Abstract
Web applications are now used in every aspect of our lives to manage work, provide products and services, read email, and provide entertainment. The software technologies used to build web applications provide features that help designers provide flexible functionality, but that are challenging to model and test. In particular, the network-based request-response model of programming means that web applications are inherently “stateless” and implicitly concurrent. They are stateless because a new network connection is made for each request (for example, when a user clicks a submit button). Thus, the server does not, by default, recognize multiple requests from the same user. Web applications are also concurrent because multiple users can use the same web application at the same time, creating contention for the same resources. Unfortunately, most web application testing does not adequately evaluate these aspects of web applications, leaving many software faults in deployed web applications. Part of this problem is because most traditional software modeling tools (such as UML) do not have built-in support for the stateless and concurrent aspects of web applications. This research project uses a novel model that is based on Petri nets to describe certain aspects of the behavior of web applications. This paper makes several contributions. We present a novel technique to design tests from this model that explicitly tests concurrency in web applications. We present novel coverage criteria that are defined on the Petri net model. We present results from an empirical study of 18 web applications with 343 components and 30,186 lines of code, followed by a case study on a large industrial web application. The tests found significantly more faults than traditional requirements-based tests, with fewer tests.
Similar content being viewed by others
Notes
These language features are described in Sect. 2.1.
These four scopes are unique to the J2EE environment, but all web development frameworks have something similar, so these serve as a representative example.
Modeling type 4, asynchronous behavior, is ongoing work for another paper.
The logic requirements could of course have been generated without the Petri net model, but it is simpler to integrate them into the tool.
We did not create RACC tests in this study.
References
comScore.: Cyber Monday jumps 18 percent to $1.735 billion in desktop sales to rank as heaviest U.S. online spending day in history, Online, December 3rd 2013. http://www.comscore.com/Insights/Press-Releases/2013/12/Cyber-Monday-Jumps-18-Percent-to-1735-Billion-in-Desktop-Sales-to-Rank-as-Heaviest-US-Online-Spending-Day-in-History (2013). Accessed Jan 2015
Pollock, R.: Troubled Obamacare website wasn’t tested until a week before launch, Online, October 17th 2013. http://www.washingtonexaminer.com/troubled-obamacare-website-wasnt-tested-until-a-week-before-launch/article/2537381 (2013). Accessed Jan 2015
Epstein, Z.: Pokemon Go fans, we have some bad news about all those annoying bugs, August 2016. http://bgr.com/2016/08/04/pokemon-go-news-update-2016-bugs-glitches/ (2016). Accessed July 2017
Humphery-Jenner, M.: What went wrong with Pokemon Go? Three lessons from its plummeting player numbers, October 2016, https://phys.org/news/2016-10-wrong-pokmon-lessons-plummeting-player.html (2016). Accessed July 2017
Hamill, J., Moorhead, A.: Gamers furious as Pokemon Go RESETS their progress through the game, August 2016. https://www.thesun.co.uk/news/1533456/gamers-furious-as-pokemon-go-resets-their-progress-through-the-game/ (2016). Accessed July 2017
Bugs, glitches, freezes, and fixes, May 2017. http://www.ign.com/wikis/pokemon-go/Bugs,_Glitches,_Freezes,_and_Fixes (2017). Accessed July 2017
Roy, P.V., Haridi, S.: Concepts, Techniques, and Models of Computer Programming. The MIT Press, Cambridge (2004), ISBN: 0262220695
Gupt, S.: Target black Friday cancellation fiasco, Online, December 7th 2010. http://ireport.cnn.com/docs/DOC-526674 (2010). Accessed Jan 2015
