Skip to main content
SpringerLink
Log in

Testing concurrent user behavior of synchronous web applications with Petri nets

  • Theme Section Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Web applications are now used in every aspect of our lives to manage work, provide products and services, read email, and provide entertainment. The software technologies used to build web applications provide features that help designers provide flexible functionality, but that are challenging to model and test. In particular, the network-based request-response model of programming means that web applications are inherently “stateless” and implicitly concurrent. They are stateless because a new network connection is made for each request (for example, when a user clicks a submit button). Thus, the server does not, by default, recognize multiple requests from the same user. Web applications are also concurrent because multiple users can use the same web application at the same time, creating contention for the same resources. Unfortunately, most web application testing does not adequately evaluate these aspects of web applications, leaving many software faults in deployed web applications. Part of this problem is because most traditional software modeling tools (such as UML) do not have built-in support for the stateless and concurrent aspects of web applications. This research project uses a novel model that is based on Petri nets to describe certain aspects of the behavior of web applications. This paper makes several contributions. We present a novel technique to design tests from this model that explicitly tests concurrency in web applications. We present novel coverage criteria that are defined on the Petri net model. We present results from an empirical study of 18 web applications with 343 components and 30,186 lines of code, followed by a case study on a large industrial web application. The tests found significantly more faults than traditional requirements-based tests, with fewer tests.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. These language features are described in Sect. 2.1.

  2. These four scopes are unique to the J2EE environment, but all web development frameworks have something similar, so these serve as a representative example.

  3. Modeling type 4, asynchronous behavior, is ongoing work for another paper.

  4. The logic requirements could of course have been generated without the Petri net model, but it is simpler to integrate them into the tool.

  5. We did not create RACC tests in this study.

References

  1. comScore.: Cyber Monday jumps 18 percent to $1.735 billion in desktop sales to rank as heaviest U.S. online spending day in history, Online, December 3rd 2013. http://www.comscore.com/Insights/Press-Releases/2013/12/Cyber-Monday-Jumps-18-Percent-to-1735-Billion-in-Desktop-Sales-to-Rank-as-Heaviest-US-Online-Spending-Day-in-History (2013). Accessed Jan 2015

  2. Pollock, R.: Troubled Obamacare website wasn’t tested until a week before launch, Online, October 17th 2013. http://www.washingtonexaminer.com/troubled-obamacare-website-wasnt-tested-until-a-week-before-launch/article/2537381 (2013). Accessed Jan 2015

  3. Epstein, Z.: Pokemon Go fans, we have some bad news about all those annoying bugs, August 2016. http://bgr.com/2016/08/04/pokemon-go-news-update-2016-bugs-glitches/ (2016). Accessed July 2017

  4. Humphery-Jenner, M.: What went wrong with Pokemon Go? Three lessons from its plummeting player numbers, October 2016, https://phys.org/news/2016-10-wrong-pokmon-lessons-plummeting-player.html (2016). Accessed July 2017

  5. Hamill, J., Moorhead, A.: Gamers furious as Pokemon Go RESETS their progress through the game, August 2016. https://www.thesun.co.uk/news/1533456/gamers-furious-as-pokemon-go-resets-their-progress-through-the-game/ (2016). Accessed July 2017

  6. Bugs, glitches, freezes, and fixes, May 2017. http://www.ign.com/wikis/pokemon-go/Bugs,_Glitches,_Freezes,_and_Fixes (2017). Accessed July 2017

  7. Roy, P.V., Haridi, S.: Concepts, Techniques, and Models of Computer Programming. The MIT Press, Cambridge (2004), ISBN: 0262220695

  8. Gupt, S.: Target black Friday cancellation fiasco, Online, December 7th 2010. http://ireport.cnn.com/docs/DOC-526674 (2010). Accessed Jan 2015

  9. Hall, M.: Core Servlets and JavaServer Pages. Prentice Hall, Upper Saddle River (2001), ISBN: 0076092036876

  10. BlaineDonley, Offutt, J.: Web Application Testing Challenges, (2009), Unpublished research. http://www.quaso.com/knowledge-base/Web-Application-Testing-Complexities-v1.1.pdf (2009). Accessed Aug 2015

  11. Thummala, S., Offutt, J.: Using Petri nets to test concurrent behavior of web applications. In: 12th Advances in Model Based Testing (A-MOST) Workshop of the International Conference on Software Testing, Verification and Validation, IEEE, April (2016), pp. 189–198

  12. Garrett, J.J.: Ajax: a new approach to web applications, Online, 2006. http://adaptivepath.org/ideas/ajax-new-approach-web-applications/ (2006). Accessed May 2015

