research-article

Addressing challenges in obtaining high coverage when model checking Android applications

Authors:

Oksana Tkachuk,

Brink van der Merwe,

Willem VisserAuthors Info & Claims

SPIN 2017: Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software

Pages 31 - 40

https://doi.org/10.1145/3092282.3092302

Published: 13 July 2017 Publication History

Abstract

Current dynamic analysis tools for Android applications do not get good code coverage since they can only explore a subset of the behaviors of the applications and do not have full control over the environment in which they execute. In this work we use model checking to systematically explore application paths while reducing the analysis size using state matching and backtracking. In particular, we extend the Java PathFinder (JPF) model checking environment for Android. We describe the difficulties one needs to overcome to make this a reality as well as our current approaches to handling these issues. We obtain significantly higher coverage using shorter event sequences on a representative sample of Android apps, when compared to Dynodroid and Sapienz, the current state-of-the-art dynamic analysis tools for Android applications.

References

[1]

Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang. 2012. Automated concolic testing of smartphone apps. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering. ACM Press, 59.

Digital Library

[2]

Steven Arzt and Eric Bodden. 2016. StubDroid: Automatic Inference of Precise Data-flow Summaries for the Android Framework. In Proceedings of the 38th ICSE. ACM, New York, NY, USA, 725–735.

Digital Library

[3]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014.

Digital Library

[4]

Flowdroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In ACM SIGPLAN Notices, Vol. 49. ACM, 259–269.

Digital Library

[5]

Elliot Barlas and Tevfik Bultan. 2007. Netstub: A Framework for Verification of Distributed Java Applications. In Proceedings of the Twenty-second IEEE/ACM International Conference on Automated Software Engineering (ASE ’07). ACM, New York, NY, USA, 24–33.

Digital Library

[6]

Heila Botha, Brink van der Merwe, Willem Visser, and Oksana Tkachuk. 2017. StateComparator: Detecting Unbounded Variables Using JPF. SIGSOFT Softw. Eng. Notes 41, 6 (Jan. 2017), 1–5.

Digital Library

[7]

Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated Test Input Generation for Android: Are We There Yet?. In 30th IEEE/ACM International Conference on Automated Software Engineering. IEEE, 429–440.

Digital Library

[8]

William Enck, Peter Gilbert, Seungyeop Han, Vasant Tendulkar, Byung-Gon Chun, Landon P Cox, Jaeyeon Jung, Patrick McDaniel, and Anmol N Sheth. 2014. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM TOCS 32, 2 (2014), 5.

Digital Library

[9]

Adam P Fuchs, Avik Chaudhuri, and Jeffrey S Foster. 2009. Scandroid: Automated security certification of android. (2009).

[10]

Adam Goucher and Tim Riley. 2009. Beautiful Testing: Leading Professionals Reveal How They Improve Software. " O’Reilly Media, Inc.".

Digital Library

[11]

Cuixiong Hu and Iulian Neamtiu. 2011. Automating GUI Testing for Android Applications. In Proceedings of the 6th International Workshop on Automation of Software Test (AST ’11). ACM, New York, NY, USA, 77–83.

Digital Library

[12]

Jinseong Jeon, Xiaokang Qiu, Jonathan Fetter-Degges, Jeffrey S. Foster, and Armando Solar-Lezama. 2016. Synthesizing Framework Models for Symbolic Execution. In Proceedings of the 38th International Conference on Software Engineering (ICSE ’16). ACM, New York, NY, USA, 156–167.

Digital Library

[13]

Flavio Lerda and Willem Visser. 2001. Addressing Dynamic Issues of Program Model Checking. In Proceedings of the 8th International SPIN Workshop on Model Checking of Software (SPIN ’01). Springer-Verlag New York, Inc., New York, NY, USA, 80–102. http://dl.acm.org/citation.cfm?id=380921.380931

Digital Library

[14]

W. Leungwattanakit, C. Artho, M. Hagiya, Y. Tanabe, M. Yamamoto, and K. Takahashi. 2014. Modular Software Model Checking for Distributed Systems. Software Engineering, IEEE Transactions on 40, 5 (May 2014), 483–501.

Digital Library

[15]

Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. 2015. IccTA: Detecting inter-component privacy leaks in Android apps. In Proceedings of the 37th International Conference on Software Engineering-Volume 1. IEEE Press, 280–291.