Hall, M.: Core Servlets and JavaServer Pages. Prentice Hall, Upper Saddle River (2001), ISBN: 0076092036876
BlaineDonley, Offutt, J.: Web Application Testing Challenges, (2009), Unpublished research. http://www.quaso.com/knowledge-base/Web-Application-Testing-Complexities-v1.1.pdf (2009). Accessed Aug 2015
Thummala, S., Offutt, J.: Using Petri nets to test concurrent behavior of web applications. In: 12th Advances in Model Based Testing (A-MOST) Workshop of the International Conference on Software Testing, Verification and Validation, IEEE, April (2016), pp. 189–198
Garrett, J.J.: Ajax: a new approach to web applications, Online, 2006. http://adaptivepath.org/ideas/ajax-new-approach-web-applications/ (2006). Accessed May 2015
Offutt, J., Wu, Y.: Modeling presentation layers of web applications for testing. Softw. Syst. Modeling 9(2), 257–280 (2010)
Wikipedia.: World wide web. https://en.wikipedia.org/wiki/World_Wide_Web (2004). Accessed 20 Jan 2015
Wikipedia.: Web application. http://en.wikipedia.org/wiki/Web_application (2004). Accessed 20 Jan 2015
Mordani, R.: Java servlet specification 3.0, online, December 2009. http://download.oracle.com/otn-pub/jcp/servlet-3.0-fr-eval-oth-JSpec/servlet-3_0-final-spec.pdf (2009). Accessed June 2015
Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: Proceedings of the 19th USENIX Conference on Security. USENIX Association, pp. 6–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1929820.1929828 (2010)
Wikipedia.: Privacy mode. https://en.wikipedia.org/wiki/Privacy_mode (2016). Accessed Feb 2016
Zhao, B., Liu, P.: “Private browsing mode not really that private: Dealing with privacy breach caused by browser extensions,” In 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).IEEE, (2015), pp. 184–195
Ian Hickson, I.: Google, Web storage W3C recommendation, Online. http://www.w3.org/TR/webstorage/ (2012). Accessed Jan 2015
Zakas, N.C.: Introduction to session storage, Online. http://www.nczonline.net/blog/2009/07/21/introduction-to-sessionstorage/ (2009). Accessed Jan 2015
Göetz, B., Peierls, T., Bloch, J., Bowbeer, J., Holmes, D., Lea, D.: Java Concurrency in Practice. Addison-Wesley, Boston (2006)
Petri, C.A.: Communication with automata, New York: Griffiss Air Force Base. Technical Report RADCTR-65-377, vol. 1, (1966)
Murata, T.: Petri nets: properties, analysis and applications. Proc IEEE 77(4), 541–580 (1989)
Jensen, K.: Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Springer, Berlin, (1997), ISBN: 3642082009
Bernardinello, L., De Cindio, F.: A survey of basic net models and modular net classes. In: Rozenberg G (ed.) Advances in Petri Nets, pp. 304–351. Springer, Berlin (1992)
Genrich, H.J., Lautenbach, K., Thiagarajan, P.: Elements of general net theory. Net Theory and Applications, pp. 21–163. Springer, Berlin (1980)
Reisig, W.: Place/Transition Systems. Petri Nets: Central Models and Their Properties, pp. 117–141. Springer, Berlin (1987)
RTCA-DO-178B, Software considerations in airborne systems and equipment certification, (1992)
Ammann, P., Offutt, J., Huang, H.: Coverage criteria for logical expressions. In: IEEE 14th International Symposium on Software Reliability Engineering, pp. 99–107 (2003)
Ammann, P., Offutt, J.: Introduction to Software Testing, 2nd ed. Cambridge University Press, Cambridge (2017), ISBN 978-1107172012
Veanes, M., Campbell, C., Grieskamp, W., Schulte, W., Tillmann, N., Nachmanson, L.: Model-based testing of object-oriented reactive systems with Spec Explorer. In: Formal Methods and Testing, LNCS 4949, pp. 39–76. Springer, Berlin (2008)
Offutt, J., Abdurazik, A.: Generating tests from UML specifications. In: Proceedings of the Second IEEE International Conference on the Unified Modeling Language (UML99). Springer, Fort Collins. Lecture Notes in Computer Science vol 1723, pp. 416–429 (1999)
Hierons, R.M., Bogdanov, K., Bowen, J., Cleaveland, R., Derrick, J., Dick, J., Gheorghe, M., Harman, M., Kapoor, K., Krause, P., Luettgen, G., Simons, A., Vilkomir, S., Woodward, M., Zedan, H.: Using formal specifications to support testing. ACM Comput Surv 41(2), 9 (2009)
