Bug Tracking System

URL

Change Log

When What
October 31st, 2015 Donated by Nakul Shukla

Reference

Studies who have been using the data (in any form) are required to include the following reference:

@inproceedings{Wassermann:2008:DTI:1390630.1390661,
 author = {Wassermann, Gary and Yu, Dachuan and Chander, Ajay and Dhurjati, Dinakar and Inamura, Hiroshi and Su, Zhendong},
 title = {Dynamic Test Input Generation for Web Applications},
 booktitle = {Proceedings of the 2008 International Symposium on Software Testing and Analysis},
 series = {ISSTA '08},
 year = {2008},
 isbn = {978-1-60558-050-0},
 location = {Seattle, WA, USA},
 pages = {249--260},
 numpages = {12},
 url = {http://doi.acm.org/10.1145/1390630.1390661},
 doi = {10.1145/1390630.1390661},
 acmid = {1390661},
 publisher = {ACM},
 address = {New York, NY, USA},
 keywords = {automatic test generation, concolic testing, directed random testing, web applications},
}

About the Data

Overview of Data

Mantis 1.0.0rc2, is an open source bug tracking system, similar to Bugzilla. The top-level PHP file for this page includes transitively 27 other files for a total of 17,328 lines of PHP in the page.

Paper Abstract

Web applications routinely handle sensitive data, and many people rely on them to support various daily activities, so errors can have severe and broad-reaching consequences. Unlike most desktop applications, many web applications are written in scripting languages, such as PHP. The dynamic features commonly supported by these languages significantly inhibit static analysis and existing static analysis of these languages can fail to produce meaningful results on realworld web applications.

Automated test input generation using the concolic testing framework has proven useful for finding bugs and improving test coverage on C and Java programs, which generally emphasize numeric values and pointer-based data structures. However, scripting languages, such as PHP, promote a style of programming for developing web applications that emphasizes string values, objects, and arrays.

In this paper, we propose an automated input test generation algorithm that uses runtime values to analyze dynamic code, models the semantics of string operations, and handles operations whose argument and return values may not share a common type. As in the standard concolic testing framework, our algorithm gathers constraints during symbolic execution. Our algorithm resolves constraints over multiple types by considering each variable instance individually, so that it only needs to invert each operation. By recording constraints selectively, our implementation successfully finds bugs in real-world web applications which state-of-the-art static analysis tools fail to analyze.