WebView is a UI widget that helps integrate web applications into the native context of Android apps. It provides powerful mechanisms for bi-directional interactions between the native-end (Java) and the web-end (JavaScript) of an Android app. However, these interaction mechanisms are complicated and have induced various types of bugs. To mitigate the problem, various techniques have been proposed to detect WebView-induced bugs via dynamic analysis, which heavily relies on executing tests to explore WebView behaviors. Unfortunately, these techniques either require manual effort or adopt random test generation approaches, which are not able to effectively explore diverse WebView behaviors. In this paper, we study the problem of test generation for WebViews in Android apps. Effective test generation for WebViews requires identifying the essential program properties to be covered by the generated tests. To this end, we propose \emph{WebView-specific properties} to characterize WebView behaviors, and devise a cross-language dynamic analysis method to identify these properties. We develop \textsc{$\omega$Test}, a test generation technique that searches for event sequences covering the identified WebView-specific properties. An evaluation on 74 real-world open-/closed-source Android apps shows that \textsc{$\omega$Test} can cover diverse WebView behaviors and detect WebView-induced bugs effectively. \textsc{$\omega$Test} detected 36 previously-unknown bugs. From the 22 bugs that we have reported to the app developers, 13 bugs were confirmed, 9 of which were fixed.

Thu 20 Jul

Displayed time zone: Pacific Time (US & Canada) change

13:30 - 15:00
ISSTA 12: Web and Smart ContractsTechnical Papers at Smith Classroom (Gates G10)
Chair(s): Martin Kellogg New Jersey Institute of Technology
13:30
15m
Talk
Enhancing REST API Testing with NLP Techniques
Technical Papers
Myeongsoo Kim Georgia Institute of Technology, Davide Corradini University of Verona, Saurabh Sinha IBM Research, Alessandro Orso Georgia Institute of Technology, Michele Pasqua University of Verona, Rachel Tzoref-Brill IBM Research, Mariano Ceccato University of Verona
DOI
13:45
15m
Talk
AGORA: Automated Generation of Test Oracles for REST APIsACM SIGSOFT Distinguished Artifact
Technical Papers
Juan C. Alonso University of Seville, Sergio Segura University of Seville, Antonio Ruiz-Cortés University of Seville
DOI
14:00
15m
Talk
ωTest: WebView-Oriented Testing for Android Applications
Technical Papers
Jiajun Hu Hong Kong University of Science and Technology, Lili Wei McGill University, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Hong Kong University of Science and Technology
DOI
14:15
15m
Talk
NodeRT: Detecting Races in Node.js Applications Practically
Technical Papers
Jingyao Zhou Nanjing University, Lei Xu Nanjing University, Gongzheng Lu Suzhou City University, Weifeng Zhang Nanjing University of Posts and Telecommunications, Xiangyu Zhang Purdue University
DOI
14:30
15m
Talk
iSyn: Semi-automated Smart Contract Synthesis from Legal Financial Agreements
Technical Papers
Pengcheng Fang Case Western Reserve University, Zhenhua Zou Tsinghua University, Xusheng Xiao Arizona State University, Zhuotao Liu Tsinghua University
DOI
14:45
15m
Talk
Automated Generation of Security-Centric Descriptions for Smart Contract BytecodeACM SIGSOFT Distinguished Paper
Technical Papers
Yu Pan University of Utah, Zhichao Xu University of Utah, Levi Taiji Li University of Utah, Yunhe Yang University of Utah, Mu Zhang University of Utah
DOI