Integration of data validation and user interface concerns in a DSL for web applications

Data validation rules constitute the constraints that data input and processing must adhere to in addition to the structural constraints imposed by a data model. Web modeling tools do not make all types of data validation explicit in their models, hampering full code generation and model expressivity. Web application frameworks do not offer a consistent interface for data validation. In this paper, we present a solution for the integration of declarative data validation rules with user interface models in the domain of web applications, unifying syntax, mechanisms for error handling, and semantics of validation checks, and covering value well-formedness, data invariants, input assertions, and action assertions. We have implemented the approach in WebDSL, a domain-specific language for the definition of web applications.     

An approach for the maintenance of input validation

Input validation is the enforcement of constraints that an input must satisfy before it is accepted in a program. It is an essential and important feature in a large class of systems and usually forms a major part of a data-intensive system. Currently, the design and implementation of input validation are carried out by application developers. The recovery and maintenance of input validation implemented in a system is a challenging issue. In this paper, we introduce a variant of control flow graph, called validation flow graph as a model to analyze input validation implemented in a program. We have also discovered some empirical properties that characterizing the implementation of input validation. Based on the model and the properties discovered, we then propose a method that recovers the input validation model from source and use program slicing techniques to aid the understanding and maintenance of input validation. We have also evaluated the proposed method through case studies. The results show that the method can be very useful and effective for both experienced and inexperienced developers.     

活动图模型驱动的Web应用程序测试方法

提出了一种活动图(AD)模型驱动的Web应用程序测试方法,从活动图中生成满足往返路径覆盖准则的测试序列,基于测试输入语法生成驱动测试序列执行的测试数据,将测试数据整合到测试序列中生成测试用例,运行测试用例进行测试并生成测试结果的报告。实现了一个原型工具以支持活动图模型驱动的Web应用程序测试方法,设计并完成了一个实验,验证了该方法的可行性与有效性。     

一种基于Web软件集成测试的建模方法

本文给出了一种Web软件集成测试的建模方法。该方法通过分析Web应用程序体系结构,对Web应用划分,用分层的有限状态机对Web应用进行行为建模,通过采用基于有限状态机的导航模型来指导测试人员进行Web集成测试;采用UML扩展的模型对Web应用组件间的交互建模,通过建立基于UML的组件依赖模型并提供相应的测试用例生成规则来提取Web应用的测试用例。     

Covering code behavior on input validation in functional testing

Input validation is the enforcement built in software systems to ensure that only valid input is accepted to raise external effects. It is essential and very important to a large class of systems and usually forms a major part of a data-intensive system. Most existing methods for input validation testing are specification-based. However, to test input validation more accurately, a code-based method is also required. In this paper, we propose an approach to extract path partition and input conditions from code for testing input validation. The path partition can be used to design white-box test cases for testing input validation. It can also be used to measure the coverage of input validation testing. The valid and invalid input conditions recovered can be used to check against the specifications and aid the test suite design in black-box testing. We have also evaluated the proposed method through experimental study.     

A data-flow approach to test multi-agent ASMs

This paper illustrates the theoretical basis of an approach to apply data flow testing techniques to abstract state machines (ASMs). In particular, we focus on multi-agent ASMs extended with the seq construct for turbo ASMs. We explain why traditional data flow analysis can not simply be applied to ASMs: data flow coverage criteria are strictly based on the mapping between a program and its flow graph whereas in this context we are interested in tracing the flow of data between states in ASM runs as opposed to between nodes in a program’s flow graph. We revise the classical concepts in data flow analysis taking into account the specific, parallel nature of ASMs, and define them on two levels: the syntactic (rule) level, and the computational (run) level. In particular, we analyze the role played by different types of terms in ASMs and deal with the problem of terms that are monitored by a given agent but controlled by another one, terms that are shared between several agents, and derived terms. We also discuss what consequences the use of the turbo ASM construct seq has on our analysis and revise the approach accordingly. Finally, we specify a family of ad hoc data flow coverage criteria for this class of ASMs and introduce a model checking-based approach to generate automatically test cases satisfying a given set of coverage criteria from ASM models.     

Measuring and modeling usage and reliability for statistical Webtesting

Statistical testing and reliability analysis can be used effectively to assure quality for Web applications. To support this strategy, we extract Web usage and failure information from existing Web logs. The usage information is used to build models for statistical Web testing. The related failure information is used to measure the reliability of Web applications and the potential effectiveness of statistical Web testing. We applied this approach to analyze some actual Web logs. The results demonstrated the viability and effectiveness of our approach     

Testing Processes of Web Applications

Current practice in Web application development is based on the skills of the individual programmers and often does not apply the principles of software engineering. The increasing economic relevance and internal complexity of the new generation of Web applications require that proper quality standards are reached and that development is kept under control. It is therefore likely that the formalization of the process followed while developing these applications will be one of the major research topics.In this paper we focus on Web application testing, a crucial phase when quality and reliability are a goal. Testing is considered in the wider context of the whole development process, for which an incremental/iterative model is devised. The processes behind the testing activities are analyzed considering the specificity of Web applications, for which the availability of a reference model is shown to be particularly important. The approach proposed in this paper covers the integration testing phase, which can take advantage of some features of Web applications (e.g., the http protocol employed), thus resulting in a higher level of automation with respect to traditional software.The testing processes described in this paper are supported by the prototype research tool TestWeb. This tool exploits a reverse engineered UML (Unified Modeling Language) model of the Web application to generate and execute test cases, in order to satisfy the testing criteria selected by the user. The usage of this tool will be presented with reference to a real-world case study.     