Digital Library

[16]

Y. Liu, C. Xu, S. C. Cheung, and J. Lü. 2014. GreenDroid: Automated Diagnosis of Energy Inefficiency for Smartphone Applications. IEEE Transactions on Software Engineering 40, 9 (Sept 2014), 911–940.

[17]

Long Lu, Zhichun Li, Zhenyu Wu, Wenke Lee, and Guofei Jiang. 2012. Chex: statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 229–240.

Digital Library

[18]

Aravind Machiry, Rohan Tahiliani, and Mayur Naik. 2013. Dynodroid: An input generation system for android apps. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering. ACM, 224–234.

Digital Library

[19]

Riyadh Mahmood, Nariman Mirzaei, and Sam Malek. 2014. Evodroid: Segmented evolutionary testing of android apps. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 599–609.

Digital Library

[20]

Pallavi Maiya, Aditya Kanade, and Rupak Majumdar. 2014. Race Detection for Android Applications. SIGPLAN 49, 6 (2014), 316–325.

Digital Library

[21]

Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective Automated Testing for Android Applications. In Proc. of ISSTA’16. 94–105.

Digital Library

[22]

Nariman Mirzaei, Joshua Garcia, Hamid Bagheri, Alireza Sadeghi, and Sam Malek. 2016. Reducing Combinatorics in GUI Testing of Android Applications. In Proceedings of the 38th International Conference on Software Engineering (ICSE ’16). ACM, New York, NY, USA, 559–570.

Digital Library

[23]

Corina. Pasareanu, Willem Visser, David Bushnell, Jaco Geldenhuys, Peter Mehlitz, and Neha Rungta. 2013. Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis. Automated Software Engineering 20, 3 (2013), 391–425.

[24]

Oksana Tkachuk. 2013. OCSEGen: Open components and systems environment generator. In Proceedings of the 2nd International Workshop on State Of the Art in Java Program analysis (SOAP). 2–5.

Digital Library

[25]

Heila van der Merwe, Oksana Tkachuk, Sean Nel, Brink van der Merwe, and Willem Visser. 2015. Environment Modeling Using Runtime Values for JPFAndroid. SIGSOFT Softw. Eng. Notes 40, 6 (Nov. 2015), 1–5.

Digital Library

[26]

Willem Visser, Klaus Havelund, Guillaume Brat, SeunJoon Park, and Flavio Lerda. 2003. Model Checking Programs. In Automated Software Engineering, Vol. 10. IEEE, IEEE Comput. Soc, 203 – 232.

Digital Library

Cited By

Gao XTan SDong ZRoychoudhury AHuchard MKästner CFraser G(2018)Android testing via synthetic symbolic executionProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238225(419-429)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238225

Index Terms

Addressing challenges in obtaining high coverage when model checking Android applications
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification

Recommendations

Verifying android applications using Java PathFinder

Mobile application testing is a specialised and complex field. Due to mobile applications' event driven design and mobile runtime environment, there currently exist only a small number of tools to verify these applications. This paper describes the ...
Execution and property specifications for JPF-android

JPF-Android is a model checking tool for Android applications allowing them to be verified outside of an emulator on Java PathFinder (JPF). The Android applications are executed on a model of the Android software stack and their execution driven by ...
Java Pathfinder on Android Devices

Because Android apps are written in Java and executed on a virtual machine (VM), there is an opportunity to employ Java Pathfinder (JPF) for their verification. There already exist two JPF extensions, jpf-android and jpf-pathdroid. The former executes ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SPIN 2017: Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of Software

July 2017

199 pages

ISBN:9781450350778

DOI:10.1145/3092282

Program Chairs:
Hakan Erdogmus
Carnegie Mellon University, USA
,
Klaus Havelund
NASA, USA / Jet Propulsion Laboratory, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '17

Sponsor:

SIGSOFT

ISSTA '17: International Symposium on Software Testing and Analysis

July 13 - 14, 2017

CA, Santa Barbara, USA

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
149
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gao XTan SDong ZRoychoudhury AHuchard MKästner CFraser G(2018)Android testing via synthetic symbolic executionProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238225(419-429)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238225

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents