Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit State Model Checking

Tip, Frank; Ernst, Michael D.; Dig, Danny; Dolby, Julian; Kiezun, Adam; Artzi, Shay; Paradkar, Amit

Author(s)

Tip, Frank; Ernst, Michael D.; Dig, Danny; Dolby, Julian; Kiezun, Adam; ... Show more

DownloadMIT-CSAIL-TR-2009-010.pdf (921.2Kb)

Additional downloads

MIT-CSAIL-TR-2009-010.ps (3.324Mb)

Other Contributors

Program Analysis

Advisor

Michael Ernst

Metadata

Show full item record

Abstract

Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact the usability of web applications. Current tools for web-page validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests, so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 302 faults in 6 PHP web applications.

Date issued

2009-03-26

URI

http://hdl.handle.net/1721.1/44956

Series/Report no.

MIT-CSAIL-TR-2009-010

Keywords

Software Testing, PHP, Dynamic Analysis

Collections

CSAIL Technical Reports (July 1, 2003 - present)