DOCSLIB.ORG

Guided GUI Testing of Android Apps with Minimal Restart and Approximate Learning

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Guided GUI Testing of Android Apps with Minimal Restart and Approximate Learning Guided GUI Testing of Android Apps with Minimal Restart and Approximate Learning Wontae Choi George Necula Koushik Sen EECS Department EECS Department EECS Department University of California, Berkeley University of California, Berkeley University of California, Berkeley [email protected] [email protected] [email protected] Abstract 1. Introduction Smartphones and tablets with rich graphical user interfaces Smartphones and tablets with rich graphical user interfaces (GUI) are becoming increasingly popular. Hundreds of thou- (GUI) are becoming increasingly popular. Hundred of thou- sands of specialized applications, called apps, are available sands of specialized applications, called apps, are already for such mobile platforms. Manual testing is the most pop- available for these mobile platforms. The complexity of ular technique for testing graphical user interfaces of such these apps lies often in the user interface, with data process- apps. Manual testing is often tedious and error-prone. In ing either minor, or delegated to a backend component. A this paper, we propose an automated technique, called Swift- similar situation exists in applications using software-as-a- Hand, for generating sequences of test inputs for Android service architecture, where the client-side component con- apps. The technique uses machine learning to learn a model sists mostly of user interface code. Testing such applications of the app during testing, uses the learned model to generate involves predominantly user interface testing. user inputs that visit unexplored states of the app, and uses We focus on user interface testing for Android apps, al- the execution of the app on the generated inputs to refine the though many of the same challenges exist on other mobile model. A key feature of the testing algorithm is that it avoids and browser platforms. The only two tools that are widely restarting the app, which is a significantly more expensive used in practice for testing Android apps are Monkeyrun- operation than executing the app on a sequence of inputs. ner [2], a framework for manually scripting sequences of An important insight behind our testing algorithm is that we user inputs in Python, and Monkey [3], a random automatic do not need to learn a precise model of an app, which is of- user input generation tool. A typical use of the Monkey tool ten computationally intensive, if our goal is to simply guide involves generating clicks at random positions on the screen, test execution into unexplored parts of the state space. We without any consideration of what are the actual controls have implemented our testing algorithm in a publicly avail- shown on the screen, which ones have already been clicked, able tool for Android apps written in Java. Our experimental and what is the sequence of steps taken to arrive at the cur- results show that we can achieve significantly better cover- rent configuration. It is not surprising then that such testing age than traditional random testing and L∗-based testing in a has trouble exploring enough of the user interface, especially given time budget. Our algorithm also reaches peak coverage the parts that are reached after a specific sequence of inputs. faster than both random and L∗-based testing. In this paper, we consider the problem of automatically generating sequences of test inputs for Android apps for Categories and Subject Descriptors D.2.5 [Software En- which we do not have an existing model of the GUI. The gineering]: Testing and Debugging goal is to achieve code coverage quickly by learning and ex- General Terms Algorithm, Design, Experimentation ploring an abstraction of the model of the GUI of the app. We Keywords GUI testing, Learning, Automata, Android discuss further in the paper various techniques that have been explored previously to address different aspects of this prob- lem. However, our experience shows that previous learning Permission to make digital or hard copies of all or part of this work for personal or techniques ignore a very significant practical constraint in classroom use is granted without fee provided that copies are not made or distributed testing apps. All automatic exploration algorithms will occa- for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM sionally need to restart the app, in order to explore additional must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, states reachable from the initial state. The only reliable way to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]. to restart an app is to remove and reinstall it. This is neces- OOPSLA ’13, October 