Testing concurrent user behavior of synchronous web applications with Petri nets

Web applications are now used in every aspect of our lives to manage work, provide products and services, read email, and provide entertainment. The software technologies used to build web applications provide features that help designers provide flexible functionality, but that are challenging to model and test. In particular, the network-based request-response model of programming means that web applications are inherently “stateless” and implicitly concurrent. They are stateless because a new network connection is made for each request (for example, when a user clicks a submit button). Thus, the server does not, by default, recognize multiple requests from the same user. Web applications are also concurrent because multiple users can use the same web application at the same time, creating contention for the same resources. Unfortunately, most web application testing does not adequately evaluate these aspects of web applications, leaving many software faults in deployed web applications. Part of this problem is because most traditional software modeling tools (such as UML) do not have built-in support for the stateless and concurrent aspects of web applications. This research project uses a novel model that is based on Petri nets to describe certain aspects of the behavior of web applications. This paper makes several contributions. We present a novel technique to design tests from this model that explicitly tests concurrency in web applications. We present novel coverage criteria that are defined on the Petri net model. We present results from an empirical study of 18 web applications with 343 components and 30,186 lines of code, followed by a case study on a large industrial web application. The tests found significantly more faults than traditional requirements-based tests, with fewer tests.

[1]  A. Jefferson Offutt,et al.  Generating Tests from UML Specifications , 1999, UML.

[2]  Dan Boneh,et al.  An Analysis of Private Browsing Modes in Modern Browsers , 2010, USENIX Security Symposium.

[3]  A. Jefferson Offutt,et al.  Coverage criteria for logical expressions , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..

[4]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[5]  Sami Asiri,et al.  Open Source Software , 2012 .

[6]  Esther Guerra,et al.  A Transformation-Driven Approach to the Verification of Security Policies in Web Designs , 2007, ICWE.

[7]  Luca Bernardinello,et al.  A survey of basic net models and modular net classes , 1992, Advances in Petri Nets: The DEMON Project.

[8]  Larry Brown,et al.  Core Servlets and JavaServer Pages (JSP) , 2003 .

[9]  Laure Petrucci,et al.  The Petri Net Markup Language: Concepts, Technology, and Tools , 2003, ICATPN.

[10]  Jesse James Garrett Ajax: A New Approach to Web Applications , 2007 .

[11]  Philippe Darondeau,et al.  Petri Net Reachability Graphs: Decidability Status of FO Properties , 2011, FSTTCS.

[12]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[13]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[14]  Peng Liu,et al.  Private Browsing Mode Not Really That Private: Dealing with Privacy Breach Caused by Browser Extensions , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[15]  Massimiliano Di Penta,et al.  Considering browser interaction in Web application testing , 2003, Fifth IEEE International Workshop on Web Site Evolution, 2003. Theme: Architecture. Proceedings..

[16]  Russell A Langley,et al.  Practical Statistics Simply Explained , 1971 .

[17]  Kuo-Chung Tai,et al.  An incremental approach to structural testing of concurrent software , 1996, ISSTA '96.

[18]  Didier Buchs,et al.  From formal specifications to ready-to-use software components: the concurrent object oriented Petri net approach , 2001, Proceedings Second International Conference on Application of Concurrency to System Design.

[19]  Susanna Donatelli,et al.  From UML sequence diagrams and statecharts to analysable petri net models , 2002, WOSP '02.

[20]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[21]  James L. Peterson,et al.  Petri Nets , 1977, CSUR.

[22]  A. Cheng,et al.  Model Checking Coloured Petri Nets - Exploiting Strongly Connected Components , 1997 .

[23]  A. Jefferson Offutt,et al.  Test Oracle Strategies for Model-Based Testing , 2017, IEEE Transactions on Software Engineering.

[24]  Wolfgang Reisig,et al.  Place/Transition Systems , 1986, Advances in Petri Nets.

[25]  Peter Van Roy,et al.  Concepts, Techniques, and Models of Computer Programming , 2004 .

[26]  Margus Veanes,et al.  Model-Based Testing of Object-Oriented Reactive Systems with Spec Explorer , 2008, Formal Methods and Testing.

[27]  C. A. Petri Communication with automata , 1966 .

[28]  A. Jefferson Offutt,et al.  Using Petri Nets to Test Concurrent Behavior of Web Applications , 2016, 2016 IEEE Ninth International Conference on Software Testing, Verification and Validation Workshops (ICSTW).

[29]  Wil M. P. van der Aalst,et al.  The Application of Petri Nets to Workflow Management , 1998, J. Circuits Syst. Comput..

[30]  Hong Zhu,et al.  A methodology of testing high-level Petri nets , 2002, Inf. Softw. Technol..

[31]  P. David Stotts,et al.  Model checking cobweb protocols for verification of HTML frames behavior , 2002, WWW '02.

[32]  Rance Cleaveland,et al.  Using formal specifications to support testing , 2009, CSUR.

[33]  P. David Stotts,et al.  Petri-net-based hypertext: document structure with browsing semantics , 1989, TOIS.

[34]  Kurt Jensen,et al.  Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Vol. 2, Analysis Methods , 1992 .

[35]  Lynda L. McGhie,et al.  World Wide Web , 2011, Encyclopedia of Information Assurance.

[36]  Kurt Lautenbach,et al.  Elements of General Net Theory , 1979, Advanced Course: Net Theory and Applications.

[37]  Gregg Rothermel,et al.  Leveraging user-session data to support Web application testing , 2005, IEEE Transactions on Software Engineering.

[38]  Didier Lime,et al.  Romeo: A Tool for Analyzing Time Petri Nets , 2005, CAV.

[39]  Pierre de Saqui-Sannes,et al.  Testing Real-Time Systems Using TINA , 2009, TestCom/FATES.

[40]  María Rosa Martos Salgado Towards verifying Petri Nets: a model cheking approach , 2010 .

[41]  Wlodzimierz M. Zuberek,et al.  Timed Petri nets definitions, properties, and applications , 1991 .

[42]  Liviu Grigore,et al.  Enforcing safety properties in web applications using petri nets , 2008, ICSE 2008.

[43]  William Pugh,et al.  Unit testing concurrent software , 2007, ASE.

[44]  Francesca Saglietti,et al.  Test Coverage Criteria for Autonomous Mobile Systems based on Coloured Petri Nets , 2012 .

[45]  Gordon Fraser,et al.  Testing with model checkers: a survey , 2009 .

[46]  A. Jefferson Offutt,et al.  Testing Web applications by modeling with FSMs , 2005, Software & Systems Modeling.

[47]  Bruno Legeard,et al.  A taxonomy of model‐based testing approaches , 2012, Softw. Test. Verification Reliab..

[48]  David Holmes,et al.  Java Concurrency in Practice , 2006 .

[49]  Rainer Fehling,et al.  A Concept of Hierarchical Petri Nets with Building Blocks , 1991, Applications and Theory of Petri Nets.

[50]  Boualem Benatallah,et al.  A Petri Net-based Model for Web Service Composition , 2003, ADC.

[51]  A. Jefferson Offutt,et al.  Quality Attributes of Web Software Applications , 2002, IEEE Softw..

[52]  A. Jefferson Offutt,et al.  Modeling presentation layers of web applications for testing , 2009, Software & Systems Modeling.

[53]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[54]  Michael Benedikt,et al.  VeriWeb: Automatically Testing Dynamic Web Sites , 2002 .