Command-Form Coverage for Testing Database Applications

The testing of database applications poses new challenges for software engineers. In particular, it is difficult to thoroughly test the interactions between an application and its underlying database, which typically occur through dynamically-generated database commands. Because traditional code-based coverage criteria focus only on the application code, they are often inadequate in exercising these commands. To address this problem, we introduce a new test adequacy criterion that is based on coverage of the database commands generated by an application and specifically focuses on the application-database interactions. We describe the criterion, an analysis that computes the corresponding testing requirements, and an efficient technique for measuring coverage of these requirements. We also present a tool that implements our approach and a preliminary study that shows the approach's potential usefulness and feasibility

[1]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[2]  Shing-Chi Cheung,et al.  Testing Database Applications with SQL Semantics , 1999, CODAS.

[3]  Shing-Chi Cheung,et al.  Automatic generation of database instances for white-box testing , 2001, 25th Annual International Computer Software and Applications Conference. COMPSAC 2001.

[4]  Marc J. Balcer,et al.  The category-partition method for specifying and generating fuctional tests , 1988, CACM.

[5]  Elaine J. Weyuker,et al.  An AGENDA for testing relational database applications , 2004, Softw. Test. Verification Reliab..

[6]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[7]  Yuetang Deng,et al.  Testing database transactions with AGENDA , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[8]  Dolores R. Wallace,et al.  Structured Testing: A Testing Methodology Using the Cyclomatic Complexity Metric , 1996 .

[9]  Suzanne M. Embury,et al.  A safe regression test selection technique for database-driven applications , 2005, 21st IEEE International Conference on Software Maintenance (ICSM'05).

[10]  Elaine J. Weyuker,et al.  An Applicable Family of Data Flow Testing Criteria , 1988, IEEE Trans. Software Eng..

[11]  Phyllis G. Frankl,et al.  A framework for testing database applications , 2000, ISSTA '00.

[12]  Elaine J. Weyuker,et al.  The applicability of program schema results to programs , 1979, International Journal of Computer & Information Sciences.

[13]  Zhendong Su,et al.  The essence of command injection attacks in web applications , 2006, POPL '06.

[14]  Mary Lou Soffa,et al.  A family of test adequacy criteria for database-driven applications , 2003, ESEC/FSE-11.

[15]  S. Rai,et al.  Safe query objects: statically typed objects as remotely executable queries , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[16]  James R. Larus,et al.  Efficient path profiling , 1996, Proceedings of the 29th Annual IEEE/ACM International Symposium on Microarchitecture. MICRO 29.

[17]  Premkumar T. Devanbu,et al.  Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[18]  Javier Tuya,et al.  Using an SQL coverage measurement for testing database applications , 2004, SIGSOFT '04/FSE-12.

[19]  R.A. McClure,et al.  SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[20]  Ramzi A. Haraty,et al.  Regression testing of database applications , 2001, SAC.

[21]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[22]  Suzanne M. Embury,et al.  An intensional approach to the specification of test cases for database applications , 2006, ICSE '06.

[23]  Suzanne M. Embury,et al.  Exploring test adequacy for database systems , 2006 .

[24]  Steven P. Miller,et al.  Applicability of modified condition/decision coverage to software testing , 1994, Softw. Eng. J..