Automated verification and test case generation for input validation

Input validation is essential for any software that deals with input from its external environment. It forms a major part of such software that has intensive interaction with its environment. Through the integration of invariant and empirical properties for implementing input validation, this paper proposes a novel approach for the automation of the following tasks from processing the source code of a program: (1) verification of existence of input validation; (2) generation of test cases to test and demonstrate all the input validations; (3) classification of each validation into the various types defined along with its test case generated. All the empirical properties in the theory have been validated statistically based on open source systems. Our evaluation shows that the proposed approach can help in both testing of input validation features and verifying the adequacy of input control.

[1]  A. Jefferson Offutt,et al.  Bypass testing of Web applications , 2004, 15th International Symposium on Software Reliability Engineering.

[2]  Kuo-Chung Tai,et al.  Theory of Fault-Based Predicate Testing for Computer Programs , 1996, IEEE Trans. Software Eng..

[3]  Mary Lou Soffa,et al.  Generating test data for branch coverage , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[4]  Sandro Morasca,et al.  Generating test cases for real-time systems from logic specifications , 1995, TOCS.

[5]  Rachel Cardell-Oliver,et al.  A Practical and Complete Algorithm for Testing Real-Time Systems , 1998, FTRTFT.

[6]  Nashat Mansour,et al.  Data Generation for Path Testing , 2004, Software Quality Journal.

[7]  Henry Muccini,et al.  Using software architecture for code testing , 2004, IEEE Transactions on Software Engineering.

[8]  Kuo-Chung Tai,et al.  Design of a toolset for dynamic analysis of concurrent Java programs , 1998, Proceedings. 6th International Workshop on Program Comprehension. IWPC'98 (Cat. No.98TB100242).

[9]  Richard H. Carver,et al.  Use of sequencing constraints for specification-based testing of concurrent programs , 1998 .

[10]  A. Jefferson Offutt,et al.  Increased software reliability through input validation analysis and testing , 1999, Proceedings 10th International Symposium on Software Reliability Engineering (Cat. No.PR00443).

[11]  Richard N. Taylor,et al.  Structural Testing of Concurrent Programs , 1992, IEEE Trans. Software Eng..

[12]  Daniel Hoffman,et al.  Tools and techniques for Java API testing , 2000, Proceedings 2000 Australian Software Engineering Conference.

[13]  Alexander L. Wolf,et al.  A conceptual basis for feature engineering , 1999, J. Syst. Softw..