Invariant-Based Automatic Testing of Modern Web Applications

Ajax-based Web 2.0 applications rely on stateful asynchronous client/server communication, and client-side runtime manipulation of the DOM tree. This not only makes them fundamentally different from traditional web applications, but also more error-prone and harder to test. We propose a method for testing Ajax applications automatically, based on a crawler to infer a state-flow graph for all (client-side) user interface states. We identify Ajax-specific faults that can occur in such states (related to, e.g., DOM validity, error messages, discoverability, back-button compatibility) as well as DOM-tree invariants that can serve as oracles to detect such faults. Our approach, called Atusa, is implemented in a tool offering generic invariant checking components, a plugin-mechanism to add application-specific state validators, and generation of a test suite covering the paths obtained during crawling. We describe three case studies, consisting of six subjects, evaluating the type of invariants that can be obtained for Ajax applications as well as the fault revealing capabilities, scalability, required manual effort, and level of automation of our testing approach.

[1]  Liam Peyton,et al.  Framework testing of web applications using TTCN-3 , 2008, International Journal on Software Tools for Technology Transfer.

[2]  Vladimir I. Levenshtein,et al.  Binary codes capable of correcting deletions, insertions, and reversals , 1965 .

[3]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[4]  Christopher Krügel,et al.  SecuBat: a web vulnerability scanner , 2006, WWW '06.

[5]  Paolo Tonella,et al.  A case study-based comparison of web testing techniques applied to AJAX web applications , 2008, International Journal on Software Tools for Technology Transfer.

[6]  A. Jefferson Offutt,et al.  Testing Web applications by modeling with FSMs , 2005, Software & Systems Modeling.

[7]  J. Y. Yen,et al.  Finding the K Shortest Loopless Paths in a Network , 2007 .

[8]  Zhendong Su,et al.  Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[9]  Arie van Deursen,et al.  Automated security testing of web widget interactions , 2009, ESEC/FSE '09.

[10]  Thomas A. Henzinger,et al.  MCWEB: A Model-Checking Tool for Web Site Debugging , 2001, WWW Posters.

[11]  Emily Hill,et al.  Automated replay and failure detection for web applications , 2005, ASE '05.

[12]  Ali Mesbah,et al.  Automated cross-browser compatibility testing , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[13]  Karthik Pattabiraman,et al.  DoDOM: Leveraging DOM Invariants for Web 2.0 Application Robustness Testing , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[14]  Ali Mesbah,et al.  Automatic invariant detection in dynamic web applications , 2010 .

[15]  Gregg Rothermel,et al.  Leveraging user-session data to support Web application testing , 2005, IEEE Transactions on Software Engineering.

[16]  Alessandro Orso,et al.  Automated identification of parameter mismatches in web applications , 2008, SIGSOFT '08/FSE-16.

[17]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[18]  Jesse James Garrett Ajax: A New Approach to Web Applications , 2007 .

[19]  Paolo Tonella,et al.  State-Based Testing of Ajax Web Applications , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[20]  Atif M. Memon,et al.  An event‐flow model of GUI‐based applications for testing , 2007, Softw. Test. Verification Reliab..

[21]  Atif M. Memon An event-flow model of GUI-based applications for testing: Research Articles , 2007 .

[22]  Robert V. Binder,et al.  Testing Object-Oriented Systems: Models, Patterns, and Tools , 1999 .

[23]  Alessandro Orso,et al.  Precise interface identification to improve testing and analysis of web applications , 2009, ISSTA.

[24]  David S. Rosenblum,et al.  A historical perspective on runtime assertion checking in software development , 2006, SOEN.

[25]  Michael Benedikt,et al.  VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .

[26]  Luca de Alfaro,et al.  Model Checking the World Wide Web , 2001, CAV.

[27]  Alessandro Orso,et al.  Improving test case generation for web applications using automated interface discovery , 2007, ESEC-FSE '07.

[28]  Arie van Deursen,et al.  A component- and push-based architectural style for ajax applications , 2008, J. Syst. Softw..

[29]  K. Rustan M. Leino,et al.  Verification of Object-Oriented Programs with Invariants , 2003, J. Object Technol..

[30]  Arie van Deursen,et al.  Regression Testing Ajax Applications: Coping with Dynamism , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[31]  Arie van Deursen,et al.  Invariant-based automatic testing of AJAX user interfaces , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[32]  D. Roest Automated Regression Testing of Ajax Web Applications , 2010 .

[33]  Bertrand Meyer,et al.  Seven Principles of Software Testing , 2008, Computer.

[34]  Elaine J. Weyuker,et al.  On Testing Non-Testable Programs , 1982, Comput. J..

[35]  Arie van Deursen,et al.  Migrating Multi-page Web Applications to Single-page AJAX Interfaces , 2007, 11th European Conference on Software Maintenance and Reengineering (CSMR'07).

[36]  Antonia Bertolino,et al.  Software Testing Research: Achievements, Challenges, Dreams , 2007, Future of Software Engineering (FOSE '07).

[37]  Arie van Deursen,et al.  Crawling AJAX by Inferring User Interface State Changes , 2008, 2008 Eighth International Conference on Web Engineering.

[38]  Frank Tip,et al.  Finding bugs in dynamic web applications , 2008, ISSTA '08.

[39]  Lori L. Pollock,et al.  Automated Oracle Comparators for TestingWeb Applications , 2007, The 18th IEEE International Symposium on Software Reliability (ISSRE '07).

[40]  D. T. Lee,et al.  A testing framework for Web application security assessment , 2005, Comput. Networks.