29–31, 2013, Indianapolis, Indiana, USA.. sary, for example, when the application has persistent data. Copyright c 2023 ACM 978-1-4503-2374-1/13/10. $15.00. http://dx.doi.org/10.1145/2509136.2509552 Our experiments show that the restart operation takes 30 sec- onds, which is significantly larger than the time required to fectiveness of SwiftHand with that of random testing and L∗- explore any other transition, such as a user input. Currently, based testing. Our results show that SwiftHand can achieve our implementation waits for up to 5 seconds after sending significantly better coverage on these apps within a given a user input, to ensure that all handlers have finished. We time budget. Moreover, SwiftHand achieves branch cover- expect that with more support from the operating system, or age at a rate faster than that of random and L∗-based testing. a more involved implementation, we could reduce that wait We report the results of our investigation in the empirical time to well under a second. evaluation section. Since the cost of exploring a transition to the initial state (a restart) is an order of magnitude more than the cost of any 2. Overview other transition, we must use an exploration and learning In this section we introduce a motivating example, which we algorithm that minimizes the number of restarts. Standard will use first to describe several existing techniques for auto- regular language learning algorithms are not appropriate in mated user interface testing. Then we describe SwiftHand at this case. For example, Angluin’s L∗ [10] requires at least 2 a high level in the context of the same example. The formal O(n ) restarts, where n is the number of states in the model details of the SwiftHand algorithm are in Section 3. of the user interface. Rivest and Schapire’s algorithm [38] We use part of Sanity, an Android app in our benchmark- reduces the number of restarts to O(n), which is still high, suite as our running example. Figure 1 shows the first four by computing homing sequences, and it also increases the screens of the app. The app starts with three consecutive end- runtime by a factor of n, which is again not acceptable when user license agreement (EULA) screens. To test the main we want to achieve code coverage quickly. app, an automated testing technique must pass all the three In this paper we propose a testing algorithm based on two EULA screens. key observations: Sanity 1. It is possible to reduce the use of app restarts, because License License License Action 1 most user interface screens of an Android app can of- Term #1 Term #2 Term #3 Action 2 ten be reached from other screens just by triggering a se- Yes Yes Yes Action 3 quence of user inputs, e.g., using “back” or “home” but- Yes No Yes No Yes No tons. EULA 1 (q1) EULA 2 (q2) EULA 3 (q3) Main (qM) 2. For the purpose of test generation, we do not need to learn an exact model of the app under test. All we need Figure 1: The first four screens of Sanity App. The screen is an approximate model that could guide the generation names in parentheses are for cross-reference from the mod- of user inputs while maximizing the code coverage. Note els of this app discussed later. that for real-world apps a finite state model of the GUI may not even exist. Some apps may require push-down The first and the third EULA screens have four input model and others may require more sophisticated infinite choices: (a) Yes button to accept the license terms, (b) No models. button to decline the license terms, (c) ScrollUp the license terms, and (d) ScrollDown the license terms. Pressing No at Based on these two observations, we propose a testing al- any point terminates program. ScrollDown and ScrollUp do gorithm, called SwiftHand, that uses execution traces gen- not change the non-visual state of the program. The second erated during the testing process to learn an approximate EULA screen doesn’t have the scrolling option. Pressing model of the GUI. SwiftHand then uses the learned model to Yes button three times leads the user to the main screen of choose user inputs that would take the app to previously un- the app. For convenience, in the remainder of this paper we explored states. As SwiftHand triggers the newly generated are going to use short name q , q , q , and q , instead of user inputs and visits new screens, it expands the learned 1 2 3 M EULA1, EULA2, EULA2, and Main. model, and it also refines the model when it finds discrepan- cies between the model learned so far. The interplay between 2.1 Goals and Assumptions on-the-fly learning of the model and generation of user in- We want to develop an algorithm that generates sequences puts based on the learned model helps SwiftHand to quickly of user inputs and feeds them to the app in order to achieve visit unexplored states of the app.
