Android API application specification-based automatic code quality evaluation and optimization method

A code quality and automatic evaluation technology, applied in the fields of information technology and computer software, can solve problems such as threats to code quality, no automatic detection, economic and property losses, etc., to improve code quality and reduce improper use and misuse.

Active Publication Date: 2016-11-16

INST OF SOFTWARE - CHINESE ACAD OF SCI

5 Cites 4 Cited by

AI-Extracted Technical Summary

Problems solved by technology

However, due to the inertial thinking of Android application developers, they usually write code based on existing experience, ignoring or not paying attention to the API usage recommendations stated on the Android official website, resulting in some APIs that have been deprecated or abandoned in earlier versions are still being used. This will lead to potential security problems in the written application, which is more likely to be exploited by malicious programs. For example, CVE-2015-3833 in Common Vulnerabilities And Exposures (CVE)...

Abstract

The invention relates to an Android API application specification-based automatic code quality evaluation and optimization method. The method comprises the following steps of: constructing a specific analyzer to analyze an API summary document; classifying APIs on the basis of an Android API application specification, and establishing an API feature library; establishing an automatic scanning estimation engine, calling the APIs to scan a to-be-tested Android application program, carrying out statistic on type distribution of the called APIs, and locating calling positions of removed PIS, un-recommended APIs and hidden APIs; and providing an automatic code quality optimization suggestion so as to generate a code quality estimation report. For investigating the specification degrees of calling the APIs by Android application programs, an integrated automatic detection estimation system is established, so that Android application program developers can be effectively helped to detect and optimize the usage of the APIs, decrease the mis-application of the APIs and enhance the Android application program code quality so as to improve the security levels of the Android application programs.

Application Domain

Software testing/debugging

Technology Topic

Application softwareQuality assessment +7

Image

Examples

Effect test(1)

Test Example

[0056] A specific application example is provided below, and its implementation steps include:

[0057] 1) Construct a specific dedicated parser to parse the API overview document in the Android source code. For the android.app.Activity Manager.setWatchHeapLimit(long) method, the obtained syntax analysis tree is as follows Figure 5 Shown. The package identifier, class identifier, and method identifier can effectively locate the package name, class name, and method name of each API, and then locate the number and types of method parameters, and associate them accordingly.

[0058] 2) Establish an API feature library, and classify APIs based on Android API usage specifications. Table 1 shows the logical structure design of android.app.ActivityManager.getRunningTasks(int) method and android.database.sqlite.SQLiteProgram.native_bind_long(int long) method in the API feature library. The flags of "Is it normal", "Is it removed", "Is it not recommended" and "Is it hidden" reflect the API classification. If the "safety" flag is 0, it indicates that the API may affect code security.

[0059] Table 1. Logical structure design of API feature library

[0060]

[0061] The English translation of the paragraph in the above table into Chinese is: Since the version of LOLLIPOP, this method may leak personal information to the caller, and third-party applications cannot use this method. For backward compatibility, this method returns the caller's own task information and other insensitive task information.

[0062] 3) Establish an automatic scanning evaluation engine to evaluate the code quality of the program under test. Assume that the various types of APIs called in the Android application to be tested are shown in Table 2. The data in the table are for illustration only.

[0063] Table 2 Number of APIs of various types called in the Android application under test

[0064]

[0065] According to the code quality rating method proposed by the present invention, the code quality rating score Q of the Android application to be tested is calculated as:

[0066] Q = 4 X 1.2 X 25 + 3 X 1.25 X 20 + 2 X 1.2 X 10 200 + 4 X 1.2 X 25 + 3 X 1.25 X 20 + 2 X 1.2 X 10 X 10 ≈ 5.23

[0067] Belongs to the middle-risk level.

[0068] Further locate the call location of the removal API, deprecated API and hidden API in the application. For example, the deprecated API: android.app.ActivityManager.getRunningTasks(int), the specific call location is as follows:

[0069] Lcom/wbtech/ums/common/CommonUtil; -> getPackageName(Landroid/content/Context;)Ljava/lang/String;

[0070] Lcom/fengjr/mobile/act/Base; -> getActivityCountInTask()I

[0071] Lcom/fengjr/mobile/util/d; -> e()Z

[0072] Lcom/wbtech/ums/common/CommonUtil; -> getActivityName(Landroid/content/Context;)Ljava/lang/String;

[0073] Lcom/fengjr/mobile/receiver/MipushMessageReceiver; -> isAppRunningForeground(Landroid/content/Context;)Z

[0074] Lcom/fengjr/mobile/receiver/JPushReceiver; -> a(Landroid/content/Context;)Z

[0075] Lcom/fengjr/mobile/act/Base; -> isAppRunningForeground(Landroid/content/Context;)Z

[0076] 4) Provide automated code quality optimization strategies. For example, it is not recommended to use API: Landroid/net/Connecti vityManager; -> getNetworkInfo(I), the optimization strategy provided is as follows:

[0077] This method was deprecated in API level 23.This method does not support multiple connected networks of the same type.Use getAllNetworks()andgetNetworkInfo(android.net.Network)instead.

[0078] The Chinese corresponding to the above paragraph in English is: This method is classified as API not recommended in API level 23. This method does not support multiple network connections of the same type, please use getAllNetworks() and getNetworkInfo(android.net.Net work) instead.

[0079] For deprecated API: Landroid/speech/tts/TextToSpeech; -> getFeatures(Ljava/util/Locale;), provides the following optimization suggestions:

[0080] This method was deprecated in API level 21.As of API level 21, please use voices.In order to query features of the voice, call getVoices()toretrieve the list of available vo ices and getFeatures()to retrieve the setof features.

[0081] The Chinese corresponding to the English paragraph above is: This method is classified as API deprecated in API level 21, please use voices. To query voice features, call getVoices() to retrieve the list of available voices, and call getFeatures() to retrieve the voice feature set.

[0082] Generate code quality assessment report. The content includes the type distribution of API calls by the program to be tested, API removal, relevant information about not recommending APIs and hidden APIs, specific calling locations and optimization suggestions, etc., for reference by Android application developers and subsequent decision-making processing.

PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Visual analysis and management method and system for JavaScript memory, equipment and storage medium

PendingCN113688189AReduce learning costs and labor costsimprove code quality

Owner:济南浪潮数据技术有限公司

Dynamic programming language reconstruction method and device

PendingCN112947909AReduce maintenance costsImprove code quality

Owner:北京长亭未来科技有限公司

Classification and recommendation of technical efficacy words