Issue No. 04 - July/August (2010 vol. 36)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSE.2010.31
Michael D. Ernst , University of Washington, Seattle
Shay Artzi , Thomas J. Watson Research Center, Hawthorne
Adam Kieżun , Women's Hospital/Harvard Medical School, Boston
Amit Paradkar , Thomas J. Watson Research Center, Hawthorne
Danny Dig , University of Illinois at Urbana-Champaign, Urbana
Frank Tip , Thomas J. Watson Research Center, Hawthorne
Julian Dolby , Thomas J. Watson Research Center, Hawthorne
Web script crashes and malformed dynamically generated webpages are common errors, and they seriously impact the usability of Web applications. Current tools for webpage validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic Web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a Web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 673 faults in six PHP Web applications.
Software testing, Web applications, dynamic analysis, PHP, reliability, verification.
Michael D. Ernst, Shay Artzi, Adam Kieżun, Amit Paradkar, Danny Dig, Frank Tip, Julian Dolby, "Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit-State Model Checking", IEEE Transactions on Software Engineering, vol. 36, no. , pp. 474-494, July/August 2010, doi:10.1109/TSE.2010.31