Presentation failures in web applications can negatively impact users' perception of the application's quality and its usability. Such failures are challenging to diagnose and correct since the user interfaces of modern web applications are defined by a complex interaction between HTML tags and their visual properties defined by CSS and HTML attributes. In this paper, we introduce a novel approach for automatically identifying the root cause of presentation failures in web applications that uses image processing and search based techniques. In an experiment conducted for assessing the accuracy of our approach, we found that it was able to identify the correct root cause with 100% accuracy.
{"title":"Root cause analysis for HTML presentation failures using search-based techniques","authors":"Sonal Mahajan, Bailan Li, William G. J. Halfond","doi":"10.1145/2593833.2593836","DOIUrl":"https://doi.org/10.1145/2593833.2593836","url":null,"abstract":"Presentation failures in web applications can negatively impact users' perception of the application's quality and its usability. Such failures are challenging to diagnose and correct since the user interfaces of modern web applications are defined by a complex interaction between HTML tags and their visual properties defined by CSS and HTML attributes. In this paper, we introduce a novel approach for automatically identifying the root cause of presentation failures in web applications that uses image processing and search based techniques. In an experiment conducted for assessing the accuracy of our approach, we found that it was able to identify the correct root cause with 100% accuracy.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"553 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113994380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SQL injections are still the most exploited web application vulnerabilities. We present a technique to automatically detect such vulnerabilities through targeted test generation. Our approach uses search-based testing to systematically evolve inputs to maximize their potential to expose vulnerabilities. Starting from an entry URL, our BIOFUZZ prototype systematically crawls a web application and generates inputs whose effects on the SQL interaction are assessed at the interface between Web server and database. By evolving those inputs whose resulting SQL interactions show best potential, BIOFUZZ exposes vulnerabilities on real-world Web applications within minutes. As a black-box approach, BIOFUZZ requires neither analysis nor instrumentation of server code; however, it even outperforms state-of-the-art white-box vulnerability scanners.
{"title":"Search-based security testing of web applications","authors":"Julian Thomé, Alessandra Gorla, A. Zeller","doi":"10.1145/2593833.2593835","DOIUrl":"https://doi.org/10.1145/2593833.2593835","url":null,"abstract":"SQL injections are still the most exploited web application vulnerabilities. We present a technique to automatically detect such vulnerabilities through targeted test generation. Our approach uses search-based testing to systematically evolve inputs to maximize their potential to expose vulnerabilities. Starting from an entry URL, our BIOFUZZ prototype systematically crawls a web application and generates inputs whose effects on the SQL interaction are assessed at the interface between Web server and database. By evolving those inputs whose resulting SQL interactions show best potential, BIOFUZZ exposes vulnerabilities on real-world Web applications within minutes. As a black-box approach, BIOFUZZ requires neither analysis nor instrumentation of server code; however, it even outperforms state-of-the-art white-box vulnerability scanners.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131890561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Complex software systems frequently come in many layers, each realized in a different programming language. This is a challenge for test generation, as the semantics of each layer have to be determined and integrated. An automatic test generator for Java, for instance, is typically unable to deal with the internals of lower level code (such as C-code), which results in lower coverage and fewer test cases of interest. In this paper, we sketch a novel approach to help search-based test generators for Java to achieve better coverage of underlying native code layers. The key idea is to apply test generation to the native layer first, and then to use the inputs to the native test cases as targets for search-based testing of the higher Java layers. We demonstrate our approach on a case study combining KLEE and EVOSUITE.
{"title":"Test generation across multiple layers","authors":"M. Höschele, Juan P. Galeotti, A. Zeller","doi":"10.1145/2593833.2593834","DOIUrl":"https://doi.org/10.1145/2593833.2593834","url":null,"abstract":"Complex software systems frequently come in many layers, each realized in a different programming language. This is a challenge for test generation, as the semantics of each layer have to be determined and integrated. An automatic test generator for Java, for instance, is typically unable to deal with the internals of lower level code (such as C-code), which results in lower coverage and fewer test cases of interest. In this paper, we sketch a novel approach to help search-based test generators for Java to achieve better coverage of underlying native code layers. The key idea is to apply test generation to the native layer first, and then to use the inputs to the native test cases as targets for search-based testing of the higher Java layers. We demonstrate our approach on a case study combining KLEE and EVOSUITE.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128198042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Model-Based Testing, the task of generating test inputs and oracles from a test model, has been successfully applied in the context of safety-critical real time systems. As these systems grow in complexity, test-models, designed to reflect the systems behaviour, will grow too. Currently testers face situations where test-models are too complex for present test generators. � In this paper, we outline a software tool for the evaluation of the scalability of a combination of approaches for model-based test generation. We chose Networks of Timed Automata (NTA) as the modeling formalism because real-time properties can be specified and the semantics are well-defined. However, the tool input is given as a restricted UML statechart which is internally transformed. We expect this to increase industrial acceptance. The tool will provide the selection, parametrization and generation of a metaheuristic algorithm. The aim is to support test model specific generation algorithms. A simulator for NTAs will enable the metaheuristic to search for test goals in the model. For better performance, it will have an advanced parallelisation. Furthermore, input models will be used for search space reduction for even faster test case generation. The proposed approach allows the inclusion of an oracle generator that is able to provide expected outputs; this enables conformance checking between test models and systems under test. � We plan to implement the outlined tool to enable test case generation even for models that are beyond the scope of currently available generators.