  13. Offutt, J., Wu, Y.: Modeling presentation layers of web applications for testing. Softw. Syst. Modeling 9(2), 257–280 (2010)

    Article  Google Scholar 

  14. Wikipedia.: World wide web. https://en.wikipedia.org/wiki/World_Wide_Web (2004). Accessed 20 Jan 2015

  15. Wikipedia.: Web application. http://en.wikipedia.org/wiki/Web_application (2004). Accessed 20 Jan 2015

  16. Mordani, R.: Java servlet specification 3.0, online, December 2009. http://download.oracle.com/otn-pub/jcp/servlet-3.0-fr-eval-oth-JSpec/servlet-3_0-final-spec.pdf (2009). Accessed June 2015

  17. Aggarwal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: Proceedings of the 19th USENIX Conference on Security. USENIX Association, pp. 6–6. [Online]. Available: http://dl.acm.org/citation.cfm?id=1929820.1929828 (2010)

  18. Wikipedia.: Privacy mode. https://en.wikipedia.org/wiki/Privacy_mode (2016). Accessed Feb 2016

  19. Zhao, B., Liu, P.: “Private browsing mode not really that private: Dealing with privacy breach caused by browser extensions,” In 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).IEEE, (2015), pp. 184–195

  20. Ian Hickson, I.: Google, Web storage W3C recommendation, Online. http://www.w3.org/TR/webstorage/ (2012). Accessed Jan 2015

  21. Zakas, N.C.: Introduction to session storage, Online. http://www.nczonline.net/blog/2009/07/21/introduction-to-sessionstorage/ (2009). Accessed Jan 2015

  22. Göetz, B., Peierls, T., Bloch, J., Bowbeer, J., Holmes, D., Lea, D.: Java Concurrency in Practice. Addison-Wesley, Boston (2006)

    Google Scholar 

  23. Petri, C.A.: Communication with automata, New York: Griffiss Air Force Base. Technical Report RADCTR-65-377, vol. 1, (1966)

  24. Murata, T.: Petri nets: properties, analysis and applications. Proc IEEE 77(4), 541–580 (1989)

    Article  Google Scholar 

  25. Jensen, K.: Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use. Springer, Berlin, (1997), ISBN: 3642082009

  26. Bernardinello, L., De Cindio, F.: A survey of basic net models and modular net classes. In: Rozenberg G (ed.) Advances in Petri Nets, pp. 304–351. Springer, Berlin (1992)

  27. Genrich, H.J., Lautenbach, K., Thiagarajan, P.: Elements of general net theory. Net Theory and Applications, pp. 21–163. Springer, Berlin (1980)

  28. Reisig, W.: Place/Transition Systems. Petri Nets: Central Models and Their Properties, pp. 117–141. Springer, Berlin (1987)

  29. RTCA-DO-178B, Software considerations in airborne systems and equipment certification, (1992)

  30. Ammann, P., Offutt, J., Huang, H.: Coverage criteria for logical expressions. In: IEEE 14th International Symposium on Software Reliability Engineering, pp. 99–107 (2003)

  31. Ammann, P., Offutt, J.: Introduction to Software Testing, 2nd ed. Cambridge University Press, Cambridge (2017), ISBN 978-1107172012

  32. Veanes, M., Campbell, C., Grieskamp, W., Schulte, W., Tillmann, N., Nachmanson, L.: Model-based testing of object-oriented reactive systems with Spec Explorer. In: Formal Methods and Testing, LNCS 4949, pp. 39–76. Springer, Berlin (2008)

  33. Offutt, J., Abdurazik, A.: Generating tests from UML specifications. In: Proceedings of the Second IEEE International Conference on the Unified Modeling Language (UML99). Springer, Fort Collins. Lecture Notes in Computer Science vol 1723, pp. 416–429 (1999)

  34. Hierons, R.M., Bogdanov, K., Bowen, J., Cleaveland, R., Derrick, J., Dick, J., Gheorghe, M., Harman, M., Kapoor, K., Krause, P., Luettgen, G., Simons, A., Vilkomir, S., Woodward, M., Zedan, H.: Using formal specifications to support testing. ACM Comput Surv 41(2), 9 (2009)

    Article  Google Scholar 

  35. Utting, M., Pretschner, A., Legeard, B.: A taxonomy of model-based testing approaches. Softw Test Verif Reliab 22(5), 297–312 (2012)

    Article  Google Scholar 

  36. Li, N., Offutt, J.: Test oracle strategies for model-based testing. IEEE Trans Softw Eng 43(4), 372–395 (2017)

    Article  Google Scholar 

  37. Fehling, R.: A concept of Hierarchical Petri Nets with Building Blocks. In: Rozenberg G (ed.) Advances in Petri nets, pp. 148–168. Springer, Berlin (1993)

  38. Andrews, A.A., Offutt, J., Alexander, R.T.: Testing web applications by modeling with FSMs. Softw Syst Model 4(3), 326–345 (2005)

    Article  Google Scholar 

  39. Zuberek, W.: Timed Petri nets definitions, properties, and applications. Microelectron Reliab 31(4), 627–644 (1991)

    Article  Google Scholar 

  40. Larsen, G.K., Pettersson, P., Yi, W.: Uppaal in a nutshell. Int J Softw ToolsTechnolTrans 1(1), 134–152 (1997)

    MATH  Google Scholar 

  41. Platform independent Petri net Editor 2 (PIPE2): Open source software. http://pipe2.sourceforge.net/index.html 2002. Accessed 20 June 2016

  42. ArgoUML: open source software. http://argouml.tigris.org/ (2002). Accessed 20 June 2016

  43. Larsen, K.G., Pettersson, P., Yi, W.: Model-checking for real-time systems. In: Proceedings of Fundamentals of Computation Theory, ser. Lecture Notes in Computer Science, no. 965, pp. 62–88 (1995)

  44. Wikipedia.: Petri nets. https://en.wikipedia.org/wiki/Petri_net#Restrictions (2003). Accessed 20 June 2016

  45. Fraser, G., Wotawa, F., Ammann, P.E.: Testing with model checkers: a survey. Softw Test Verif Reliab 19(3), 215–261 (2009). https://doi.org/10.1002/stvr.402

    Article  Google Scholar 

  46. Salgado, M.R.M.: Towards verifying petri nets: a model checking approach, Unpublished Master’s research project. http://eprints.sim.ucm.es/11488/1/M._Rosa_Martos-Master_2010.pdf (2009). Accessed June 2016

  47. Cheng, A., Christensen, S., Mortensen, K.H.: Model checking coloured Petri nets-exploiting strongly connected components. In: Proceedings of International Workshop on Discrete Event Systems, pp. 169–177 (1997)

  48. Gardey, G., Lime, D., Magnin, M., Roux, O.H.: Romeo: a tool for analyzing time petri nets. In: 17th International Conference on Computer Aided Verification. Edinburgh, Scotland, UK: Springer, July 2005, pp. 418–423. [Online]. Available: https://doi.org/10.1007/11513988_41

  49. Van Der Aalst, W.: The application of Petri nets to workflow management. J Circuits Syst Comput 8(1), 21–66 (1998)

    Article  Google Scholar 

  50. Bernardi, S., Donatelli, S., Merseguer, J.: From UML sequence diagrams and statecharts to analysable Petri net models. In: Proceedings of the Third International Workshop on Software and Performance. New York, USA: ACM, (2002), pp. 35–45

  51. Group, O.M.: Documents associated with object constraint language, version 2.0. online, May 2006. http://www.omg.org/spec/OCL/2.0/ (2006). Accessed July 2017

  52. Platform independent Petri net editor 2, Open source software. http://pipe2.sourceforge.net (2007). Accessed Jan 2015

  53. Ammann, P., Offutt, J., Xu, W., Li, N.: Coverage computation web applications. Online. https://cs.gmu.edu:8080/offutt/coverage/ (2008). Accessed July 2016

  54. Billington, J., Christensen, S., van Hee, K., Kindler, E., Kummer, O., Petrucci, L., Post, R., Stehno, C., Weber, M.: The Petri net markup language: Concepts, technology, and tools. In: 24th International Conference of Applications and Theory of Petri Nets (ICATPN), W. M. P. van der Aalst and E. Best, Eds, pp. 483–505. Springer, Berlin (2003)

  55. Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslen, A.: Experimentation in Software Engineering: An introduction. Kluwer Academic Publishers, Norwell (2008), ISBN: 0-7923-8682-5

  56. Darondeau, P., Demri, S., Meyer, R., Morvan, C.: Petri net reachability graphs: decidability status of FO properties. In: 31st International Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), pp. 140–151 (2011)

  57. GitHub.: Github: The largest open source community in the world. https://github.com/open-source (2007). Accessed 20 June 2016

  58. Students3K.: Open source software: an educational website. http://projects.students3k.com/ (2012). Accessed 20 June 2016

  59. Danial, A.: CLOC: count lines of code. Online, 2006 https://github.com/AlDanial/cloc (2006). Accessed June 2016

  60. StackOverFlow.com.: Session mix-up using stateserver. Online, December 7th 2010, http://stackoverflow.com/questions/1646274/asp-net-session-mix-up-using-stateserver-scary (2010). Accessed Jan 2015

