ABSTRACT
Test adequacy criteria are fundamental in software testing. Among them, code coverage criterion is widely used due to its simplicity and effectiveness. However, in dynamic web application testing, merely covering server-side script code is inadequate because it neglects client-side execution, which plays an important role in triggering client-server interactions to reach important execution states. Similarly, a criterion aiming at covering the UI elements on client-side pages ignores the server-side execution, leading to insufficiency.
In this paper, we propose Virtual DOM (V-DOM) Coverage, a novel criterion, for effective web application testing. With static analysis, we first aggregate all the DOM objects that may be produced by a piece of server script to construct a V-DOM tree. The tree models execution on both the client- and server-sides such that V-DOM coverage is more effective than existing coverage criteria in web application testing. We conduct an empirical study on five real world dynamic web applications. We find that V-DOM tree can model much more DOM objects than a web crawling based technique. Test selection based on V-DOM tree criterion substantially outperforms the existing code coverage and UI element coverage, by detecting more faults.
- Phc: open source PHP compiler. http://www.phpcompiler.org/.Google Scholar
- The LLVM Project: a collection of modular and reusable compiler and toolchain technologies. http://llvm.org/Google Scholar
- Selenium: web browser automation. http://www.seleniumhq.org/.Google Scholar
- S. Elbaum, G. Rothermel, S. Kanduri, and A. Malishevsky. Selecting a cost-effective test case prioritization technique. Software Quality Journal, 12(3):185–210, 2004. Google ScholarDigital Library
- N. Alshahwan, M. Harman, A. Marchetto, and P. Tonella. Improving web application testing using testability measures. In WSE’09, pages 49–58, 2009.Google ScholarCross Ref
- C. Fang, Z. Chen, and B. Xu. Comparing logic coverage criteria on test case prioritization. Science China Information Sciences, 55(12):2826–2840, 2012.Google ScholarCross Ref
- P. Ammann and J. Offutt. Introduction to Software Testing. Cambridge University Press, 2008. Google ScholarDigital Library
- S. Artzi, A. Kiezun, J. Dolby, F. Tip, D. Dig, and A. Paradkar. Finding bugs in dynamic web applications In ISSTA’08, pages 261–272, 2008. Google ScholarDigital Library
- P. Boldi, B. Codenotti, M. Santini, and S. Vigna. Ubicrawler: A scalable fully distributed web crawler. Software: Practice and Experience, 34(8):711–726, 2004. Google ScholarDigital Library
- S. Brin and L. Page. The anatomy of a large-scale hypertextual web search engine. Computer Networks and ISDN Systems, 30(1):107–117, 1998. Google ScholarDigital Library
- M. Burner. Crawling towards eternity: Building an archive of the World Wide Web. Web Techniques Magazine, 2(5), 1997.Google Scholar
- J. Cho and H. Garcia-Molina. Parallel crawlers. Technical report, 2001.Google Scholar
- A. Christensen, A. Feldthaus, and A. Moller. Precise analysis of string expressions. In SAS’03, pages 1–18, 2003. Google ScholarDigital Library
- C. Duda, G. Frey, D. Kossmann, R. Matter, and C. Zhou. Ajax crawl: making AJAX applications searchable. In ICDE’09, pages 78–89, 2009. Google ScholarDigital Library
- P. Frankl and E. Weyuker. An applicable family of data flow testing criteria. IEEE Transactions on Software Engineering, 14(10):1483–1498, 1988. Google ScholarDigital Library
- E. Geay, M. Pistoia, B. Ryder, and J. Dolby. Modular string-sensitive permission analysis with demand-driven preciion. In ICSE’09, pages 177–187, 2009. Google ScholarDigital Library
- P. Hooimeijier and W. Weimer. A decision procedure for subset constraints over regular languages. In PLDI’09, pages 188–198, 2009. Google ScholarDigital Library
