.
./gradlew asm-method-plugin:uploadArchives
First, you need to import this plugin to the project-level build.gradle like the following snippet.
buildscript {
repositories {
...
google()
jcenter()
maven {
url uri('./asm-method-plugin/my-plugin')
}
}
dependencies {
...
classpath 'com.asm.plugin:asm-method-plugin:0.0.1'
}
...
}Second, you need to apply this plugin to the app-level build.gradle like the following snippet.
apply plugin: 'com.asm.gradle'Then, you can run the commands below to generate the instrumented app (located in the directory project_name/module_name/build/outputs/apk/).
./gradlew tasks
./gradlew assembleDebug