1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman

2 Introduction to Web Applications Web applications are: Web applications are: –interactive systems which run on one or more web servers –dynamic in behavior (customized responses for the user and interact with databases and/or enterprise servers) –heterogeneous in representation –used by businesses in a variety of major market areas (information management, online banking and shopping) As a result, thorough testing of web applications is becoming increasingly important As a result, thorough testing of web applications is becoming increasingly important Testing methodologies that are used for traditional software testing are insufficient Testing methodologies that are used for traditional software testing are insufficient *Source: Halfond, W et al. “Improving Test Case Generation for Web Applications Using Automated Interface Discovery”

3 Static Analysis Approach to Testing Analyze source code without execution Analyze source code without execution Extract interfaces which include Extract interfaces which include – input parameters and domain information –User navigation map which has all possible URLs from source code Create navigation graph Create navigation graph – set of paths for which test cases are generated

4 Example – Student Information Management System (SIMS) An application that can support data associated with a college class An application that can support data associated with a college class Three views with different services: Three views with different services: –Administrator –Professor –Student

5 Example – SIMS Login page asks for ID, password, user type Login page asks for ID, password, user type –Source code validates for proper input parameters –If invalid, error handling message Illustrates how web apps have a need for specific parameter types in order to properly test Illustrates how web apps have a need for specific parameter types in order to properly test

6 Example – SIMS Login Code Fragment 1 2 <% 3 int user_id = Interger.parseInt(request.getParameter("userId")); 4 String password = request.getParameter("userPasswd"); 5 String user_type = request.getParameter("userType"); 6 boolean ispass= test.verify(user_id, user_type, password); 7 if (ispass) { 8 if(user_type.equals(“student”)){ 9 %> 10 Student: 11 login success! 12 Click here to continue 13 <% } 14 else if(user_type.equals(“professor”)){ 15 %> 16 Professor: 17 login success! 18 Click here to continue 19 <% } 20 else{ 21 %> 22 Administrator:<jsp:getProperty name="test" property="userName"/> 23 login success! 24 Click here to continue 25 <% } 26 } 27 else { 28 %> <%} 31 %>

7 Example – SIMS Definitions Control Flow Graph of a page Control Flow Graph of a page –G = (V, E) where G is a directed graph, V are nodes and E are edges connecting the nodes. –node = one statement –edge = possible flow of control between two statements

8 Example – SIMS Definitions x, y are nodes and x ≠ y x, y are nodes and x ≠ y Post dominate – x “post dominates” y if every path from y to exit node contains x Post dominate – x “post dominates” y if every path from y to exit node contains x Control dependent – x is “control dependent” on y … Control dependent – x is “control dependent” on y … –if there exists y1 and y2 as successors of y –x post dominates y1 but not y2

9 Example – SIMS Definitions Transition node (t-node) = node in the CFG which may lead to a transition from one page to another Transition node (t-node) = node in the CFG which may lead to a transition from one page to another Transition path (t-path) = a path which starts from the begin node and ends at a t-node Transition path (t-path) = a path which starts from the begin node and ends at a t-node Transition Flow Graph = set of nodes and edges which show dependency, usage, and definition of parameters Transition Flow Graph = set of nodes and edges which show dependency, usage, and definition of parameters

10 Example – SIMS Sample Transition Flow Graph for the login page

11 Example – SIMS Static Analysis Approach Identify all T-nodes Identify all T-nodes T-paths are identified using Depth First Search T-paths are identified using Depth First Search Loops that are executed n times should be analyzed n times. If number of executions depends on variable, traverse loop only once Loops that are executed n times should be analyzed n times. If number of executions depends on variable, traverse loop only once T-paths are then executed as part of the control flow graph. T-paths are then executed as part of the control flow graph. Irrelevant paths are eliminated using a path slicing technique which is based on whether or not a target node can be reached Irrelevant paths are eliminated using a path slicing technique which is based on whether or not a target node can be reached

12 Example – SIMS Static Analysis Approach Automated interface discovery algorithm is used to extract input parameter and domain information through analyzed source code Automated interface discovery algorithm is used to extract input parameter and domain information through analyzed source code Each path slice is “symbolically executed” which uses symbolic values and input variables as opposed to concrete values Each path slice is “symbolically executed” which uses symbolic values and input variables as opposed to concrete values

13 Example – SIMS Web Navigation Graph constructed from source code as a directed graph where vertices = webpages and directed edges = transition between pages constructed from source code as a directed graph where vertices = webpages and directed edges = transition between pages May include input parameters and path conditions associated with transition May include input parameters and path conditions associated with transition Paths from this graph can be used as a basis for test scenarios Paths from this graph can be used as a basis for test scenarios

14 Example – SIMS Generating Test Cases Web Navigation Graph and Interfaces are used to generate test cases Web Navigation Graph and Interfaces are used to generate test cases Test Case = a path through the web navigation graph that has input values which satisfy path conditions Test Case = a path through the web navigation graph that has input values which satisfy path conditions These input values are chosen based on the domain information found using the automated interface discovery algorithm These input values are chosen based on the domain information found using the automated interface discovery algorithm

15 Conclusions The static approach benefits automatic generation of test cases by providing: The static approach benefits automatic generation of test cases by providing: –more accurate interfaces of web application –More appropriate input parameter values for web forms –Better targeting by using domain information of input parameters to provide appropriate or inappropriate parameter values

16 References Minghui Wang et al. “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” 2008 International Conference on Computer Science and Software Engineering Minghui Wang et al. “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” 2008 International Conference on Computer Science and Software Engineering William G.J. Halfond and Alessandro Orso, “Improving test case generation for Web applications using automated interface discovery”, ESEC/FSE’07 Sep.3-7, 2007, pp Bin Zhu et al. “Testing a Web Application Involving Web Browser Interaction,” th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing