11

A Static Analysis A Static Analysis Approach for Approach for

AutomaticallyAutomaticallyGenerating Test Cases Generating Test Cases

for Web Applicationsfor Web Applications

Presented by:Presented by:Beverly LeungBeverly LeungFahim RahmanFahim Rahman

22

Introduction to Web Introduction to Web ApplicationsApplications

• Web applications are:Web applications are:– interactive systems which run on interactive systems which run on

one or more web servers one or more web servers – dynamic in behavior (customized dynamic in behavior (customized

responses for the user and responses for the user and interact with databases and/or interact with databases and/or enterprise servers)enterprise servers)

– heterogeneous in representationheterogeneous in representation– used by businesses in a variety used by businesses in a variety

of major market areas of major market areas (information management, (information management, online banking and shopping)online banking and shopping)

• As a result, thorough testing of As a result, thorough testing of web applications is becoming web applications is becoming increasingly importantincreasingly important

• Testing methodologies that are Testing methodologies that are used for traditional software used for traditional software testing are insufficienttesting are insufficient

*Source: Halfond, W et al. “Improving Test Case Generationfor Web Applications Using Automated Interface Discovery”

33

Static Analysis Static Analysis Approach to TestingApproach to Testing

• Analyze source code without executionAnalyze source code without execution• Extract interfaces which includeExtract interfaces which include

– input parameters and domain informationinput parameters and domain information– User navigation map which has all possible User navigation map which has all possible

URLs from source codeURLs from source code

• Create navigation graphCreate navigation graph– set of paths for which test cases are set of paths for which test cases are

generatedgenerated

44

Example – Student Example – Student Information Management Information Management

System (SIMS)System (SIMS)• An application that can support data An application that can support data

associated with a college classassociated with a college class

• Three views with different services:Three views with different services:– AdministratorAdministrator– ProfessorProfessor– StudentStudent

55

Example – SIMSExample – SIMS

• Login page asks for ID, password, Login page asks for ID, password, user typeuser type– Source code validates for proper input Source code validates for proper input

parametersparameters– If invalid, error handling messageIf invalid, error handling message

• Illustrates how web apps have a Illustrates how web apps have a need for specific parameter types in need for specific parameter types in order to properly testorder to properly test

66

Example – SIMSExample – SIMSLogin Code FragmentLogin Code Fragment

1 <jsp:useBean id="test" scope="session" class="TestBean"/>2 <%3 int user_id = Interger.parseInt(request.getParameter("userId"));4 String password = request.getParameter("userPasswd");5 String user_type = request.getParameter("userType");6 boolean ispass= test.verify(user_id, user_type, password);7 if (ispass) {8 if(user_type.equals(“student”)){9 %>10 Student:<jsp:getProperty name="test" property="userName"/>11 login success!12 <a href="student_first_page.jsp">Click here to continue</a>13 <% }14 else if(user_type.equals(“professor”)){15 %>16 Professor:<jsp:getProperty name="test" property="userName"/>17 login success!18 <a href="professor_first_page.jsp">Click here to continue</a>19 <% }20 else{21 %>22 Administrator:<jsp:getProperty name="test"property="userName"/>23 login success!24 <a href="administrator_first_page.jsp">Click here to

continue</a>25 <% }26 }27 else {28 %>29 <jsp:forward page="error.jsp" flush="true"></jsp:forward>30 <%}31 %>

77

Example – SIMS Example – SIMS DefinitionsDefinitions

• Control Flow Graph of a pageControl Flow Graph of a page– G = (V, E) where G is a directed graph, V G = (V, E) where G is a directed graph, V

are nodes and E are edges connecting are nodes and E are edges connecting the nodes. the nodes.

– node = one statementnode = one statement– edge = possible flow of control between edge = possible flow of control between

two statementstwo statements

88

Example – SIMS Example – SIMS Definitions Definitions

• xx, , yy are nodes and are nodes and xx ≠ ≠ yy

• Post dominatePost dominate – – xx “post dominates” “post dominates” yy if if every path from every path from yy to exit node contains to exit node contains xx

• Control dependentControl dependent – – xx is “control is “control dependent” on dependent” on yy … …– if there exists if there exists y1y1 and and y2y2 as successors of as successors of yy – xx post dominates post dominates y1y1 but not but not y2y2

99

Example – SIMS Example – SIMS Definitions Definitions

• Transition node (t-node)Transition node (t-node) = node in the CFG = node in the CFG which may lead to a transition from one which may lead to a transition from one page to anotherpage to another

• Transition path (t-path)Transition path (t-path) = a path which = a path which starts from the begin node and ends at a t-starts from the begin node and ends at a t-nodenode

• Transition Flow GraphTransition Flow Graph = set of nodes and = set of nodes and edges which show dependency, usage, edges which show dependency, usage, and definition of parametersand definition of parameters

1010

Example – SIMSExample – SIMS

Sample Transition

Flow Graph for the login

page

1111

Example – SIMS Example – SIMS Static Analysis Approach Static Analysis Approach

• Identify all T-nodesIdentify all T-nodes• T-paths are identified using Depth First SearchT-paths are identified using Depth First Search• Loops that are executed n times should be Loops that are executed n times should be

analyzed n times. If number of executions analyzed n times. If number of executions depends on variable, traverse loop only oncedepends on variable, traverse loop only once

• T-paths are then executed as part of the T-paths are then executed as part of the control flow graph. control flow graph.

• Irrelevant paths are eliminated using a Irrelevant paths are eliminated using a path path slicing techniqueslicing technique which is based on whether which is based on whether or not a target node can be reachedor not a target node can be reached

1212

Example – SIMS Example – SIMS Static Analysis Approach Static Analysis Approach

• Automated interface discoveryAutomated interface discovery algorithm is used to extract input algorithm is used to extract input parameter and domain information parameter and domain information through analyzed source codethrough analyzed source code

• Each path slice is “symbolically Each path slice is “symbolically executed” which uses symbolic executed” which uses symbolic values and input variables as values and input variables as opposed to concrete valuesopposed to concrete values

1313

Example – SIMS Example – SIMS Web Navigation Graph Web Navigation Graph

• constructed from source code as a constructed from source code as a directed graph where vertices = directed graph where vertices = webpages and directed edges = webpages and directed edges = transition between pagestransition between pages

• May include input parameters and May include input parameters and path conditions associated with path conditions associated with transitiontransition

• Paths from this graph can be used as Paths from this graph can be used as a basis for test scenariosa basis for test scenarios

1414

Example – SIMS Example – SIMS Generating Test Cases Generating Test Cases

• Web Navigation Graph and Interfaces Web Navigation Graph and Interfaces are used to generate test casesare used to generate test cases

• Test Case = a path through the web Test Case = a path through the web navigation graph that has input navigation graph that has input values which satisfy path conditionsvalues which satisfy path conditions

• These input values are chosen based These input values are chosen based on the domain information found on the domain information found using the automated interface using the automated interface discovery algorithmdiscovery algorithm

1515

ConclusionsConclusions

• The static approach benefits automatic The static approach benefits automatic generation of test cases by providing:generation of test cases by providing:– more accurate interfaces of web applicationmore accurate interfaces of web application– More appropriate input parameter values for More appropriate input parameter values for

web formsweb forms– Better targeting by using domain Better targeting by using domain

information of input parameters to provide information of input parameters to provide appropriate or inappropriate parameter appropriate or inappropriate parameter valuesvalues

1616

ReferencesReferences

• Minghui Wang et al. “A Static Analysis Approach for Minghui Wang et al. “A Static Analysis Approach for Automatic Generating Test Cases for Web Applications,” Automatic Generating Test Cases for Web Applications,” 2008 International Conference on Computer Science and 2008 International Conference on Computer Science and Software EngineeringSoftware Engineering

• William G.J. Halfond and Alessandro Orso, “Improving test case generation for Web applications using automated interface discovery”, ESEC/FSE’07 Sep.3-7, 2007, pp. 145-154

• Bin Zhu et al. “Testing a Web Application Involving Web Browser Interaction,” 2009 10th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing