Testing Approach for Dynamic Web Applications Based on Automated ...

Testing Approach for Dynamic Web Applications Based on Automated Test Strategies Chittineni Aruna1 and R. Siva Ram Prasad2 1 Acharya Nagarjuna University and Dept. of CSE, KKR & KSR Institute of Technology and Sciences, Guntur Dist, Andhra Pradesh, India [email protected]. 2 Dept. of CSE and Head, Dept. of IBS, Acharya Nagarjuna University, Guntur Dist, Andhra Pradesh, India

Abstract. Presently there is a problem with testing of web applications. Fault tolerant is the main aspect for the people with research-orientation. They are searching for better techniques by testing the fault tolerant applications. Previously Different fault localization algorithms such as Ochiai were implemented for automated test strategies. Auto test generation strategy, is a boon to validate different quality applications in time. However, their working scenario was restricted to stand-alone applications only. Later, Auto test generation strategy is combined with source mapping and using an extended domain for conditional and function-call statements to generate automated test suits. Recently an enhanced Ochiai i.e., fault localization algorithms was proposed which has the ability to handle web applications as well, but Ochiai driven oracles offer rigid support by offering static analysis services to only PHP applications. We propose a new approach to extend the Ochiai algorithm with Metamorphic testing strategies to develop an integrated framework that can offer support beyond PHP and such as Java/HTML/JavaScript. Metamorphic testing observes that even if the executions do not result in failures, they still bear useful data. Exploitation higher approaches, we tend to develop unique test-generation strategies that are geared towards manufacturing test suites which have supreme or maximal fault-localization effectiveness in many internet technologies and a sensible implementation validates our claim Keywords: Dynamic Metamorphic Testing.

1

Testing,

Metamorphic

Relations,

Test

cases,

Introduction

Testing is an objective and independent view of the software, allow the business for understanding the risks of that software implementation [1]. Testing strategies include process of executing an application with finding software bugs. Testing is the process of verifying a computer program or application to meet the requirements for its designing and development. It can be implemented with same characteristics [2, 3] for satisfying customer requirements. Testing can be implemented at any time in the S.C. Satapathy et al. (eds.), ICT and Critical Infrastructure: Proceedings of the 48th Annual Convention of CSI - Volume II, Advances in Intelligent Systems and Computing 249, DOI: 10.1007/978-3-319-03095-1_43, © Springer International Publishing Switzerland 2014

399

400

C. Aruna and R. Siva Ram Prasad

software development process. Traditionally most of the test strategies effort occurs after the requirements have been defined and the coding process has been completed. Web applications are developed with the combination of several programming languages, such as JavaScript and PHP with embedded SQL commands. Java Script is used for describing client side applications and PHP is used for server applications [4, 5]. After development, an application, gives required output in the form of dynamically html pages, which require additional scripts to be executed. If applicants makes mistakes and introduce bugs, it results crashes in dynamically generated HTML pages [4]. The output of a Web application can be displayed in a browser [5]. The goal of testing is to find the bugs that are the reason for web application crashes as in HTML. The causes of some faults may terminate the application, when a Web application calls an undefined function. The HTML output presents an error message and the application execution is halted. For this different fault localization techniques are needed.

Fig. 1. Testing Architecture in Databases

Above diagram shows data administration testing with server side web applications. By physical exertion the management flows within every execution, faults that are discovered throughout the execution are recorded. Until to attaining ample coverage of the statements within the application, the method is recurrent. However when a test fails, developers need to find the location of the fault in the source code before they can fix the problem. In recent years, a number of automated techniques have been proposed to assist programmers with this task, which is usually called fault localization. Many fault-localization techniques attempt to predict the location of a fault by applying statistical analyses to data obtained from the execution of multiple tests. The effectiveness of existing fault-localization technique can be measured by determining how many statements need to be inspected, on average, until the fault is found. In later techniques, test cases are produced by combining

Testing Approach for Dynamic Web Applications Based on Automated Test Strategies

401

concrete and symbolic execution to generate passing and failing runs instead of assuming the existence of a test suite with passing and failing test cases. However, existing approaches are mainly offering their support to only PHP applications. More recently, a metamorphic testing method was proposed by Chen et al. [19,20]. It has been proposed as a property-based test case selection strategy. It is based on the intuition that even if no failure is revealed by a test case selected according to some strategies, it still has useful information. Thus, follow-up test cases should be further constructed from the original test cases with reference to some necessary conditions of the problem to be implemented. Such necessary properties guiding the construction of follow-up test cases are known as metamorphic relations. This paper proposes a novel approach which is based on metamorphic testing along with ochiai algorithm. Proposed system produces an integrated framework that offers rigid support beyond PHP such as java, HTML, JSP, JavaScript.

2

Related Work

We review related work that uses machine learning approaches as pseudo-oracles, as well as related work on metamorphic testing and other approaches to alleviating the test oracle problem [21]. Different tools with automated test suite generation techniques are studied. Kie˙zun et al .present a dynamic tool, Ardilla [6], to create SQL and XSS attacks. Their tool uses dynamic tainting, concolic execution, and attack-candidate generation and validation. Their tool reports only real faults. However, Kie˙zun et al. focuses on finding security faults. Mean while this paper concentrate on functional correctness. McAllister et al. [7] also tackles the problem of testing interactive web application. Mainly their approach attempts to follow user interactions. However, their approach to handling persistent state relies on instrumenting one particular web application framework. Wassermann et al. [8] present a concolic testing tool for PHP. The goal of their work is to automatically identify security vulnerabilities caused by injecting malicious strings. Their tool uses a framework of finite state transducers and a specialized constraint solver. Halfond and Orso [9] use static analysis of the server-side implementation logic to extract a web application’s interface, which means the set of input parameters and their potential values. However, they implemented their technique for JavaScript. Park et al. [10] recently described an approach for fault localization in concurrent Java programs in which occurrences of non-serializable access patterns are correlated with failures using the Jaccard formula. Jiang et al. [11] study the impact of test-suite reduction strategies on faultlocalization effectiveness. Baudry et al. [12] study how the fault localization effectiveness of a test suite can be improved by adding tests. They propose the notion of a dynamic basic block, which is a set of statements that is covered by the same tests. In addition, a related testing criterion that aims to maximize the number of dynamic basic blocks.

402


Yu et al. [13] also study the impact of several test-suite reduction strategies on fault localization. They conclude that statement-based reduction approaches negatively affect fault localization effectiveness, nevertheless that vector-based reduction approaches, which aim to preserve the set of statement vectors exercised by a test suite, have negligible effects on effectiveness.

3

Existing Approach

In an auto test generation strategy, the approach is quite a boon to validate quality applications in time. However, their working scenario was restricted to stand-alone applications only. Later, Auto test generation strategy is combined with source mapping and using an extended domain for conditional and function-call statements to generate automated test suits. Recently an enhanced Ochiai i.e., fault localization algorithms was proposed which has the ability to handle web applications as well, but Ochiai driven oracles offer rigid support by offering static analysis services to only PHP applications. Working procedure of the ochiai algorithm is shown in figure-2.

1: Invoke to system. 2: Consider all the statements in PHP for test generation. 3: Generate similarity functions for each statement with Suspicious Rating Scom= Smap=1>Salg>0.5. Smap=Source Mapping with each Statement (Scom) 4: Calculate Similarity Coefficient for each statement using Suspicious faults in each statement (Scom). 5: Each Suspicious fault was calculate rating incremented in every statement as follows for(int Sr;Scom>1;Sr++) Sr = Suspicious Rate 6: The algorithm predicts the location of fault by computing each statement. 7: Perform numerous experiments with different systems by repeat Steps 3&4 for each system. 8: Obtain Numerical results. Fig. 2. Ochiai Implementation Procedure for test generation in Fault localization applications

Different existing techniques are implemented SHADOW interpreter version for generating efficient results. These techniques simultaneously perform concrete program execution using concrete values and symbolic execution process with associated variables. They implemented the following fault localization techniques as extensions for shadow interpreter. Statement Coverage: All fault localization techniques use the percentage of falling and passing tests executing a given statement to calculate the statements suspiciousness.


