When | What |
---|---|
Septmeber 11th, 2015 | Donated by Shay Artzi |
Studies who have been using the data (in any form) are required to include the following reference:
@inproceedings{Artzi:2008:FBD:1390630.1390662,
author = {Artzi, Shay and Kiezun, Adam and Dolby, Julian and Tip, Frank and Dig, Danny and Paradkar, Amit and Ernst, Michael D.},
title = {Finding Bugs in Dynamic Web Applications},
booktitle = {Proceedings of the 2008 International Symposium on Software Testing and Analysis},
series = {ISSTA '08},
year = {2008},
isbn = {978-1-60558-050-0},
location = {Seattle, WA, USA},
pages = {261--272},
numpages = {12},
url = {http://doi.acm.org.prox.lib.ncsu.edu/10.1145/1390630.1390662},
doi = {10.1145/1390630.1390662},
acmid = {1390662},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {dynamic analysis, php, software testing, web applications},
}
Bug Reports obtained from tool Apollo, used to find faults in PHP programs. The programs tested are faqforge, webchess, schoolmate, phpsysinfo
Web script crashes and malformed dynamically-generated Web pages are common errors, and they seriously impact usability of Web applications. Current tools for Web-page validation cannot handle the dynamically-generated pages that are ubiquitous on today’s Internet. In this work, we apply a dynamic test generation technique, based on combined concrete and symbolic execution, to the domain of dynamic Web applications. The technique generates tests automatically, uses the tests to detect failures, and minimizes the conditions on the inputs exposing each failure, so that the resulting bug reports are small and useful in finding and fixing the underlying faults. Our tool Apollo implements the technique for PHP. Apollo generates test inputs for the Web application, monitors the application for crashes, and validates that the output conforms to the HTML specification. This paper presents Apollo’s algorithms and implementation, and an experimental evaluation that revealed 214 faults in 4 PHP Web applications.