Utting, M., Pretschner, A., Legeard, B.: A taxonomy of model-based testing approaches. Softw Test Verif Reliab 22(5), 297–312 (2012)
Li, N., Offutt, J.: Test oracle strategies for model-based testing. IEEE Trans Softw Eng 43(4), 372–395 (2017)
Fehling, R.: A concept of Hierarchical Petri Nets with Building Blocks. In: Rozenberg G (ed.) Advances in Petri nets, pp. 148–168. Springer, Berlin (1993)
Andrews, A.A., Offutt, J., Alexander, R.T.: Testing web applications by modeling with FSMs. Softw Syst Model 4(3), 326–345 (2005)
Zuberek, W.: Timed Petri nets definitions, properties, and applications. Microelectron Reliab 31(4), 627–644 (1991)
Larsen, G.K., Pettersson, P., Yi, W.: Uppaal in a nutshell. Int J Softw ToolsTechnolTrans 1(1), 134–152 (1997)
Platform independent Petri net Editor 2 (PIPE2): Open source software. http://pipe2.sourceforge.net/index.html 2002. Accessed 20 June 2016
ArgoUML: open source software. http://argouml.tigris.org/ (2002). Accessed 20 June 2016
Larsen, K.G., Pettersson, P., Yi, W.: Model-checking for real-time systems. In: Proceedings of Fundamentals of Computation Theory, ser. Lecture Notes in Computer Science, no. 965, pp. 62–88 (1995)
Wikipedia.: Petri nets. https://en.wikipedia.org/wiki/Petri_net#Restrictions (2003). Accessed 20 June 2016
Fraser, G., Wotawa, F., Ammann, P.E.: Testing with model checkers: a survey. Softw Test Verif Reliab 19(3), 215–261 (2009). https://doi.org/10.1002/stvr.402
Salgado, M.R.M.: Towards verifying petri nets: a model checking approach, Unpublished Master’s research project. http://eprints.sim.ucm.es/11488/1/M._Rosa_Martos-Master_2010.pdf (2009). Accessed June 2016
Cheng, A., Christensen, S., Mortensen, K.H.: Model checking coloured Petri nets-exploiting strongly connected components. In: Proceedings of International Workshop on Discrete Event Systems, pp. 169–177 (1997)
Gardey, G., Lime, D., Magnin, M., Roux, O.H.: Romeo: a tool for analyzing time petri nets. In: 17th International Conference on Computer Aided Verification. Edinburgh, Scotland, UK: Springer, July 2005, pp. 418–423. [Online]. Available: https://doi.org/10.1007/11513988_41
Van Der Aalst, W.: The application of Petri nets to workflow management. J Circuits Syst Comput 8(1), 21–66 (1998)
Bernardi, S., Donatelli, S., Merseguer, J.: From UML sequence diagrams and statecharts to analysable Petri net models. In: Proceedings of the Third International Workshop on Software and Performance. New York, USA: ACM, (2002), pp. 35–45
Group, O.M.: Documents associated with object constraint language, version 2.0. online, May 2006. http://www.omg.org/spec/OCL/2.0/ (2006). Accessed July 2017
Platform independent Petri net editor 2, Open source software. http://pipe2.sourceforge.net (2007). Accessed Jan 2015
Ammann, P., Offutt, J., Xu, W., Li, N.: Coverage computation web applications. Online. https://cs.gmu.edu:8080/offutt/coverage/ (2008). Accessed July 2016
Billington, J., Christensen, S., van Hee, K., Kindler, E., Kummer, O., Petrucci, L., Post, R., Stehno, C., Weber, M.: The Petri net markup language: Concepts, technology, and tools. In: 24th International Conference of Applications and Theory of Petri Nets (ICATPN), W. M. P. van der Aalst and E. Best, Eds, pp. 483–505. Springer, Berlin (2003)
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslen, A.: Experimentation in Software Engineering: An introduction. Kluwer Academic Publishers, Norwell (2008), ISBN: 0-7923-8682-5
Darondeau, P., Demri, S., Meyer, R., Morvan, C.: Petri net reachability graphs: decidability status of FO properties. In: 31st International Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), pp. 140–151 (2011)
GitHub.: Github: The largest open source community in the world. https://github.com/open-source (2007). Accessed 20 June 2016
Students3K.: Open source software: an educational website. http://projects.students3k.com/ (2012). Accessed 20 June 2016
Danial, A.: CLOC: count lines of code. Online, 2006 https://github.com/AlDanial/cloc (2006). Accessed June 2016
StackOverFlow.com.: Session mix-up using stateserver. Online, December 7th 2010, http://stackoverflow.com/questions/1646274/asp-net-session-mix-up-using-stateserver-scary (2010). Accessed Jan 2015
StackOverFlow.com.: Mixing user session data in JBoss, Online, December 2013, http://stackoverflow.com/questions/20706567/mixing-user-session-data-in-jboss (2013). Accessed Jan 2015
Durbin, P.: User sessions mixed up when Java app deployed to glassfish, Online, October 2014, http://shibboleth.net/pipermail/users/2014-October/017878.html (2014). Accessed Jan 2015
Langley, R.: Practical Statistics Simply Explained. Dover Publications, New York (1971)
Stotts, P.D., Furuta, R.: Petri-net-based hypertext: Document structure with browsing semantics. ACM Trans Inf Syst 7(1), 3–29 (1989)
Stotts, D., Navon, J.: Model checking cobweb protocols for verification of HTML frames behavior. In: Proceedings of the 11th International Conference On World Wide Web, pp. 182–190. ACM Press, New York (2002)
Chachkov, S., Buchs, D.: From formal specifications to ready-to-use software components: The concurrent object oriented Petri net approach. In: International Conference on Application of Concurrency to System Design, pp. 99–110 (2001)
Hamadi, R., Benatallah, B.: A Petri net-based model for web service composition. In: Proceedings of the 14th Australasian Database Conference, vol. 17, pp. 191–200 (2003)
Grigore, L., Buy, U.: Enforcing safety properties in web applications using Petri nets. In: Proceedings of the 9th IASTED International Conference, vol. 632, p. 33 (2008)
Zhu, H., He, X.: A methodology of testing high-level Petri nets. Inf Softw Technol 44(8), 473–489 (2002)
Adjir, N., De Saqui-Sannes, P., Rahmouni, K.M.: Testing real-time systems using TINA. In: Testing of Software and Communication Systems, pp. 1–15. Springer, Berlin (2009)
Lill, R., Saglietti, F.: Test coverage criteria for autonomous mobile systems based on colored Petri nets. In: Ninth Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems, pp. 155–162 (2012)
Pugh, W., Ayewah, N.: Unit testing concurrent software. In : Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, pp. 513–516 (2007)
Koppol, P.V., Tai, K.-C.: An incremental approach to structural testing of concurrent software. SIGSOFT Softw Eng Notes 21(3), 14–23 (1996)
Ricca, F., Tonella, P.: Analysis and testing of web applications. In: IEEE 23rd International Conference on Software Engineering (ICSE), pp. 25–34. Toronto, CA (2001)
Benedikt, M., Freire, J., Godefroid, P.: VeriWeb: automatically testing dynamic web sites. In: Proceedings of 11th International World Wide Web Conference, pp. 654–668 (2002)
Offutt, J.: Quality attributes of Web software applications. IEEE Softw Spec Issue Softw Eng Internet Softw 19(2), 25–32 (2002)
Guerra, E., Sanz, D., Díaz, P., Aedo, I.: A transformation-driven approach to the verification of security policies in web designs. In: Web Engineering, pp. 269–284. Springer, Berlin (2007)
Elbaum, S., Rothermel, G., Karre, S., Fisher, M.: Leveraging user-session data to support web application testing. IEEE Trans Softw Eng 31(3), 187–202 (2005)
Di Lucca, G.A., Di Penta, M.: Considering browser interaction in web application testing. In: IEEE Fifth International Workshop on Web Site Evolution, pp. 74–81 (2003)
Acknowledgements
We would like to thank Dr. Nida Gökçe for her valuable feedback, as well as the experiment participants. We also thank the anonymous company that generously allowed us to develop tests for their application. This work was partly funded by The Knowledge Foundation (KKS) through the Project 20130085: Testing of Critical System Characteristics (TOCSYC).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Dr . M. Papadakis, S. Ali, and G. Perrouin.
Rights and permissions
About this article
Cite this article
Offutt, J., Thummala, S. Testing concurrent user behavior of synchronous web applications with Petri nets. Softw Syst Model 18, 913–936 (2019). https://doi.org/10.1007/s10270-018-0655-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10270-018-0655-8