  61. StackOverFlow.com.: Mixing user session data in JBoss, Online, December 2013, http://stackoverflow.com/questions/20706567/mixing-user-session-data-in-jboss (2013). Accessed Jan 2015

  62. Durbin, P.: User sessions mixed up when Java app deployed to glassfish, Online, October 2014, http://shibboleth.net/pipermail/users/2014-October/017878.html (2014). Accessed Jan 2015

  63. Langley, R.: Practical Statistics Simply Explained. Dover Publications, New York (1971)

    Google Scholar 

  64. Stotts, P.D., Furuta, R.: Petri-net-based hypertext: Document structure with browsing semantics. ACM Trans Inf Syst 7(1), 3–29 (1989)

    Article  Google Scholar 

  65. Stotts, D., Navon, J.: Model checking cobweb protocols for verification of HTML frames behavior. In: Proceedings of the 11th International Conference On World Wide Web, pp. 182–190. ACM Press, New York (2002)

  66. Chachkov, S., Buchs, D.: From formal specifications to ready-to-use software components: The concurrent object oriented Petri net approach. In: International Conference on Application of Concurrency to System Design, pp. 99–110 (2001)

  67. Hamadi, R., Benatallah, B.: A Petri net-based model for web service composition. In: Proceedings of the 14th Australasian Database Conference, vol. 17, pp. 191–200 (2003)

  68. Grigore, L., Buy, U.: Enforcing safety properties in web applications using Petri nets. In: Proceedings of the 9th IASTED International Conference, vol. 632, p. 33 (2008)

  69. Zhu, H., He, X.: A methodology of testing high-level Petri nets. Inf Softw Technol 44(8), 473–489 (2002)

    Article  Google Scholar 

  70. Adjir, N., De Saqui-Sannes, P., Rahmouni, K.M.: Testing real-time systems using TINA. In: Testing of Software and Communication Systems, pp. 1–15. Springer, Berlin (2009)

  71. Lill, R., Saglietti, F.: Test coverage criteria for autonomous mobile systems based on colored Petri nets. In: Ninth Symposium on Formal Methods for Automation and Safety in Railway and Automotive Systems, pp. 155–162 (2012)

  72. Pugh, W., Ayewah, N.: Unit testing concurrent software. In : Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, pp. 513–516 (2007)

  73. Koppol, P.V., Tai, K.-C.: An incremental approach to structural testing of concurrent software. SIGSOFT Softw Eng Notes 21(3), 14–23 (1996)

    Article  Google Scholar 

  74. Ricca, F., Tonella, P.: Analysis and testing of web applications. In: IEEE 23rd International Conference on Software Engineering (ICSE), pp. 25–34. Toronto, CA (2001)

  75. Benedikt, M., Freire, J., Godefroid, P.: VeriWeb: automatically testing dynamic web sites. In: Proceedings of 11th International World Wide Web Conference, pp. 654–668 (2002)

  76. Offutt, J.: Quality attributes of Web software applications. IEEE Softw Spec Issue Softw Eng Internet Softw 19(2), 25–32 (2002)

    Google Scholar 

  77. Guerra, E., Sanz, D., Díaz, P., Aedo, I.: A transformation-driven approach to the verification of security policies in web designs. In: Web Engineering, pp. 269–284. Springer, Berlin (2007)

  78. Elbaum, S., Rothermel, G., Karre, S., Fisher, M.: Leveraging user-session data to support web application testing. IEEE Trans Softw Eng 31(3), 187–202 (2005)

    Article  Google Scholar 

  79. Di Lucca, G.A., Di Penta, M.: Considering browser interaction in web application testing. In: IEEE Fifth International Workshop on Web Site Evolution, pp. 74–81 (2003)

Download references

Acknowledgements

We would like to thank Dr. Nida Gökçe for her valuable feedback, as well as the experiment participants. We also thank the anonymous company that generously allowed us to develop tests for their application. This work was partly funded by The Knowledge Foundation (KKS) through the Project 20130085: Testing of Critical System Characteristics (TOCSYC).

Author information

Authors and Affiliations

  1. Software Engineering, George Mason University, Fairfax, VA, USA

    Jeff Offutt & Sunitha Thummala

Authors
  1. Jeff Offutt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sunitha Thummala
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeff Offutt.

Additional information

Communicated by Dr . M. Papadakis, S. Ali, and G. Perrouin.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Offutt, J., Thummala, S. Testing concurrent user behavior of synchronous web applications with Petri nets. Softw Syst Model 18, 913–936 (2019). https://doi.org/10.1007/s10270-018-0655-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-018-0655-8

Keywords

Search

Navigation