- A. Kiezun, V. Ganesh, P. Guo, P. Hooimeijier, and M. Ernst. A solver for string constraints. In ISSTA’09, pages 105–116, 2009. Google ScholarDigital Library
- D. Kung, C. Liu, and P. Hsia. An object-oriented web test model for testing web applications. In APAQS’00, pages 111–120, 2000. Google ScholarDigital Library
- C. Liu, D. Kung, and P. Hsia. Object-based data flow testing of web applications. In APAQS’00, pages 7–16, 2000. Google ScholarDigital Library
- G. Lucca, A. Fasolino, F. Faralli, and U. Carlini. Testing web applications. In ICSM’2002, pages 310–319, 2002. Google ScholarDigital Library
- A. Mesbah, E. Bozdag, and A. van Deursen. Crawling AJAX by inferring user interface state changes. In ICWE’08, pages 122–134, 2008. Google ScholarDigital Library
- Y. Minamide. Static approximation of dynamically generated web pages. In WWW’05, pages 432–441, 2005. Google ScholarDigital Library
- A. Namin and J. Andrews. The influence of size and coverage on test suite effectiveness. In ISSTA’09, pages 57–68, 2009. Google ScholarDigital Library
- F. Ricca and P. Tonella. Analysis and testing of web applications. In ICSE’01, pages 25–34, 2010. Google ScholarDigital Library
- T. Tateishi, M. Pistoia, and O. Tripp. Path- and index-sensitive string analysis based on monadic second-order logic. In ISSTA’11, pages 166–176, 2011. Google ScholarDigital Library
- P. Tonella, F. Ricca, E. Pianta, and G. C. Evaluation methods for web application clustering. In WSE’03, pages 33–40, 2003.Google ScholarCross Ref
- G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. In PLDI’07, pages 32–41, 2007. Google ScholarDigital Library
- G. Wassermann, D. Yu, A. Chander, D. Dhurjati, H. Inamura and Z. Su. Dynamic test input generation for web applications. In ISSTA’08, pages 249-260, 2008. Google ScholarDigital Library
- Y. Wei, M. Oriol, and B. Meyer. Is coverage a good measure of testing effectiveness? Technical report, ETH Zurich, 2010.Google Scholar
- H. Samimi, M. Schäfer, S. Artzi, T. Millstein, F. Tip, and L. Hendren. Automated repair of HTML generation errors in PHP applications using string constraint solving. in ICSE’12, pages 277-287, 2012. Google ScholarDigital Library
- Y. Zou, C. Fang, Z. Chen, X. Zhang, and Z. Zhao. A hybrid coverage criterion for dynamic web testing. in SEKE’13, 2013.Google Scholar
- A. Memon, M. Soffa, and M. Pollack. Coverage criteria for GUI testing. in FSE’01, pages 256–267, 2001. Google ScholarDigital Library
Index Terms
- Virtual DOM coverage for effective testing of dynamic web applications
Recommendations
Million.js: A Fast Compiler-Augmented Virtual DOM for the Web
SAC '23: Proceedings of the 38th ACM/SIGAPP Symposium on Applied ComputingInteractive web applications created with declarative JavaScript User Interface (UI) libraries have increasingly dominated the modern internet. However, existing libraries are primarily made for runtime execution, and rely on the user to load and render ...
DOM-based test adequacy criteria for web applications
ISSTA 2014: Proceedings of the 2014 International Symposium on Software Testing and AnalysisTo assess the quality of web application test cases, web developers currently measure code coverage. Although code coverage has traditionally been a popular test adequacy criterion, we believe it alone is not adequate for assessing the quality of web ...
Coverage criteria for automatic security testing of web applications
ICISS'10: Proceedings of the 6th international conference on Information systems securityIn security testing of web applications, the selection of coverage criteria for adequacy evaluation of test cases is based on the trade off between test cost and vulnerability detection effectiveness. Coverage criteria used in traditional software ...
Comments