skip to main content
10.1145/3238147.3238225acmconferencesArticle/Chapter ViewAbstractPublication PagesaseConference Proceedingsconference-collections
research-article

Android testing via synthetic symbolic execution

Published: 03 September 2018 Publication History

Abstract

Symbolic execution of Android applications is challenging as it involves either building a customized VM for Android or modeling the Android libraries. Since the Android Runtime evolves from one version to another, building a high-fidelity symbolic execution engine involves modeling the effect of the libraries and their evolved versions. Without simulating the behavior of Android libraries, path divergence may occur due to constraint loss when the symbolic values flow into Android framework and these values later affect the subsequent path taken. Previous works such as JPF-Android have relied on the modeling of execution environment such as libraries. In this work, we build a dynamic symbolic execution engine for Android apps, without any manual modeling of execution environment. Environment (or library) dependent control flow decisions in the application will trigger an on-demand program synthesis step to automatically deduce a representation of the library.This representation is refined on-the-fly by running the corresponding library multiple times.The overarching goal of the refinement is to enhance behavioral coverage and to alleviate the path divergence problem during symbolic execution. Moreover, our library synthesis can be made context-specific. Compared to traditional synthesis approaches which aim to synthesize the complete library code, our context-specific synthesis engine can generate more precise expressions for a given context. The evaluation of our dynamic symbolic execution engine, built on top of JDART, shows that the library models obtained from program synthesis are often more accurate than the semi-manual models in JPF-Android. Furthermore, our symbolic execution engine could reach more branch targets, as compared to using the JPF-Android models.

References

[1]
Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang. 2012. Automated Concolic Testing of Smartphone Apps. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering (FSE 2012). ACM, Article 59, 11 pages. Android Testing via Synthetic Symbolic Execution ASE ’18, September 3–7, 2018, Montpellier, France
[2]
Shay Artzi, Julian Dolby, Frank Tip, and Marco Pistoia. 2010. Directed test generation for effective fault localization. In Proceedings of the 19th international symposium on Software testing and analysis (ISSTA 2010). ACM, 49–60.
[3]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014.
[4]
FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2014). ACM, 259–269.
[5]
Heila Botha, Oksana Tkachuk, Brink van der Merwe, and Willem Visser. {n. d.}. Addressing Challenges in Obtaining High Coverage when Model Checking Android Applications. In Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software (SPIN 2017). ACM, 31–40.
[6]
Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI 2008). USENIX Association, 209–224.
[7]
Vitaly Chipounov, Volodymyr Kuznetsov, and George Candea. 2011. S2E: A platform for in-vivo multi-path analysis of software systems. In Proceedings of the 16th international conference on Architectural support for programming languages and operating systems (ASPLOS 2011), Vol. 46. ACM, 265–278.
[8]
Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated test input generation for android: Are we there yet?(e). In 30th IEEE/ACM International Conference on Automated Software Engineering (ASE 2015). IEEE, 429–440.
[9]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2008/ETAPS 2008). Springer, 337–340.
[10]
Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: directed automated random testing. In Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation (PLDI 2005), Vol. 40. ACM, 213–223.
[11]
Patrice Godefroid, Michael Y Levin, David A Molnar, et al. 2008. Automated whitebox fuzz testing. In The Network and Distributed System Security Symposium (NDSS 2010), Vol. 8. 151–166.
[12]
Casper S. Jensen, Mukul R. Prasad, and Anders Møller. 2013. Automated Testing with Targeted Event Sequence Generation. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (ISSTA 2013). ACM, 67–77.
[13]
Jinseong Jeon, Kristopher K Micinski, and Jeffrey S Foster. 2012. SymDroid: Symbolic execution for Dalvik bytecode.
[14]
Jinseong Jeon, Xiaokang Qiu, Jonathan Fetter-Degges, Jeffrey S. Foster, and Armando Solar-Lezama. 2016. Synthesizing Framework Models for Symbolic Execution. In Proceedings of the 38th International Conference on Software Engineering (ICSE 2016). ACM, 156–167.
[15]
Alexander Kohan, Mitsuharu Yamamoto, Cyrille Artho, Yoriyuki Yamagata, Lei Ma, Masami Hagiya, and Yoshinori Tanabe. 2017. Java Pathfinder on Android Devices. SIGSOFT Software Engineering Notes 41, 6 (Jan. 2017), 1–5.
[16]
Kasper Luckow, Marko Dimjašević, Dimitra Giannakopoulou, Falk Howar, Malte Isberner, Temesghen Kahsai, Zvonimir Rakamarić, and Vishwanath Raman. 2016.
[17]
JDart: A dynamic symbolic analysis framework. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2016). Springer, 442–459.
[18]
Rupak Majumdar and Koushik Sen. 2007. Hybrid concolic testing. In Proceedings of the 29th international conference on Software Engineering (ICSE 2007). IEEE, 416–426.
[19]
Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective Automated Testing for Android Applications. In Proceedings of the 25th International Symposium on Software Testing and Analysis (ISSTA 2016). ACM, 94–105.
[20]
Tyler McDonnell, Baishakhi Ray, and Miryung Kim. 2013. An empirical study of api stability and adoption in the android ecosystem. In 29th IEEE International Conference on Software Maintenance (ICSM 2013). IEEE, 70–79.
[21]
Sergey Mechtaev, Xiang Gao, Shin Hwei Tan, and Abhik Roychoudhury. 2018. Test-equivalence Analysis for Automatic Patch Generation. ACM Trans. Softw. Eng. Methodol. (2018), To Appear.
[22]
Sergey Mechtaev, Alberto Griggio, Alessandro Cimatti, and Abhik Roychoudhury. 2018. Symbolic Execution with Existential Second-Order Constraints. In Proceedings of The 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018). ACM.
[23]
Sergey Mechtaev, Jooyong Yi, and Abhik Roychoudhury. 2016. Angelix: Scalable multiline program patch synthesis via symbolic analysis. In Proceedings of IEEE/ACM 38th International Conference on Software Engineering (ICSE 2016). IEEE, 691–701.
[24]
Nariman Mirzaei, Hamid Bagheri, Riyadh Mahmood, and Sam Malek. 2015. SIGDroid: Automated system input generation for Android applications. In 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE 2015). IEEE, 461–471.
[25]
Nariman Mirzaei, Sam Malek, Corina S Păsăreanu, Naeem Esfahani, and Riyadh Mahmood. 2012. Testing android apps through symbolic execution. ACM SIGSOFT Software Engineering Notes 37, 6 (2012), 1–5.
[26]
NASA. 2013. PathDroid. https://ti.arc.nasa.gov/opensource/projects/pathdroid/
[27]
Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury, and Satish Chandra. 2013. Semfix: Program repair via semantic analysis. In Proceedings of the 2013 International Conference on Software Engineering (ICSE 2013). IEEE, 772–781.
[28]
Corina S Păsăreanu and Neha Rungta. 2010. Symbolic PathFinder: symbolic execution of Java bytecode. In Proceedings of the IEEE/ACM international conference on Automated software engineering (ASE 2010). ACM, 179–180.
[29]
Corina S Păsăreanu, Willem Visser, David Bushnell, Jaco Geldenhuys, Peter Mehlitz, and Neha Rungta. 2013. Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis. Automated Software Engineering 20, 3 (2013), 391–425.
[30]
Dawei Qi, William N Sumner, Feng Qin, Mai Zheng, Xiangyu Zhang, and Abhik Roychoudhury. 2012. Modeling software execution environment. In 19th Working Conference on Reverse Engineering (WCRE 2012). IEEE, 415–424.
[31]
Julian Schütte, Rafael Fedler, and Dennis Titze. 2015. ConDroid: Targeted Dynamic Analysis of Android Applications. In 2015 IEEE 29th International Conference on Advanced Information Networking and Applications. 571–578.
[32]
Ting Su, Guozhu Meng, Yuting Chen, Ke Wu, Weiming Yang, Yao Yao, Geguang Pu, Yang Liu, and Zhendong Su. 2017. Guided, Stochastic Model-based GUI Testing of Android Apps. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2017). ACM, 245–256.
[33]
Shin Hwei Tan, Zhen Dong, Xiang Gao, and Abhik Roychoudhury. 2018. Repairing Crashes in Android Apps. In Proceedings of the 40th International Conference on Software Engineering (ICSE 2018). IEEE, 187–198.
[34]
Shin Hwei Tan and Abhik Roychoudhury. 2015. relifix: Automated repair of software regressions. In Proceedings of the 37th International Conference on Software Engineering (ICSE 2015). IEEE, 471–482.
[35]
Shin Hwei Tan, Hiroaki Yoshida, Mukul R Prasad, and Abhik Roychoudhury. 2016. Anti-patterns in search-based program repair. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2016). ACM, 727–738.
[36]
Oksana Tkachuk. 2013. OCSEGen: Open components and systems environment generator. In Proceedings of the 2nd ACM SIGPLAN International Workshop on State Of the Art in Java Program analysis. ACM, 9–12.
[37]
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 2010. Soot: A Java bytecode optimization framework. In CASCON First Decade High Impact Papers. IBM Corp., 214–224.
[38]
Heila van der Merwe, Brink van der Merwe, and Willem Visser. 2014. Execution and property specifications for jpf-android. ACM SIGSOFT Software Engineering Notes 39, 1 (2014), 1–5.
[39]
Willem Visser, Klaus Havelund, Guillaume Brat, SeungJoon Park, and Flavio Lerda. 2003. Model checking programs. Automated software engineering 10, 2 (2003), 203–232.
[40]
Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, and X. Sean Wang. 2013. AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS 2013). ACM, 1043–1054.