{"title":"Model based test case generation with metaheuristics for networks of timed automata","authors":"Joachim Hänsel","doi":"10.1145/2593833.2593840","DOIUrl":"https://doi.org/10.1145/2593833.2593840","url":null,"abstract":"Model-Based Testing, the task of generating test inputs and oracles from a test model, has been successfully applied in the context of safety-critical real time systems. As these systems grow in complexity, test-models, designed to reflect the systems behaviour, will grow too. Currently testers face situations where test-models are too complex for present test generators. \u0000 In this paper, we outline a software tool for the evaluation of the scalability of a combination of approaches for model-based test generation. We chose Networks of Timed Automata (NTA) as the modeling formalism because real-time properties can be specified and the semantics are well-defined. However, the tool input is given as a restricted UML statechart which is internally transformed. We expect this to increase industrial acceptance. The tool will provide the selection, parametrization and generation of a metaheuristic algorithm. The aim is to support test model specific generation algorithms. A simulator for NTAs will enable the metaheuristic to search for test goals in the model. For better performance, it will have an advanced parallelisation. Furthermore, input models will be used for search space reduction for even faster test case generation. The proposed approach allows the inclusion of an oracle generator that is able to provide expected outputs; this enables conformance checking between test models and systems under test. \u0000 We plan to implement the outlined tool to enable test case generation even for models that are beyond the scope of currently available generators.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":" 13","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120830132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The effective allocation of the resources is crucial and essential in the testing phase of the software development life cycle so that the weak areas in the software can be verified and validated efficiently. The prediction of fault prone classes in the early phases of software development can help software developers to focus the limited available resources on those portions of software, which are more prone to fault. Recently, the search based techniques have been successfully applied in the software engineering domain. In this study, we analyze the position of search based techniques for use in software fault prediction by collecting relevant studies from the literature which were conducted during the period January 1991 to October 2013. We further summarize current trends by assessing the performance capability of the search based techniques in the existing research and suggest future directions.
{"title":"Search based techniques for software fault prediction: current trends and future directions","authors":"R. Malhotra","doi":"10.1145/2593833.2593842","DOIUrl":"https://doi.org/10.1145/2593833.2593842","url":null,"abstract":"The effective allocation of the resources is crucial and essential in the testing phase of the software development life cycle so that the weak areas in the software can be verified and validated efficiently. The prediction of fault prone classes in the early phases of software development can help software developers to focus the limited available resources on those portions of software, which are more prone to fault. Recently, the search based techniques have been successfully applied in the software engineering domain. In this study, we analyze the position of search based techniques for use in software fault prediction by collecting relevant studies from the literature which were conducted during the period January 1991 to October 2013. We further summarize current trends by assessing the performance capability of the search based techniques in the existing research and suggest future directions.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131598236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Gregory Gay, Matthew Staats, M. Whalen, M. Heimdahl
Structural coverage criteria have been proposed to measure the adequacy of testing efforts. Indeed, in some domains—e.g., critical systems areas—structural coverage criteria must be satisfied to achieve certification. The advent of powerful search-based test generation tools has given us the ability to generate test inputs to satisfy these structural coverage criteria. While tempting, recent empirical evidence indicates these tools should be used with caution, as merely achieving high structural coverage is not necessarily indicative of high fault detection ability. In this report, we review some of these findings, and offer recommendations on how the strengths of search-based test generation methods can alleviate these issues.
{"title":"Moving the goalposts: coverage satisfaction is not enough","authors":"Gregory Gay, Matthew Staats, M. Whalen, M. Heimdahl","doi":"10.1145/2593833.2593837","DOIUrl":"https://doi.org/10.1145/2593833.2593837","url":null,"abstract":"Structural coverage criteria have been proposed to measure the adequacy of testing efforts. Indeed, in some domains—e.g., critical systems areas—structural coverage criteria must be satisfied to achieve certification. The advent of powerful search-based test generation tools has given us the ability to generate test inputs to satisfy these structural coverage criteria. While tempting, recent empirical evidence indicates these tools should be used with caution, as merely achieving high structural coverage is not necessarily indicative of high fault detection ability. In this report, we review some of these findings, and offer recommendations on how the strengths of search-based test generation methods can alleviate these issues.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132056818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Combinatorial testing (CT) is a branch of software testing, which aims to detect the interaction triggered failures as much as possible. Search based combinatorial testing is to use the search techniques to solve the problem in combinatorial testing. It has been shown to be effective and promising. In this paper, we aim to provide an overview of search based combinatorial testing, especially focusing on test suite generation without constraint, and discuss the potential future directions in this field.