Load more

Recommended publications
  • Training Details- June - July 2019 Computer Science and Engineering Department
    Training Details- June - July 2019 Computer Science and Engineering Department S.No. First Name Last Name Training Platform Company Name Trainer Designation Start date End date Android & IOS / React & React 1 Shubham kakkar Cupido Bhupender Founder ( co-founder ) 01-06-2019 31-08-2019 native ( JavaScript ) 2 Shivani Dalmia Python/Machine Learning DRDO Kamaldeep Scientist 'D' 03-06-2019 15-07-2019 HTML5, CSS, Bootstrap4, jQuery, 3 Himanshu Gupta Meta Design Solutions Alok Lamba Sr. Software Developer 17-06-2019 26-07-2019 PHP, MySQL 4 Prateek Aggarwal Java, Android Studio Indian Road Safety Campaign Rishi Dayanand B.Tech (IIT Delhi) 12-06-2019 11-07-2019 HTML,CSS, JavaScript,JQuery, 5 Vishal Khurana Tariffo Enterprises Prashant Singh Web Developer 01-06-2019 30-06-2019 Bootstrap 6 Manan Mehta Python and other python libraries Coding blocks Prateek Narang Mentor 07-06-2019 31-07-2019 7 Deepanshu jindal Python Coding blocks Prateek narang Co-Founder 10-06-2019 25-07-2019 ADRDE(Aerial Delivery 8 Jyoti Pachori Deep Learning Research and Development Ajitabh Tiwari Scientist 'D' 03-06-2019 02-07-2019 Establishment),DRDO ,Agra 9 Richa Singh Java ee Cetpa Infotech private limited Mr. Hasan Arshi Trainer in java ee 05-06-2019 28-07-2019 Leading india AI (Bennett 10 Yash Chaudhary Machine learning / deep learning Surbhi Gupta Mentor / Phd scholar 24-06-2019 19-07-2019 University) Project leader , data 11 Yash Chaudhary ML / deep learning Northcorp Sagar 10-06-2019 05-08-2019 scientist 2 12 Deepanshu Rana ReactJs, Amazon Web Services Opslyft Aayush
    [Show full text]
  • Mobile Application Security an Assessment of Bunq’S financial App
    Mobile Application Security an assessment of bunq's financial app Bachelor End Project Authors TU Delft Coach K.Q. Lampe Dr. ir. S.E. Verwer J.C.M. Kraaijeveld T.D. den Braber TU Delft Bachelor Project Coordinators Dr. ir. F.F.J. Hermans Date Dr. ir. M.A. Larson June 2015 Company Coach W. Van Embargo: This document may not be published before September 1, 2015. Preface This report was written as part of the Bachelor Computer Science at the Delft University of Tech- nology. The report contains all information, struggles and achievements of our project that was carried out over a period of ten weeks. The project was created by bunq, a technology company situated in Amsterdam, with the goal of testing their security. When we started with this project we had no experience with software security or mobile application development. Learning about software security and mobile application development was an important goal for ourselves. The project consisted of research into the security of mobile apps in general and the assessment of the bunq apps in particular. The aim of this report is to inform the reader about the accomplishments made during the project, but it also contains recommendations on mobile application security. The recommendations are included, because security is not something that applies to a single development phase; it is also important during further development. We would like to thank everyone at bunq for their support and kindness during the project. A special thanks goes out to Wessel, Sicco, Esan, Djoeri and Ali for learning us numerous things about coding, writing, unix and entrepreneurship.
    [Show full text]
  • Mddanishanwar Contact - [email protected]| +91 7688029342
    MdDanishAnwar Contact - [email protected]| +91 7688029342 about interests 13 M.G.Avenue Durgapur Web Development, Competitive Programming, Quantum Physics, Solving mathematical India problems, Relating day to day work and college curriculum to solve real life problems, Exploring new places and new techniques, Reading Novels and biographies of eminent personalities. languages English, Urdu education Hindi & Bengali since 2015 B.Tech in Information Technology from NIT Durgapur programming CGPA 8.58,SGPA 9.09 Programming Proficient: 2013–2015 H.S. with Science Stream from TITAGARH AGM HIGH SCHOOL C • C++ • JavaScript Passed with 86.2% from WBCHSE Shell • CSS3 • HTML5 2013 Madhyamik from TITAGARH AGM HIGH SCHOOL NodeJs•jQuery•MySQL Passed with 90.85% from WBBSE Familiar: Python • Django • projects NoSQL • LATEX Linux • LEX • YACC Dec 2017 Adornment of C language Team Leader Links Worked with Prof Jaydeep Howlader to create a tool from scratch which My Website converts C source file to ASCII standard format using LEX and YACC. Github:// danishanwar Nov 2017 Weather Update WebApp Self Undertaken LinkedIn:// iammda23 Developed a Weather Update WebApp using API given by Open Weather. CodeChef:// danish The application is built using Javasripts and jQuery. It allows user to search Twitter:// @immda23 for any place and fetches information about weather of the searched place.It Quora:// Danish-Anwar also allows user to get weather information about the current location of the user by just clicking on a button. Coursework Oct 2017 Movie Search WebApp Self Undertaken Undergraduate Developed a Movie Search Web Application using API given by The Operating System MovieDB. The application is built using Javasripts and jQuery.
