Prioritising Server Bugs via Inter-process Concolic Testing

Existing approaches to automated white-box testing usually consider the client side and the server side of a web application in isolation from each other. Such testers thus lack a whole-program perspective on the web application under test. However, such a perspective may provide multiple benefits. For one, it would allow the tester to automatically discover which server side errors can actually be triggered by an end-user accessing the application via the client interface, and which can only be triggered in hypothetical scenarios. This allows for a classification between high-priority errors, which are reachable by exercising a particular client, and low-priority errors, which are not accessible via the tested client or which are only hypothetical. This classification would allow developers to prioritise correcting those errors that might be encountered by users and postpone correcting other errors that are less easily reachable. Another benefit to this holistic application perspective is that it allows the automated tester to construct practical, step-by-step scenarios for triggering server side errors from the end-users' perspective. We therefore propose an inter-process testing approach to automated white-box testing of web applications, in contrast to the existing intra-process approaches. In this new approach, the tester observes the execution of the client as well as the server process and tracks the application's input across their boundaries. This enables the tester to observe how automatically-generated user input shapes the client's interactions with the server, and how it affects the behaviour of the server itself. We explore the idea of inter-process testing via StackFul, a novel concolic tester which operates on full-stack JavaScript web applications, where both the client side and the server side are JavaScript processes that communicate via asynchronous messages -- as enabled by e.g., the WebSocket or this http URL-libraries. We find that StackFul correctly classifies the majority of server errors. We therefore deem this novel inter-process approach worth investigating further.

[1]  Xiaoyan Zhu,et al.  Does bug prediction support human developers? Findings from a Google case study , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[2]  Tiziana Margaria,et al.  Tools and algorithms for the construction and analysis of systems: a special issue for TACAS 2017 , 2001, International Journal on Software Tools for Technology Transfer.

[3]  J. Paul Myers,et al.  The Path Prefix Software Testing Strategy , 1987, IEEE Transactions on Software Engineering.

[4]  Hongseok Yang,et al.  Automated concolic testing of smartphone apps , 2012, SIGSOFT FSE.

[5]  Roberto Baldoni,et al.  A Survey of Symbolic Execution Techniques , 2016, ACM Comput. Surv..

[6]  George Candea,et al.  The S2E Platform: Design, Implementation, and Applications , 2012, TOCS.

[7]  Julian Dolby,et al.  Symbolic Execution for JavaScript , 2018, PPDP.

[8]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[9]  Coen De Roover,et al.  Orchestrating dynamic analyses of distributed processes for full-stack JavaScript programs , 2018, GPCE.

[10]  Coen De Roover,et al.  Prioritising Server Side Reachability via Inter-process Concolic Testing , 2020 .

[11]  Michael Benedikt,et al.  ArtForm: a tool for exploring the codebase of form-based websites , 2017, ISSTA.

[12]  Huan Liu,et al.  CRAXweb: Automatic Web Application Testing and Attack Generation , 2013, 2013 IEEE 7th International Conference on Software Security and Reliability.

[13]  Gul A. Agha,et al.  Targeted test input generation using symbolic-concrete backward execution , 2014, ASE.

[14]  Michael Hicks,et al.  Directed Symbolic Execution , 2011, SAS.

[15]  Coen De Roover,et al.  Detecting function purity in JavaScript , 2015, 2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[16]  Albert Oliveras,et al.  6 Years of SMT-COMP , 2012, Journal of Automated Reasoning.

[17]  Simon Holm Jensen,et al.  Remedying the eval that men do , 2012, ISSTA 2012.

[18]  Ting Chen,et al.  State of the art: Dynamic symbolic execution for automated test generation , 2013, Future Gener. Comput. Syst..

[19]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[20]  Sukyoung Ryu,et al.  Battles with False Positives in Static Analysis of JavaScript Web Applications in the Wild , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering Companion (ICSE-C).

[21]  Davide Sangiorgi,et al.  Session types revisited , 2012, PPDP.

[22]  Koushik Sen,et al.  Jalangi: a selective record-replay and dynamic analysis framework for JavaScript , 2013, ESEC/FSE 2013.

[23]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[24]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[25]  Nikolai Kosmatov,et al.  Test Case Generation with PathCrawler/LTest: How to Automate an Industrial Testing Process , 2018, ISoLA.

[26]  Koushik Sen,et al.  Automated Systematic Testing of Open Distributed Programs , 2006, FASE.

[27]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[28]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[29]  Ciera Jaspan,et al.  Tricorder: Building a Program Analysis Ecosystem , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[30]  Coen De Roover,et al.  Linvail: A General-Purpose Platform for Shadow Execution of JavaScript , 2016, 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[31]  Patrice Godefroid,et al.  IC-Cut: A Compositional Search Strategy for Dynamic Test Generation , 2015, SPIN.

[32]  Matthias Felleisen,et al.  A calculus for assignments in higher-order languages , 1987, POPL '87.

[33]  Shin Hong,et al.  Target-driven compositional concolic testing with function summary refinement for effective bug detection , 2019, ESEC/SIGSOFT FSE.

[34]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[35]  Guodong Li,et al.  SymJS: automatic symbolic testing of JavaScript web applications , 2014, SIGSOFT FSE.