Finding bugs in web applications using dynamic test generation and explicit state model checking

Download: PDF.

“Finding bugs in web applications using dynamic test generation and explicit state model checking” by Shay Artzi, Adam Kieżun, Julian Dolby, Frank Tip, Danny Dig, Amit Paradkar, and Michael D. Ernst. IEEE Transactions on Software Engineering, vol. 36, no. 4, July/August 2010, pp. 474-494.
A previous version appeared as “Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit State Model Checking” by Shay Artzi, Adam Kieżun, Julian Dolby, Frank Tip, Danny Dig, Amit Paradkar, and Michael D. Ernst. MIT Computer Science and Artificial Intelligence Laboratory technical report MIT-CSAIL-TR-2009-010, (Cambridge, MA), March 26, 2009.
A previous version appeared as “Finding bugs in dynamic web applications” by Shay Artzi, Adam Kieżun, Julian Dolby, Frank Tip, Danny Dig, Amit Paradkar, and Michael D. Ernst. In ISSTA 2008, Proceedings of the 2008 International Symposium on Software Testing and Analysis, (Seattle, WA, USA), July 22-24, 2008, pp. 261-272.
A previous version appeared as “Finding bugs in dynamic web applications” by Shay Artzi, Adam Kieżun, Julian Dolby, Frank Tip, Danny Dig, Amit Paradkar, and Michael D. Ernst. IBM T.J. Watson Research Center technical report RC24528, (Hawthorne, NY), April 2, 2008.
A previous version appeared as “Finding bugs in dynamic web applications” by Shay Artzi, Adam Kieżun, Julian Dolby, Frank Tip, Danny Dig, Amit Paradkar, and Michael D. Ernst. MIT Computer Science and Artificial Intelligence Laboratory technical report MIT-CSAIL-TR-2008-006, (Cambridge, MA), February 6, 2008.

Abstract

Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact the usability of web applications. Current tools for web-page validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests, so that the resulting bug reports are small and useful in finding and fixing the underlying faults.

Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 673 faults in 6 PHP web applications.

Download: PDF.

BibTeX entry:

@article{ArtziKDTDPE2010,
   author = {Shay Artzi and Adam Kie{\.z}un and Julian Dolby and Frank Tip
	and Danny Dig and Amit Paradkar and Michael D. Ernst},
   title = {Finding bugs in web applications using dynamic test generation
	and explicit state model checking},
   journal = {IEEE Transactions on Software Engineering},
   volume = {36},
   number = {4},
   pages = {474--494},
   month = {July/August},
   year = {2010}
}

(This webpage was created with bibtex2web.)

Back to Program Analysis Group publications.