    [Show full text]
  • Project Summary
    Project Summary Muhammad Abduh, Dipl.-Ing. https://abduh.de 2010 – present, Digital Ratio Development of data warehouse applications (e.g. data marts for marketing, campaign management). Development of software for commissioning, system integration. Development of Qlik Sense and QlikView applications. Development of software for billing and reporting of products for house automation. Development of software for data quality management, sales support, workflow system. • Languages: Ab Initio DML, PL/SQL, Perl, KSH, Java, Groovy, C#, JavaScript • Products: Ab Initio Co>Operating System, Ab Initio EME, Pentaho, Qlik Sense, QlikView • Frameworks: Spring, .NET • Development Tools: Oracle SQL Developer, Gradle, Subversion, Jenkins, IntelliJ, Visual Studio • Databases: Oracle 18c, MySQL, Teradata • Operating Systems: HP-UX, SUN Solaris, Windows Server 2004 – 2010, COLT Telecom Development and continuous improvement of the web application NTQR (Network Traffic & Quality Report). NTQR is a key tool for network planning and traffic analysis of pan-European COLT Voice Networks (Siemens EWSD, Nortel DMS). The application consists of several modules, among other things Trunkgroup Traffic Reports, C7 Link Monitoring, ASR/NER/PDD Monitoring, Transit Traffic Analysis. • Languages: Java, Groovy • Standards: JPA, JDBC, JMX, XHTML • Frameworks: Spring, Hibernate, Grails, jQuery, JFreeChart • Application Server: Glassfish • Databases: Oracle 11g • Operating Systems: SUN Solaris 2008 – 2009, COLT Telecom Development of SIP-based application prototypes on the
    [Show full text]
  • Privacy Preserving Controls for Android Applications by Narasimha
    Privacy Preserving Controls for Android Applications by Narasimha Aditya Gollapudi A Thesis Presented in Partial Fulfillment of the Requirement for the Degree Master of Science Approved November 2014 by the Graduate Supervisory Committee: Partha Dasgupta, Chair Guoliang Xue Adam Doupé ARIZONA STATE UNIVERSITY December 2014 ABSTRACT Android is currently the most widely used mobile operating system. The permission model in Android governs the resource access privileges of applications. The permis- sion model however is amenable to various attacks, including re-delegation attacks, back- ground snooping attacks and disclosure of private information. This thesis is aimed at un- derstanding, analyzing and performing forensics on application behavior. This research sheds light on several security aspects, including the use of inter-process communications (IPC) to perform permission re-delegation attacks. Android permission system is more of app-driven rather than user controlled, which means it is the applications that specify their permission requirement and the only thing which the user can do is choose not to install a particular application based on the require- ments. Given the all or nothing choice, users succumb to pressures and needs to accept permissions requested. This thesis proposes a couple of ways for providing the users finer grained control of application privileges. The same methods can be used to evade the Permission Re-delegation attack. This thesis also proposes and implements a novel methodology in Android that can be used to control the access privileges of an Android application, taking into consider- ation the context of the running application. This application-context based permission usage is further used to analyze a set of sample applications.
    [Show full text]
  • Training Details- June - July 2020 Computer Science and Engineering Department
    Training Details- June - July 2020 Computer Science and Engineering Department S.No Enrollment No Name Training Platform Training Topic Company Name Trainer Designation Start date End date Baja application Turiyatita Technologies 1 00114807218 Ankit Gupta ANDROID CTO 16-06-2020 11-08-2020 development Pvt Ltd Machine Learning and Energy Prediction of 2 00196402717 Adhyansh Bhardwaj THE BIRD GROUP Mr. Ajay Kumar Sr. Engineer 22-06-2020 24-08-2020 Predictive Analysis Wind Farm Python, Tensorflow, Machine Learning, Deep Deep Learning Founder Coursera 3 00196407218 ABDUL WAHEED Learning, Computer Vision, Coursera Mr. Andrew NG 20-04-2020 20-06-2020 Specialization and deeplearning.ai