Based on our empirical results, we proposed API-context pair to model FIC issues. With API-context pair model, we are able to design and implement a tool, ficfinder, to detect FIC issues.
FicFinder takes two inputs: (1) an Android app, (2) a list of API-context pairs. With the inputs, FicFinder outputs call sites of the issue-inducing API which can cause FIC issues regarding the list of API-context pairs.
A key observation of our empirical study is that the FIC issues are triggered by the improper use of an Android API, which we call issue-inducing API, in a problematic software/hardware environment, which we call issue-triggering context. This observation motivates us to model FIC issues as API-context pairs. For issue-triggering context, we use the following context-free grammar to define: As shown in the grammar, an issue-triggering context is defined as a conjunction of the following conditions of an issue-inducing API's running environment: software environment, hardware environment, or API usage.
To detect FIC issues, FicFinder first identify the call sites of issue-inducing APIs and use backward slicing to match the issue-triggering context. If the API can be called in the issue-triggering context, FicFinder will report a warning. For more details of the Algorithm used by FicFinder, please refer to our research paper. FicFinder is implemented on top of Soot. FicFinder leveraged program dependence graph and call graph APIs of Soot to obtain the intra- and inter-procedural slices.
Currently, we provide a list of 25 API-context pairs together with FicFinder, which are all the API-context pairs used in our evaluation.