403

Source Mapping: Creating the mapping by recording the line number of the originating PHP statement. The figure-3 shows the performance of existing techniques, based upon the faults results obtained. Kindly, when observation done on each system • • •

SM (Source Mapping) results with low suspicious rating (nearly it lies between 10 to 30 percentage out of 70), Ochiai performs medium faults generation compared to source mapping. Apply source mapping with Ochiai, will generate efficient generation of faults (it is equivalent to maximum efficiency).

Fig. 3. Effectiveness comparison of different fault-localization techniques

Evaluation on some open source applications validates the rise in generation of test cases from 6.5 compared to 46.8, which is a significant increase. In that cases Ochiai algorithm does not support due to insufficient Suspicious Rating of Similarity Coefficient, Due to these considerations a novel frame work is proposed for doing excellent test efficiency. This paper likes to enhance any of the fault localization algorithms like Tarantulas[14], Ochiai [15,17], and Jaccard[16] which may has the ability to handle web applications. Using above approaches i.e., Ochiai, we develop a novel testgeneration strategies which are geared toward producing test suits that have maximal fault-localization effectiveness. By exertion the control flows within every execution, faults are determined and recorded. Until the comfortable coverage of the statements within the application attained, the method is continual.

4

Proposed Approach

Currently the variant Ochiai driven oracles offers rigid support by offering static analysis services to only PHP applications. This paper proposes to extend the Ochiai

404


algorithm with Metamorphic testing strategies to develop an integrated framework that can offer support beyond PHP such as Java/HTML/JavaScript [4] [5]. Instead of employing any oracles for initiating testing, we propose to implement metamorphic testing. 4.1

Metamorphic Testing

Metamorphic testing is a technique for the verification of software output without a complete testing. Procedure for proposed technique is presented in figure-4. Metamorphic testing observes that although the executions do not end in failures, they still bear helpful information. It has been proposed as a property-based test case selection strategy. It is based on the intuition that even if no failure is revealed by a test case selected according to some strategies, it still has useful information. Followup test cases ought to be created from the original set of test cases with relation to designated necessary properties of the desired functions. Such necessary properties of the functions are known as metamorphic relations. The subject program is verified through metamorphic relations (MR). Metamorphic set contains the program logics, which is the implementation of metamorphic relations, to compute follow-up test cases based on an incoming (or outgoing) message, and evaluates test results consistent with the enforced metamorphic relations. In metamorphic testing, the properties are not limited to identity relations. It has been applied, for instance, to verify the convergence of solutions of partial differential equations with respect to the refinement of grid points [21]. When compared with data diversity, a further difference is that other test cases used in data diversity are basically expressed forms of the original test cases. This constraint is necessary because the technique is applied in fault tolerance, with the objective of applying alternate ways to process the original test case but using the same program. In metamorphic testing, although other test cases are also derived from the original test cases, they are not limited by this constraint. 4.2

Metamorphic Relations

In this section, the MRs is outlined with a tendency to anticipate classification algorithms to exhibit, and outline them additionally formal as follows. MR-0: Consistence with Affine Transformation. The result should be the same if we apply the same arbitrary affine transformation function, f(x) = kx + b, (kx= 0) to every value x to any subset of features in the training data set S and the test case ts. MR-1.1: Permutation of Sophisticated Class Labels. Assume that we have a classlabel permutation function Perm () to perform one-to-one mapping between a class label within the set of labels L to different label in L. If the source case result is li, apply the permutation function to the set of corresponding class labels C for the follow-up case, the results of the follow-up case ought to be Perm (li).


