Date post: | 12-Jan-2016 |
Category: |
Documents |
Upload: | rodney-turner |
View: | 216 times |
Download: | 2 times |
11
A Static Analysis A Static Analysis Approach for Approach for
AutomaticallyAutomaticallyGenerating Test Cases Generating Test Cases
for Web Applicationsfor Web Applications
Presented by:Presented by:Beverly LeungBeverly LeungFahim RahmanFahim Rahman
22
Introduction to Web Introduction to Web ApplicationsApplications
• Web applications are:Web applications are:– interactive systems which run on interactive systems which run on
one or more web servers one or more web servers – dynamic in behavior (customized dynamic in behavior (customized
responses for the user and responses for the user and interact with databases and/or interact with databases and/or enterprise servers)enterprise servers)
– heterogeneous in representationheterogeneous in representation– used by businesses in a variety used by businesses in a variety
of major market areas of major market areas (information management, (information management, online banking and shopping)online banking and shopping)
• As a result, thorough testing of As a result, thorough testing of web applications is becoming web applications is becoming increasingly importantincreasingly important
• Testing methodologies that are Testing methodologies that are used for traditional software used for traditional software testing are insufficienttesting are insufficient
*Source: Halfond, W et al. “Improving Test Case Generationfor Web Applications Using Automated Interface Discovery”
33
Static Analysis Static Analysis Approach to TestingApproach to Testing
• Analyze source code without executionAnalyze source code without execution• Extract interfaces which includeExtract interfaces which include
– input parameters and domain informationinput parameters and domain information– User navigation map which has all possible User navigation map which has all possible
URLs from source codeURLs from source code
• Create navigation graphCreate navigation graph– set of paths for which test cases are set of paths for which test cases are
generatedgenerated
44
Example – Student Example – Student Information Management Information Management
System (SIMS)System (SIMS)• An application that can support data An application that can support data
associated with a college classassociated with a college class
• Three views with different services:Three views with different services:– AdministratorAdministrator– ProfessorProfessor– StudentStudent
55
Example – SIMSExample – SIMS
• Login page asks for ID, password, Login page asks for ID, password, user typeuser type– Source code validates for proper input Source code validates for proper input
parametersparameters– If invalid, error handling messageIf invalid, error handling message
• Illustrates how web apps have a Illustrates how web apps have a need for specific parameter types in need for specific parameter types in order to properly testorder to properly test
66
Example – SIMSExample – SIMSLogin Code FragmentLogin Code Fragment
1 <jsp:useBean id="test" scope="session" class="TestBean"/>2 <%3 int user_id = Interger.parseInt(request.getParameter("userId"));4 String password = request.getParameter("userPasswd");5 String user_type = request.getParameter("userType");6 boolean ispass= test.verify(user_id, user_type, password);7 if (ispass) {8 if(user_type.equals(“student”)){9 %>10 Student:<jsp:getProperty name="test" property="userName"/>11 login success!12 <a href="student_first_page.jsp">Click here to continue</a>13 <% }14 else if(user_type.equals(“professor”)){15 %>16 Professor:<jsp:getProperty name="test" property="userName"/>17 login success!18 <a href="professor_first_page.jsp">Click here to continue</a>19 <% }20 else{21 %>22 Administrator:<jsp:getProperty name="test"property="userName"/>23 login success!24 <a href="administrator_first_page.jsp">Click here to
continue</a>25 <% }26 }27 else {28 %>29 <jsp:forward page="error.jsp" flush="true"></jsp:forward>30 <%}31 %>
77
Example – SIMS Example – SIMS DefinitionsDefinitions
• Control Flow Graph of a pageControl Flow Graph of a page– G = (V, E) where G is a directed graph, V G = (V, E) where G is a directed graph, V
are nodes and E are edges connecting are nodes and E are edges connecting the nodes. the nodes.
