ICST 2023
Sun 16 - Thu 20 April 2023 Dublin, Ireland
Tue 18 Apr 2023 11:40 - 12:00 at Pearse suite - Session 9: Fuzzing Chair(s): Xavier Devroey

Android apps can be effectively tested by randomly generating inputs and triggering corresponding events. Most test generators focus on user-triggered events, such as button clicks. However, the state of an app is not only determined by the interactions with a user, but also inputs from the system and other apps, which are called intents in Android. Intent fuzzing, that is, the automated generation of randomized intents as test inputs, has been demonstrated to be an effective means for identifying crashes in apps. However, the behavior of intent handlers is influenced by the state of the app, which may depend on the user’s interactions with the app that triggers corresponding events. Recent test generators have therefore started integrating some of both types of events, leaving open questions about the best way to combine and balance UI inputs and intents. In this paper, we describe a general framework for integrating user events and intents for testing Android apps. We study empirically how to best combine these two types of events, and evaluate the effectiveness of the combination. Our experiments suggest that combining UI inputs and intents reveals substantially higher code coverage as well as more unique crashes (843 on 500 F-Droid apps) than sending only user-events (763) or only intents (480). Furthermore, 128 of these unique crashes were found only through the combination of UI inputs and intents, and never by sending only one type of event. Although intent crashes and UI crashes result from similar exception types, they are distinct, which should be taken into account when comparing test generators.

Tue 18 Apr

Displayed time zone: Dublin change

11:00 - 12:30
Session 9: FuzzingPrevious Editions / Posters / Industry / Research Papers at Pearse suite
Chair(s): Xavier Devroey University of Namur
Industrial Deployment of Compiler Fuzzing Techniques for Two GPU Shading Languages
Alastair F. Donaldson Imperial College London, Ben Clayton Google, Ryan Harrison Google, Hasan Mohsin Imperial College London, David Neto Google, Vasyl Teliman National Technical University of Ukraine, Hana Watson Imperial College London
Metamorphic Fuzzing of C++ Libraries
Previous Editions
Andrei Lascu Imperial College London, Alastair F. Donaldson Imperial College London, Tobias Grosser University of Edinburgh, Torsten Hoefler ETH Zurich
Android Fuzzing: Balancing User-Inputs and Intents
Research Papers
Michael Auer University of Passau, Andreas Stahlbauer University of Passau, Gordon Fraser University of Passau
Homo in Machina: Improving Fuzz Testing Coverage via Compartment Analysis
Research Papers
Joshua Bundt Northeastern University, Andrew Fasano Northeastern University, Brendan Dolan-Gavitt New York University, William Robertson Northeastern University, USA, Tim Leek MIT Lincoln Laboratory
Poster: BugOSS: A Regression Bug Benchmark for Empirical Study of Regression Fuzzing Techniques
Jeewoong Kim Handong Global University, Shin Hong Handong Global University