405

MR-1.2: Permutation of the Attribute. If we have a tendency to permute the m attributes of all the samples and therefore the test data, the result ought to stay unchanged. MR-2.1: Addition of Uninformative Attributes. An uninformative attribute is one that is equally related to every class label. For the source input, suppose we tend to get the result ct = li for the test case ts. In the follow-up input, we tend to add an uninformative attribute to S and respectively a replacement attribute in st. The selection of the actual value to be added here is not necessary as this attribute is equally related with the class labels. The output of the follow-up test suits should still be li. MR-2.2: Addition of Informative Attributes. For the source input, suppose we get the result ct = li for the test case ts. In the follow-up input, we tend to add an informative attribute to S and ts specify that attribute is powerfully related to class li and equally related with all different classes. The output of the follow-up test case ought to still be li. These metamorphic relations are integrated with Ochiai algorithm to propose the best suited fault tolerant technique for web applications. Following is the procedure for proposed approach. 1: Consider a program under test P; collect the set of programs descriptions Dp that represents the programs interacting with P. 2: Design a metamorphic relations MRi applicable to test P. 3: Implement MRi in the metamorphic set MS of the P. 4: Repeat Steps -2 to Step-3, until no more metamorphic relation is needed for testing. 5: For each available successful test case to, do i. MS uses applicable MRi to construct the following-up test case tf of to. ii. MS invokes P to execute tf. iii. MS obtains the final results tf iv. If MS detect a failure by using MRi, then report the failure and go to Step (step-7). v. Repeat Steps-5(i) to step-5(iv), until no more applicable MRi. 6: Report that no failure is found. 7: Exit Fig. 4. Procedure for Proposed approach

In Step-1, collect the program description of the program under test. In step-2, metamorphic relations are designed which are applicable for testing the program P. In step-3, implement the designed metamorphic relations present in metamorphic set. The above two steps i.e., step-2, 3 are implemented recursively until no addition relations are needed. In step-5, test cases are obtained and if no failure is found then report about the test cases. If failure found then exit, and re-apply the metamorphic relations.

406


It is unlikely for a single MR to detect all possible faults. Therefore, four MRs that are quite different from one another with a view to detecting various faults were used here that are discussed in section-4.2 Finding smart and sensible MRs requires knowledge of the problem domain, understanding of user requirements or necessities, in addition some creative thinking [3]. These MRs are identified according to equivalence and inequality relations among regular expressions. So this kind of testing facilitates in an automated addressing of all possible forms of failures in most web technologies. This paper work differs from most previous research on fault localization in that it does not assume the existence of a test suite with passing and failing test cases. Previous work focused exclusively on finding failures by identifying inputs that cause an application to crash or produce malformed HTML. This paper addresses the problem of determining where in the source code changes neeto be made in order to fix the detected failures. Program dicing was introduced, a method for combining the information of different program slices. The idea behind the scheme is once a program computes an accurate value for variable x and an incorrect value for variable y, the fault is probably going to be found in statements that are within the slice w.r.t. y, however not within the slice w.r.t. x. Variations. Use of set-union, set-intersection, and nearest neighbor strategies for fault localization; these all work by scrutiny execution traces of passing and failing program runs.

5

Analysis

According to evaluations of some open source applications, they validates that there is a rise in generation of test cases from 6.5 compared to 46.8, which is a significant increase. Existing techniques i.e., fault localization techniques, doesn’t support due to

Fig. 5. HTML, PHP & JSP Unit test cases generation Using Existing Ochiai


407

insufficient Suspicious Rating of Similarity Co-efficient. In particular, existing techniques are mainly applicable to PHP code. If there is any code related to HTML in PHP applications then additional interpreters are used. Even though, it will generate only limited set of test cases which leads to inefficient testing. The below figure shows the testing efficiency of existing system with respect to no. of statements to examine. In above graph, clearly observe when ever test generation for each statement in HTML, PHP, and JSP examples is not suitable for current fault locations in web applications. In the figure 5, invariant test cases are formed when existing approach Ochiai was considered which was discussed in section-3. In order to overcome the problem of existing system, a novel integrated framework was proposed. Proposed system supports not only PHP but also HTML, Java Scripts, JSP, which generate test cases or test suites efficiently within mean time with respect to no. of statements examined. Metamorphic testing uses metamorphic relation, which generate test cases for different kind of applications. The below figure shows the testing efficiency of existing system with respect to no. of statements to examine.

