Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman.

Published byRodney Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman."— Presentation transcript:

1 1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman

2 2 Introduction to Web Applications Web applications are: Web applications are: –interactive systems which run on one or more web servers –dynamic in behavior (customized responses for the user and interact with databases and/or enterprise servers) –heterogeneous in representation –used by businesses in a variety of major market areas (information management, online banking and shopping) As a result, thorough testing of web applications is becoming increasingly important As a result, thorough testing of web applications is becoming increasingly important Testing methodologies that are used for traditional software testing are insufficient Testing methodologies that are used for traditional software testing are insufficient *Source: Halfond, W et al. “Improving Test Case Generation for Web Applications Using Automated Interface Discovery”

3 3 Static Analysis Approach to Testing Analyze source code without execution Analyze source code without execution Extract interfaces which include Extract interfaces which include – input parameters and domain information –User navigation map which has all possible URLs from source code Create navigation graph Create navigation graph – set of paths for which test cases are generated

4 4 Example – Student Information Management System (SIMS) An application that can support data associated with a college class An application that can support data associated with a college class Three views with different services: Three views with different services: –Administrator –Professor –Student

5 5 Example – SIMS Login page asks for ID, password, user type Login page asks for ID, password, user type –Source code validates for proper input parameters –If invalid, error handling message Illustrates how web apps have a need for specific parameter types in order to properly test Illustrates how web apps have a need for specific parameter types in order to properly test

6 6 Example – SIMS Login Code Fragment 1 2 <% 3 int user_id = Interger.parseInt(request.getParameter("userId")); 4 String password = request.getParameter("userPasswd"); 5 String user_type = request.getParameter("userType"); 6 boolean ispass= test.verify(user_id, user_type, password); 7 if (ispass) { 8 if(user_type.equals(“student”)){ 9 %> 10 Student: 11 login success! 12 Click here to continue 13 <% } 14 else if(user_type.equals(“professor”)){ 15 %> 16 Professor: 17 login success! 18 Click here to continue 19 <% } 20 else{ 21 %> 22 Administrator:<jsp:getProperty name="test" property="userName"/> 23 login success! 24 Click here to continue 25 <% } 26 } 27 else { 28 %> 29 30 <%} 31 %>

7 7 Example – SIMS Definitions Control Flow Graph of a page Control Flow Graph of a page –G = (V, E) where G is a directed graph, V are nodes and E are edges connecting the nodes. –node = one statement –edge = possible flow of control between two statements

8 8 Example – SIMS Definitions x, y are nodes and x ≠ y x, y are nodes and x ≠ y Post dominate – x “post dominates” y if every path from y to exit node contains x Post dominate – x “post dominates” y if every path from y to exit node contains x Control dependent – x is “control dependent” on y … Control dependent – x is “control dependent” on y … –if there exists y1 and y2 as successors of y –x post dominates y1 but not y2

9 9 Example – SIMS Definitions Transition node (t-node) = node in the CFG which may lead to a transition from one page to another Transition node (t-node) = node in the CFG which may lead to a transition from one page to another Transition path (t-path) = a path which starts from the begin node and ends at a t-node Transition path (t-path) = a path which starts from the begin node and ends at a t-node Transition Flow Graph = set of nodes and edges which show dependency, usage, and definition of parameters Transition Flow Graph = set of nodes and edges which show dependency, usage, and definition of parameters

10 10 Example – SIMS Sample Transition Flow Graph for the login page

11 11 Example – SIMS Static Analysis Approach Identify all T-nodes Identify all T-nodes T-paths are identified using Depth First Search T-paths are identified using Depth First Search Loops that are executed n times should be analyzed n times. If number of executions depends on variable, traverse loop only once Loops that are executed n times should be analyzed n times. If number of executions depends on variable, traverse loop only once T-paths are then executed as part of the control flow graph. T-paths are then executed as part of the control flow graph. Irrelevant paths are eliminated using a path slicing technique which is based on whether or not a target node can be reached Irrelevant paths are eliminated using a path slicing technique which is based on whether or not a target node can be reached

12 12 Example – SIMS Static Analysis Approach Automated interface discovery algorithm is used to extract input parameter and domain information through analyzed source code Automated interface discovery algorithm is used to extract input parameter and domain information through analyzed source code Each path slice is “symbolically executed” which uses symbolic values and input variables as opposed to concrete values Each path slice is “symbolically executed” which uses symbolic values and input variables as opposed to concrete values

13 13 Example – SIMS Web Navigation Graph constructed from source code as a directed graph where vertices = webpages and directed edges = transition between pages constructed from source code as a directed graph where vertices = webpages and directed edges = transition between pages May include input parameters and path conditions associated with transition May include input parameters and path conditions associated with transition Paths from this graph can be used as a basis for test scenarios Paths from this graph can be used as a basis for test scenarios

14 14 Example – SIMS Generating Test Cases Web Navigation Graph and Interfaces are used to generate test cases Web Navigation Graph and Interfaces are used to generate test cases Test Case = a path through the web navigation graph that has input values which satisfy path conditions Test Case = a path through the web navigation graph that has input values which satisfy path conditions These input values are chosen based on the domain information found using the automated interface discovery algorithm These input values are chosen based on the domain information found using the automated interface discovery algorithm

15 15 Conclusions The static approach benefits automatic generation of test cases by providing: The static approach benefits automatic generation of test cases by providing: –more accurate interfaces of web application –More appropriate input parameter values for web forms –Better targeting by using domain information of input parameters to provide appropriate or inappropriate parameter values

16 16 References Minghui Wang et al. “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” 2008 International Conference on Computer Science and Software Engineering Minghui Wang et al. “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” 2008 International Conference on Computer Science and Software Engineering William G.J. Halfond and Alessandro Orso, “Improving test case generation for Web applications using automated interface discovery”, ESEC/FSE’07 Sep.3-7, 2007, pp. 145-154 Bin Zhu et al. “Testing a Web Application Involving Web Browser Interaction,” 2009 10th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing

Download ppt "1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman."

Similar presentations

CPSC 388 – Compiler Design and Construction

CPSC 388 – Compiler Design and Construction
Overview Structural Testing Introduction – General Concepts

Overview Structural Testing Introduction – General Concepts
School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.

School of EECS, Peking University “Advanced Compiler Techniques” (Fall 2011) SSA Guo, Yao.
PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)

PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.

CS412/413 Introduction to Compilers Radu Rugina Lecture 37: DU Chains and SSA Form 29 Apr 02.
Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)

Control Flow Analysis (Chapter 7) Mooly Sagiv (with Contributions by Hanne Riis Nielson)
Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.

Chair of Software Engineering From Program slicing to Abstract Interpretation Dr. Manuel Oriol.
Computer Science 313 – Advanced Programming Topics.

Computer Science 313 – Advanced Programming Topics.
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.

1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.

DSPIN: Detecting Automatically Spun Content on the Web Qing Zhang, David Y. Wang, Geoffrey M. Voelker University of California, San Diego 1.
CMSC 345, Version 11/07 SD Vick from S. Mitchell Software Testing.

CMSC 345, Version 11/07 SD Vick from S. Mitchell Software Testing.
Dr. Xiang Fu Assistant Professor Department of Computer Science Hofstra University.

Dr. Xiang Fu Assistant Professor Department of Computer Science Hofstra University.
Automated Identification of Parameter Mismatches in Web Applications William G.J. Halfond and Alessandro Orso Georgia Institute of Technology.

Automated Identification of Parameter Mismatches in Web Applications William G.J. Halfond and Alessandro Orso Georgia Institute of Technology.
1 Static Testing: defect prevention SIM3302. 2 objectives Able to list various type of structured group examinations (manual checking) Able to statically.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
1 “White box” or “glass box” tests “White Box” (or “Glass Box”) Tests.

1 “White box” or “glass box” tests “White Box” (or “Glass Box”) Tests.
A High Performance Application Representation for Reconfigurable Systems Wenrui GongGang WangRyan Kastner Department of Electrical and Computer Engineering.

A High Performance Application Representation for Reconfigurable Systems Wenrui GongGang WangRyan Kastner Department of Electrical and Computer Engineering.
Aho-Corasick String Matching An Efficient String Matching.

Aho-Corasick String Matching An Efficient String Matching.
Domain Testing Based on Character String Predicate Ruilian Zhao Computer Science Dept. Beijing University of Chemical Technology Michael R. Lyu Computer.

Domain Testing Based on Character String Predicate Ruilian Zhao Computer Science Dept. Beijing University of Chemical Technology Michael R. Lyu Computer.
Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Leveraging User Interactions for In-Depth Testing of Web Applications Sean McAllister, Engin Kirda, and Christopher Kruegel RAID ’08 1 Seoyeon Kang November.

Similar presentations

Ads by Google