– node = one statementnode = one statement– edge = possible flow of control between edge = possible flow of control between
two statementstwo statements
88
Example – SIMS Example – SIMS Definitions Definitions
• xx, , yy are nodes and are nodes and xx ≠ ≠ yy
• Post dominatePost dominate – – xx “post dominates” “post dominates” yy if if every path from every path from yy to exit node contains to exit node contains xx
• Control dependentControl dependent – – xx is “control is “control dependent” on dependent” on yy … …– if there exists if there exists y1y1 and and y2y2 as successors of as successors of yy – xx post dominates post dominates y1y1 but not but not y2y2
99
Example – SIMS Example – SIMS Definitions Definitions
• Transition node (t-node)Transition node (t-node) = node in the CFG = node in the CFG which may lead to a transition from one which may lead to a transition from one page to anotherpage to another
• Transition path (t-path)Transition path (t-path) = a path which = a path which starts from the begin node and ends at a t-starts from the begin node and ends at a t-nodenode
• Transition Flow GraphTransition Flow Graph = set of nodes and = set of nodes and edges which show dependency, usage, edges which show dependency, usage, and definition of parametersand definition of parameters
1010
Example – SIMSExample – SIMS
Sample Transition
Flow Graph for the login
page
1111
Example – SIMS Example – SIMS Static Analysis Approach Static Analysis Approach
• Identify all T-nodesIdentify all T-nodes• T-paths are identified using Depth First SearchT-paths are identified using Depth First Search• Loops that are executed n times should be Loops that are executed n times should be
analyzed n times. If number of executions analyzed n times. If number of executions depends on variable, traverse loop only oncedepends on variable, traverse loop only once
• T-paths are then executed as part of the T-paths are then executed as part of the control flow graph. control flow graph.
• Irrelevant paths are eliminated using a Irrelevant paths are eliminated using a path path slicing techniqueslicing technique which is based on whether which is based on whether or not a target node can be reachedor not a target node can be reached
1212
Example – SIMS Example – SIMS Static Analysis Approach Static Analysis Approach
• Automated interface discoveryAutomated interface discovery algorithm is used to extract input algorithm is used to extract input parameter and domain information parameter and domain information through analyzed source codethrough analyzed source code
• Each path slice is “symbolically Each path slice is “symbolically executed” which uses symbolic executed” which uses symbolic values and input variables as values and input variables as opposed to concrete valuesopposed to concrete values
1313
Example – SIMS Example – SIMS Web Navigation Graph Web Navigation Graph
• constructed from source code as a constructed from source code as a directed graph where vertices = directed graph where vertices = webpages and directed edges = webpages and directed edges = transition between pagestransition between pages
• May include input parameters and May include input parameters and path conditions associated with path conditions associated with transitiontransition
• Paths from this graph can be used as Paths from this graph can be used as a basis for test scenariosa basis for test scenarios
1414
Example – SIMS Example – SIMS Generating Test Cases Generating Test Cases
• Web Navigation Graph and Interfaces Web Navigation Graph and Interfaces are used to generate test casesare used to generate test cases
• Test Case = a path through the web Test Case = a path through the web navigation graph that has input navigation graph that has input values which satisfy path conditionsvalues which satisfy path conditions
• These input values are chosen based These input values are chosen based on the domain information found on the domain information found using the automated interface using the automated interface discovery algorithmdiscovery algorithm
1515
ConclusionsConclusions
• The static approach benefits automatic The static approach benefits automatic generation of test cases by providing:generation of test cases by providing:– more accurate interfaces of web applicationmore accurate interfaces of web application– More appropriate input parameter values for More appropriate input parameter values for
web formsweb forms– Better targeting by using domain Better targeting by using domain
information of input parameters to provide information of input parameters to provide appropriate or inappropriate parameter appropriate or inappropriate parameter valuesvalues
1616
ReferencesReferences
• Minghui Wang et al. “A Static Analysis Approach for Minghui Wang et al. “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” Automatic Generating Test Cases for Web Applications,” 2008 International Conference on Computer Science and 2008 International Conference on Computer Science and Software EngineeringSoftware Engineering
• William G.J. Halfond and Alessandro Orso, “Improving test case generation for Web applications using automated interface discovery”, ESEC/FSE’07 Sep.3-7, 2007, pp. 145-154
• Bin Zhu et al. “Testing a Web Application Involving Web Browser Interaction,” 2009 10th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing