TY - GEN
T1 - Effectively Finding ICC-related Bugs in Android Apps via Reinforcement Learning
AU - Guo, Hui
AU - Su, Ting
AU - Liu, Xiaoqiang
AU - Gu, Siyi
AU - Sun, Jingling
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Inter-component communication (ICC) is a key mechanism in Android. It utilizes intents to achieve the communications between different components in the apps. Thus, the successful execution of ICCs (named ICC calls) is fundamental to the app operations. However, existing testing tools for Android seldom explicitly consider these ICC calls, which may fail to find those ICC-related bugs. To this end, we propose a novel ICC-guided exploration strategy to effectively find the ICC-related bugs. Our idea is that, we can (1) build an ICC call graph from the app under test, and (2) use this graph to guide the exploration toward exercising the ICC calls. To achieve this idea, we design this ICC-guided exploration strategy based on Q-learning, a classic reinforcement learning algorithm. Specifically, the reward function explicitly considers the number of explored intents, the number of promising-to-explore intents and the exploration order of explored intents to improve testing effectiveness. Moreover, to build a more complete ICC call graph, we design a graph enhancement exploration strategy also based on Q-learning to complement the call graph construction via static analysis. We have implemented our idea as an automated testing tool IccDroid. The evaluation on 28 real-word Android apps shows that IccDroid can effectively find the most number of ICC-related bugs within the same testing time, compared to existing testing tools - the bugs found by IccDroid are 1.7~2.7 times more than the others. So far, IccDroid has found 13 previously unknown ICC-related bugs, all of which have been confirmed by the app developers and five have already been fixed.
AB - Inter-component communication (ICC) is a key mechanism in Android. It utilizes intents to achieve the communications between different components in the apps. Thus, the successful execution of ICCs (named ICC calls) is fundamental to the app operations. However, existing testing tools for Android seldom explicitly consider these ICC calls, which may fail to find those ICC-related bugs. To this end, we propose a novel ICC-guided exploration strategy to effectively find the ICC-related bugs. Our idea is that, we can (1) build an ICC call graph from the app under test, and (2) use this graph to guide the exploration toward exercising the ICC calls. To achieve this idea, we design this ICC-guided exploration strategy based on Q-learning, a classic reinforcement learning algorithm. Specifically, the reward function explicitly considers the number of explored intents, the number of promising-to-explore intents and the exploration order of explored intents to improve testing effectiveness. Moreover, to build a more complete ICC call graph, we design a graph enhancement exploration strategy also based on Q-learning to complement the call graph construction via static analysis. We have implemented our idea as an automated testing tool IccDroid. The evaluation on 28 real-word Android apps shows that IccDroid can effectively find the most number of ICC-related bugs within the same testing time, compared to existing testing tools - the bugs found by IccDroid are 1.7~2.7 times more than the others. So far, IccDroid has found 13 previously unknown ICC-related bugs, all of which have been confirmed by the app developers and five have already been fixed.
KW - Android apps testing
KW - ICC related bugs
KW - Reinforcement Learning
UR - https://www.scopus.com/pages/publications/85178020043
U2 - 10.1109/ISSRE59848.2023.00032
DO - 10.1109/ISSRE59848.2023.00032
M3 - 会议稿件
AN - SCOPUS:85178020043
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 403
EP - 414
BT - Proceedings - 2023 IEEE 34th International Symposium on Software Reliability Engineering, ISSRE 2023
PB - IEEE Computer Society
T2 - 34th IEEE International Symposium on Software Reliability Engineering, ISSRE 2023
Y2 - 9 October 2023 through 12 October 2023
ER -