Fig. 6. HTML, PHP&JSP Unit test cases generation Using Proposed Ochiai with Metamorphic relations

Compared to existing graph results of Ochiai there is a difference in test case generation. In proposed system, for each and every program maximum test cases are drawn from metamorphic relations. So, maximum efficiency is generated for each and every program as shown in figure-6.

408


Implementation and Results

6

Proposed tool is developed with the help of net beans IDE. To develop the tool, Ochiai algorithm is used with metamorphic relations to increase the efficiency of the test cases generation. In this testing process, metamorphic relations are given as input in DLL format for testing each method with equivalent attributes and parameters. Using the proposed system, the test cases are generated effectively for both HTML and PHP applications by giving program as input . 6.1

Dealing With Sample java Program

In this section, testing results for accessing simple java program are described. In this way, the overall processing is calculated for every method present in the java program with compiler execution time. After applying the proposed system to sample java program, the following are some of test cases generated, which are discussed in table 1. Table 1. Test cases

Test Method Invoke Application without libraries Invoke Application with libraries Over all process Testing

Expected Output Application with disabled features Application with complete features Should Generate Varying Test Cases based upon the operations and volume of the Code

Result Pass Pass Pass

These are useful for generating complete description of every method present in simple java program. By using proposed testing methodology present in the testing process, the testing results are calculated for every method and every statement in the program. 6.2

Dealing with HTML and PHP

In priori approaches, Apollo[17,18] was used and shadow Interpreter based on Zend PHP interpreter are implemented that consequently presents concrete testing process with concrete values, and a symbolic testing execution with symbolic values. This paper proposes a new system, for developing the HTML format sequences in the testing methodologies for getting results in the invariant process. When dealing with either HTML or PHP, related code is given as input to proposed system. After giving the input, the efficient test cases generated and obtained from the code. Evaluation of code is done by verifying every method with related attributes and parameters. After evaluation, Test cases are generated.


409

Consider a HTML application code with a function called myfunction() which contains 3 parameters. Operation performed in myfunction() are adding, subtracting and multiplying the 3 parameters. When this application code is given as input to tool, then verification process starts on every method; however, given code contain only single method. Now test cases are generated using metamorphic relations; while generating the test cases all possible conditions are verified i.e., Whether given parameters are integers or characters or alphanumeric, and soon. After generating all test cases to given code, those test cases are used to run application without any fault or improper termination.

7

Conclusion

In recent years, a number of automated techniques have been proposed to assist programmers for finding and fixing the faults in a program, which is usually called fault localization. Existing analyses require and uses fault localization algorithms such as Ochiai. In an auto test generation strategy, this approach is kind of boon to validate quality applications in time. It has a tendency to develop a unique test-generation strategy that is double geared toward manufacturing test suites that have greatest fault-localization effectiveness. This paper proposes to extend the Ochiai algorithm with Metamorphic testing strategies to develop an integrated framework that may offer support beyond PHP such as Java/HTML/JavaScript. Instead of employing any oracles for initiating testing, this paper proposes and implements metamorphic testing. Metamorphic testing is a technique for the verification of software output without a complete testing oracle.

