Advanced Search
DSpace@MIT

Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit State Model Checking

Research and Teaching Output of the MIT Community

Show simple item record

dc.contributor.advisor Michael Ernst
dc.contributor.author Tip, Frank en_US
dc.contributor.author Ernst, Michael D. en_US
dc.contributor.author Dig, Danny en_US
dc.contributor.author Dolby, Julian en_US
dc.contributor.author Kiezun, Adam en_US
dc.contributor.author Artzi, Shay en_US
dc.contributor.author Paradkar, Amit en_US
dc.contributor.other Program Analysis en_US
dc.date.accessioned 2009-03-27T16:00:07Z
dc.date.available 2009-03-27T16:00:07Z
dc.date.issued 2009-03-26
dc.identifier.uri http://hdl.handle.net/1721.1/44956
dc.description.abstract Web script crashes and malformed dynamically-generated web pages are common errors, and they seriously impact the usability of web applications. Current tools for web-page validation cannot handle the dynamically generated pages that are ubiquitous on today's Internet. We present a dynamic test generation technique for the domain of dynamic web applications. The technique utilizes both combined concrete and symbolic execution and explicit-state model checking. The technique generates tests automatically, runs the tests capturing logical constraints on inputs, and minimizes the conditions on the inputs to failing tests, so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for the PHP programming language. Apollo generates test inputs for a web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo's algorithms and implementation, and an experimental evaluation that revealed 302 faults in 6 PHP web applications. en_US
dc.format.extent 17 p. en_US
dc.relation.ispartofseries MIT-CSAIL-TR-2009-010 en_US
dc.subject Software Testing en_US
dc.subject PHP en_US
dc.subject Dynamic Analysis en_US
dc.title Finding Bugs in Web Applications Using Dynamic Test Generation and Explicit State Model Checking en_US


Files in this item

Name Size Format Description
MIT-CSAIL-TR-2009 ... 921.2Kb PDF
MIT-CSAIL-TR-2009 ... 3.324Mb Postscript

This item appears in the following Collection(s)

Show simple item record

MIT-Mirage