Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit State Model Checking
Author(s)
Tip, Frank; Ernst, Michael D.; Dig, Danny; Dolby, Julian; Kiezun, Adam; Artzi, Shay; Paradkar, Amit; ... Show more Show less
DownloadMIT-CSAIL-TR-2009-010.pdf (921.2Kb)
Additional downloads
Other Contributors
Program Analysis
Advisor
Michael Ernst
Metadata
Show full item recordAbstract
Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact the usability of web applications. Current tools for web-page validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests, so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 302 faults in 6 PHP web applications.
Date issued
2009-03-26Series/Report no.
MIT-CSAIL-TR-2009-010
Keywords
Software Testing, PHP, Dynamic Analysis