References 1. Hiett, E., Mee, R.: Going Faster: Testing the Web Application. IEEE Software 19(2), 60– 65 (2002) 2. Ye, L.: Model-Based Testing Approach for Web Applications (2007) 3. Di Lucca, G.A., Fasolino, A.R.: Testing Web-based applications: The state of the art and future trends. Information and Software Technology 48, 1172–1186 (2006) 4. Web Application Developer’s Guide, by Borland Software Corporation 5. Artzi, S., Møller, A., Dolby, J., Jensen, S., Tip, F.: A Framework for Automated Testing of Javascript Web Applications. Proceedings in Int’l Conf. Software Engineering (2011) 6. Kieżun, A., Guo, P., Jayaraman, K., Ernst, M.: Automatic creation of SQL injection and cross-site scripting attacks. In: Proceedings of International Conference of Software Engineering (ICSE) (2009) 7. McAllister, S., Kirda, E., Kruegel, C.: Leveraging user interactions for in-depth testing of web applications. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 191–210. Springer, Heidelberg (2008) 8. Wassermann, G., Yu, D., Chander, A., Dhurjati, D., Inamura, H., Su, Z.: Dynamic test input generation for web applications. In: Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2008), pp. 249–260 (2008)

410


9. Halfond, W.G.J., Orso, A.: Improving test case generation for Web applications using automated interface discovery. In: ESEC-FSE (2007) 10. Park, S., Vuduc, R.W., Harrold, M.J.: Falcon: Fault Localization in Concurrent Programs. In: Proc. 32nd ACM/IEEE Int’l Conf. Software Eng., pp. 245–254 (2010) 11. Jiang, B., Zhang, Z., Tse, T., Chen, T.Y.: How Well Do Test Case Prioritization Techniques Support Statistical Fault Localization. In: Proc. 33rd Ann. IEEE Int’l Computer Software and Applications Conf. (July 2009) 12. Baudry, B., Fleurey, F., Le Traon, Y.: Improving Test Suites for Efficient Fault Localization. In: Osterweil, L.J., Rombach, H.D., Soffa, M.L. (eds.) Proc. 28th Int’l Conf. Software Eng., pp. 82–91 (2006) 13. Yu, Y., Jones, J.A., Harrold, M.J.: An Empirical Study of the Effects of Test-Suite Reduction on Fault Localization. In: Proc. Int’l Conf. Software Eng., pp. 201–210 (2008) 14. Jones, J.A., Harrold, M.J., Stasko, J.: Visualization of test information to assist fault localization. In: ICSE, pp. 467–477 (2002) 15. Abreu, R., Zoeteweij, P., van Gemund, A.J.C.: An evaluation of similarity coefficients for software fault localization. In: PRDC 2006, pp. 39–46 (2006) 16. Chen, M.Y., Kiciman, E., Fratkin, E., Fox, A., Brewer, E.: Pinpoint: Problem Determination in Large, Dynamic Internet Services. In: Proc. Int’l Conf. Dependable Systems and Networks, pp. 595–604 (2002) 17. Artzi, S., Kieżun, A., Dolby, J., Tip, F., Dig, D., Paradkar, A., Ernst, M.D.: Finding bugs in dynamic web applications. In: ISSTA, pp. 261–272 (2008) 18. Artzi, S., Kieżun, A., Dolby, J., Tip, F., Dig, D., Paradkar, A., Ernst, M.D.: Finding bugs in web applications using dynamic test generation and explicit state model checking. IEEE Transactions on Software Engineering (2010) 19. Chen, H.Y., Tse, T.H., Chan, F.T., Chen, T.Y.: In black and white: an integrated approach to class-level testing of object oriented programs. ACM Transactions on Software Engineeringand Methodology 7(3), 250–295 (1998) 20. Chen, H.Y., Tse, T.H., Chen, T.Y.: TACCLE: a methodology for object-oriented software testing at the class and cluster levels. ACM Transactions on Software Engineering and Methodology 10(1), 56–109 (2001) 21. Chen, T.Y., Cheung, S.C., Yiu, S.M.: Metamorphic testing: a new approach for generating next test cases. Technical Report HKUST-CS98-01. Department of Computer Science, Hong Kong University of Science and Technology, Hong Kong (1998)