Cited By

View all
  • (2024)Navigating Mobile Testing Evaluation: A Comprehensive Statistical Analysis of Android GUI Testing MetricsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695476(944-956)Online publication date: 27-Oct-2024
  • (2024)Enhancing GUI Exploration Coverage of Android Apps with Deep Link-Integrated MonkeyACM Transactions on Software Engineering and Methodology10.1145/366481033:6(1-31)Online publication date: 27-Jun-2024
  • (2024)DinoDroid: Testing Android Apps Using Deep Q-NetworksACM Transactions on Software Engineering and Methodology10.1145/365215033:5(1-24)Online publication date: 4-Jun-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering
September 2018
955 pages
ISBN:9781450359375
DOI:10.1145/3238147
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 September 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Android testing
  2. Program synthesis
  3. Symbolic execution

Qualifiers

  • Research-article

Conference

ASE '18
Sponsor:

Acceptance Rates

Overall Acceptance Rate 82 of 337 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)27
  • Downloads (Last 6 weeks)0
Reflects downloads up to 22 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Navigating Mobile Testing Evaluation: A Comprehensive Statistical Analysis of Android GUI Testing MetricsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695476(944-956)Online publication date: 27-Oct-2024
  • (2024)Enhancing GUI Exploration Coverage of Android Apps with Deep Link-Integrated MonkeyACM Transactions on Software Engineering and Methodology10.1145/366481033:6(1-31)Online publication date: 27-Jun-2024
  • (2024)DinoDroid: Testing Android Apps Using Deep Q-NetworksACM Transactions on Software Engineering and Methodology10.1145/365215033:5(1-24)Online publication date: 4-Jun-2024
  • (2024)Synthesis-Based Enhancement for GUI Test Case MigrationProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680327(869-881)Online publication date: 11-Sep-2024
  • (2024)Deeply Reinforcing Android GUI Testing with Deep Reinforcement LearningProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623344(1-13)Online publication date: 20-May-2024
  • (2023)AppChainer: investigating the chainability among payloads in android applicationsCybersecurity10.1186/s42400-023-00151-26:1Online publication date: 2-Aug-2023
  • (2023)A Unified Framework for Mini-game Testing: Experience on WeChatProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3613868(1623-1634)Online publication date: 30-Nov-2023
  • (2023)CydiOS: A Model-Based Testing Framework for iOS AppsProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598033(1-13)Online publication date: 12-Jul-2023
  • (2023)Columbus: Android App Testing Through Systematic Callback Exploration2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)10.1109/ICSE48619.2023.00121(1381-1392)Online publication date: May-2023
  • (2023)Validating SMT Solvers via Skeleton Enumeration Empowered by Historical Bug-Triggering InputsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00018(69-81)Online publication date: 14-May-2023
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media