{"title":"An overview of search based combinatorial testing","authors":"Huayao Wu, Changhai Nie","doi":"10.1145/2593833.2593839","DOIUrl":"https://doi.org/10.1145/2593833.2593839","url":null,"abstract":"Combinatorial testing (CT) is a branch of software testing, which aims to detect the interaction triggered failures as much as possible. Search based combinatorial testing is to use the search techniques to solve the problem in combinatorial testing. It has been shown to be effective and promising. In this paper, we aim to provide an overview of search based combinatorial testing, especially focusing on test suite generation without constraint, and discuss the potential future directions in this field.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133729614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jeya Mala Dharmalingam, K. S. Nathan, S. Balamurugan
The testing process of industrial strength applications usually takes more time to ensure that all the components are rigorously tested to have failure-free operation upon delivery. This research work proposed a hybrid optimization approach that combines the population based multi-objective optimization approach namely Memetic Algorithm with Cuckoo Search (MA-CK) to generate optimal number of test cases that achieves the specified test adequacy criteria based on mutation score and branch coverage. Further, GA, HGA and MA based heuristic algorithms are empirically evaluated and it has been shown that the proposed MA with cuckoo search based optimization algorithm provides an optimal solution.
{"title":"A hybrid test optimization framework using memetic algorithm with cuckoo flocking based search approach","authors":"Jeya Mala Dharmalingam, K. S. Nathan, S. Balamurugan","doi":"10.1145/2593833.2593843","DOIUrl":"https://doi.org/10.1145/2593833.2593843","url":null,"abstract":"The testing process of industrial strength applications usually takes more time to ensure that all the components are rigorously tested to have failure-free operation upon delivery. This research work proposed a hybrid optimization approach that combines the population based multi-objective optimization approach namely Memetic Algorithm with Cuckoo Search (MA-CK) to generate optimal number of test cases that achieves the specified test adequacy criteria based on mutation score and branch coverage. Further, GA, HGA and MA based heuristic algorithms are empirically evaluated and it has been shown that the proposed MA with cuckoo search based optimization algorithm provides an optimal solution.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116316045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
N. Tillmann, J. Bishop, N. Horspool, Daniel Perelman, Tao Xie
Learning to code can be made more effective and sustainable if it is perceived as fun by the learner. Code Hunt uses puzzles that players have to explore by means of clues presented as test cases. Players iteratively modify their code to match the functional behavior of secret solutions. This way of learning to code is very different to learning from a specification. It is essentially re-engineering from test cases. Code Hunt is based on the test/clue generation of Pex, a white-box test generation tool that uses dynamic symbolic execution. Pex performs a guided search to determine feasible execution paths. Conceptually, solving a puzzle is the manual process of conducting search-based test generation: the “test data” to be generated by the player is the player’s code, and the “fitness values” that reflect the closeness of the player’s code to the secret code are the clues (i.e., Pex-generated test cases). This paper is the first one to describe Code Hunt and its extensions over its precursor Pex4Fun. Code Hunt represents a high-impact educational gaming platform that not only internally leverages fitness values to guide test/clue generation but also externally offers fun user experiences where search-based test generation is manually emulated. Because the amount of data is growing all the time, the entire system runs in the cloud on Windows Azure.
{"title":"Code hunt: searching for secret code for fun","authors":"N. Tillmann, J. Bishop, N. Horspool, Daniel Perelman, Tao Xie","doi":"10.1145/2593833.2593838","DOIUrl":"https://doi.org/10.1145/2593833.2593838","url":null,"abstract":"Learning to code can be made more effective and sustainable if it is perceived as fun by the learner. Code Hunt uses puzzles that players have to explore by means of clues presented as test cases. Players iteratively modify their code to match the functional behavior of secret solutions. This way of learning to code is very different to learning from a specification. It is essentially re-engineering from test cases. Code Hunt is based on the test/clue generation of Pex, a white-box test generation tool that uses dynamic symbolic execution. Pex performs a guided search to determine feasible execution paths. Conceptually, solving a puzzle is the manual process of conducting search-based test generation: the “test data” to be generated by the player is the player’s code, and the “fitness values” that reflect the closeness of the player’s code to the secret code are the clues (i.e., Pex-generated test cases). This paper is the first one to describe Code Hunt and its extensions over its precursor Pex4Fun. Code Hunt represents a high-impact educational gaming platform that not only internally leverages fitness values to guide test/clue generation but also externally offers fun user experiences where search-based test generation is manually emulated. Because the amount of data is growing all the time, the entire system runs in the cloud on Windows Azure.","PeriodicalId":424286,"journal":{"name":"International Workshop on Search-Based Software Testing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130217229","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: