Automated Repair of Resource Leaks in Android Applications

💡 Research Summary

The paper introduces PLUMB‑DROID, a fully automated static‑analysis technique for detecting and repairing resource leaks in Android applications. Android’s event‑driven model, with multiple lifecycle callbacks, makes the overall control flow implicit and hard to reason about, leading developers to frequently forget to release system resources such as MediaPlayer, WifiManager, Camera, etc. Existing work focuses on leak detection (dynamic, static, or hybrid) but provides little support for automatically fixing the bugs, especially for re‑entrant resources that can be acquired multiple times.

PLUMB‑DROID addresses this gap by constructing a resource‑flow graph (RFG), a succinct abstraction of each method’s control‑flow graph that retains only statements that acquire, release, or return a resource. For each basic block a “resource‑path graph” is built, then these are linked according to the original control‑flow to obtain a per‑procedure RFG. The RFG captures all possible sequences of acquire/release operations while discarding unrelated code, dramatically reducing analysis size.

Leak detection is reduced to checking whether every path in the RFG belongs to the context‑free language that describes leak‑free sequences. This formulation naturally handles re‑entrant resources, whose acquire/release pairs may be nested. For non‑re‑entrant resources the problem collapses to a regular‑language check, which is even cheaper. The analysis therefore can precisely identify paths where an acquire is not eventually matched by a corresponding release.

Because Android apps consist of many components whose execution order is dictated by a callback graph (the lifecycle of activities, services, etc.), PLUMB‑DROID first enumerates feasible callback sequences by unrolling the callback graph. For each sequence it composes the per‑procedure RFGs into a global resource‑flow model, enabling detection of leaks that span multiple callbacks and methods.

When a leak is found, PLUMB‑DROID automatically generates a fix by inserting a release statement at the earliest safe point along the offending path, respecting Android’s guidelines (e.g., releasing in onPause/onStop). The inserted code is conditional (if (resource != null) resource.release();) to avoid null‑pointer crashes. After patch insertion, the tool reruns the same RFG analysis on the patched bytecode to validate that the fix does not introduce new leaks or use‑after‑release errors. If validation fails, the patch is rejected and the developer is prompted to intervene.

The prototype works on Android bytecode, is configurable for any Android API by supplying acquire/release pairs, and currently targets nine widely used “non‑aliasing” resources (e.g., MediaPlayer, Camera, WifiManager). It does not perform alias analysis, which can cause false positives for resources heavily aliased (e.g., database cursors); however, for the chosen resources the precision remains high.

Evaluation: Using the curated DroidLeaks benchmark, PLUMB‑DROID analyzed 17 apps covering the nine resources, automatically detecting and repairing 50 real leaks (including all 26 leaks from DroidLeaks that affect those resources) in an average of 2 minutes per leak. Compared against the only other fully automated repair tool, Relda2/RelFix, on the same set of apps, PLUMB‑DROID discovered 79 true leaks with 89 % precision, versus 53 leaks and 55 % precision for Relda2/RelFix. Moreover, the patches generated by PLUMB‑DROID were on average an order of magnitude smaller, making them easier to review and maintain.

Contributions:

1. A novel static‑analysis framework that models resource usage as a context‑free property, handling re‑entrant resources.
2. Integration of Android lifecycle callback graphs to achieve whole‑program leak detection.
3. An automatic fix generation and validation pipeline that guarantees “safe” patches by construction.

The authors acknowledge limitations (no alias analysis, limited to non‑aliasing resources) and propose future work to incorporate alias tracking and more complex resource policies (e.g., concurrent access). Overall, PLUMB‑DROID demonstrates that precise, scalable, and fully automated repair of Android resource leaks is feasible and can substantially improve app reliability in practice.