Natural Language Processing 4 00214807218 Baljeet Singh Python, Js Web Development edx America 01-05-2020 15-08-2020 5 00296402717 ANJALI JOSHI ReactJS/Instadapp Blockchain Matic Networks Mr.Sachin Mittal Pre-Sales Engineer 10-04-2020 28-06-2020 Chaudhary 6 00314807218 Python Data Analyst DataCamp Hillary Green-Lerman Lead DataScientist 01-04-2020 26-05-2020 Sarimurrab Various platforms like 7 00396402717 Ankit Singh linkedin, YouTube, webD, E-learning Grad2live Mr. Rishikesh Founder 22-07-2020 22-09-2020 etc. COMPUTER VISION AND OPTICAL 8 00496402717 Anugrah Sebastian Google Colaboratory deeplearning.ai NA 05-05-2020 07-07-2020 CHARACTER RECOGNITION SYSTEM 9 00496407218 Kumar Dhruv Coursera Machine learning Coursera Google cloud training Training guide 06-09-2020 15-11-2020 Natural Language 10 00514802716 Aditya Python Processing (NLP) in Udemy Lazy Programmer
    [Show full text]
  • Fing Command Line Interface 3
    Table of Contents Table of Contents 1 Fing Command Line Interface 3 Requirements 3 Windows 4 OS X / macOS 4 Linux - OpenWRT 4 Docker 4 Installation / Uninstallation 4 Windows 5 OSx / macOS 5 Linux 5 OpenWrt 6 Docker 6 Configuration 7 Folder 7 Files 8 Usage 8 Windows 9 OS X / macOS - Linux - OpenWRT 9 Docker 9 Tools 9 Show Network Information 10 Scan Networks 10 Discovering the services 12 Measuring the round trip time 12 Tracing the route of packets to a destination host 12 Waking device on LAN or WAN 13 Examples 14 Interactive mode 14 Windows 14 OS X - Linux - OpenWRT 15 Docker 15 Kit Mode for Device Recognition 15 Configuration 16 Properties 16 Dynamic Configuration and Usage Token 16 Operating Mode 17 Foreground 17 Background 19 Output 21 Discovery dataset of the network 21 Network dataset 21 Internet Service Provider dataset 22 Network Node base dataset 22 Network node detail dataset for NetBIOS 23 Network node detail dataset for Bonjour 23 Network node detail dataset for UPnP 23 Network node detail dataset for Dhcp 23 Network node detail dataset for Dhcpv6 23 Network node detail dataset for Http 23 Network node detail dataset for Snmp 23 Network node detail dataset for NetBIOS 23 Network node detail dataset for Bonjour 23 Network node detail dataset for UPnP 24 Network node detail dataset for Http User Agent 24 Network node detail dataset for SNMP 24 Network node detail dataset for DHCP 25 Network node detail dataset for DHCP6 25 Full Sample 25 Appendix 1 - Fing Categorization - Groups and Types 26 Appendix 2 - Fing Recognition Rank - Computation 26 1.
    [Show full text]
  • Yann Esposito
    Yann Esposito mail [email protected] port (+33)650845271 address Bât 9, Résidence Saint Marc 691, avenue Jean Aicard 06700, Saint Laurent du Var Professional Background 2013 ! Machine Learning Scientist & Software Engineer at Vigiglobe, 2010 ! Co-Founder of GridPocket, 2007 ! 2013 AirFrance, 10/2006 ! 3/2007 Post Ph.D., Hubert Curien Laboratory, 10/2004 ! 9/2006 ATER (College Degree Teach & Research), 10/2001 ! 9/2004 University Monitor (College Degree Teach & Research), 1995 ! 2000 Miscellaneous summer jobs Education 2004 CS Ph.D. in Machine Learning at Université de Provence 2001 D.E.A. (Equivalent to Master in Computer science) 2000 Maîtrise in Computer Science 1999 Licence in Computer Science 1998 DEUG MIAS (Math) 1995 BAC S (Math) Research Activies: Publications International Journal [Fundamenta Informaticæ, 2008] [Pattern Recognition, 2004] Internation Conferences [ECML 2008] [ICGI 2006] [COLT 2006] [COLT 2004] [ICALP 2003] [ICGI 2002] National Journal [JEDAI 2002] National Conferences [CAp’06] [CAp’04] [CAp’03] 1 Presentation I am French with a Post Ph.D in Machine Learning1. Furthermore I love web programming and design. I am currently working for Vigiglobe. The first six months I worked with node.js (API/MongoDB/Web). Then we upgraded our stack to Clojure, Haskell, Mesos, Kafka, Druid, etc… At that time we were two to make all technical decisions. In the end we made a real time analytics of social media content on a scalable architecture. Actually our architecture is able to man- age (Aggregation & Machine Learning) thousands of messages per second.2 In particular, I’ve written an Haskell twitter stream absorber able to handle thou- sands of tweets per seconds.
    [Show full text]