Issue No.04 - July/August (2010 vol.36)
Shay Artzi , Thomas J. Watson Research Center, Hawthorne
Adam Kieżun , Women's Hospital/Harvard Medical School, Boston
Julian Dolby , Thomas J. Watson Research Center, Hawthorne
Frank Tip , Thomas J. Watson Research Center, Hawthorne
Danny Dig , University of Illinois at Urbana-Champaign, Urbana
Amit Paradkar , Thomas J. Watson Research Center, Hawthorne
Michael D. Ernst , University of Washington, Seattle
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSE.2010.31
Web script crashes and malformed dynamically generated webpages are common errors, and they seriously impact the usability of Web applications. Current tools for webpage validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic Web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a Web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 673 faults in six PHP Web applications.
Software testing, Web applications, dynamic analysis, PHP, reliability, verification.
Shay Artzi, Adam Kieżun, Julian Dolby, Frank Tip, Danny Dig, Amit Paradkar, Michael D. Ernst, "Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking", IEEE Transactions on Software Engineering, vol.36, no. 4, pp. 474-494, July/August 2010, doi:10.1109/TSE.2010.31