Two decades of Web application testing—A survey of recent advances

Since its inception of just over two decades ago, the World Wide Web has become a truly ubiquitous and transformative force in our life, with millions of Web applications serving billions of Web pages daily. Through a number of evolutions, Web applications have become interactive, dynamic and asynchronous. The Web׳s ubiquity and our reliance on it have made it imperative to ensure the quality, security and correctness of Web applications. Testing is a widely used technique for validating Web applications. It is also a long-standing, active and diverse research area. In this paper, we present a broad survey of recent Web testing advances and discuss their goals, targets, techniques employed, inputs/outputs and stopping criteria.     

Testing web applications

Traditional testing techniques are not adequate for web-based applications, since they miss their additional features such as their multi-tier nature, hyperlink-based structure, and event-driven feature. Limited work has been done on testing web applications. In this paper, we propose new techniques for white box testing of web applications developed in the .NET environment with emphasis on their event-driven feature. We extend recent work on modeling of web applications by enhancing previous dependence graphs and proposing an event-based dependence graph model. We apply data flow testing techniques to these dependence graphs and propose an event flow testing technique. Also, we present a few coverage testing approaches for web applications. Further, we propose mutation testing operators for evaluating the adequacy of web application tests.     

一种基于功能构件的Web应用建模与测试方法

Web应用与传统程序有着很大差别,后者的一些建模和测试方法不能完全适用于前者.提出了一种有效的对Web应用测试的方法.按功能将Web应用划分成若干个功能构件,把Web应用看成是功能构件的集合,并在功能上将其对应到实际的Web应用模块.用有向图表示功能构件的结构关系,用FSM表示功能构件的行为关系,用FSM的复合表示功能构件的交互.提出了完整执行序列覆盖、构件完整执行序列覆盖两个测试准则,根据这些准则生成测试用例集.为支持所提出的方法,设计了一个测试用例生成的工具原型.     

Introducing requirements traceability support in model-driven development of web applications

In this work, we present an approach that introduces requirements traceability capabilities in the context of model-driven development of Web applications. This aspect allows us to define model-to-model transformations that not only provide a software artifact of lower abstraction (as model-to-model transformations usually do) but also to provide feedback about how they are applied. This feedback helps us to validate whether transformations are correctly applied. In particular, we present a model-to-model transformation that allows us to obtain navigational models of the Web engineering method OOWS from a requirements model. This transformation is defined as a set of mappings between these two models that have been implemented by means of graph transformations. The use of graph transformations allows us to develop a tool-supported strategy for applying mappings automatically. In addition, mechanisms for tracing requirements are also included in the definition of graph transformations. These mechanisms allow us to link each conceptual element to the requirements from which it is derived. In particular, we focus on tracing requirements throughout the navigational model, which describe the navigational structure of a Web application. To take advantage of these traceability mechanisms, we have developed a tool that obtains traceability reports after applying transformations. These reports help us to study aspects such as whether requirements are all supported, the impact of changing a requirement, or how requirements are modelled.     

Using combinatorial testing to build navigation graphs for dynamic web applications

Modelling a software system is often a challenging prerequisite to automatic test case generation. Modelling the navigation structure of a dynamic web application is particularly challenging because of the presence of a large number of pages that are created dynamically and the difficulty of reaching a dynamic page unless a set of appropriate input values are provided for the parameters. To address the first challenge, some form of abstraction is required to enable scalable modelling. For the second challenge, techniques are required to select appropriate input values for parameters and systematically combine them to reach new pages. This paper presents a combinatorial approach in building a navigation graph for dynamic web applications. The navigation graph can then be used to automatically generate test sequences for testing web applications. The novelty of our approach is twofold. First, we use an abstraction scheme to control the page explosion problem, where pages that are likely to have the same navigation behaviour are grouped together and are represented as a single node in the navigation graph. Second, assuming that values of individual parameters are supplied manually or generated from other techniques, we combine parameter values such that well‐defined combinatorial coverage of input parameter values is achieved. Using combinatorial coverage can significantly reduce the number of requests that have to be submitted while still achieving effective coverage of the navigation structure. We implement our combinatorial approach in a tool, Tansuo, and apply the tool on seven open‐source web applications. We evaluate the effectiveness of Tansuo's exploration process guided by t‐way coverage, for t = 1,2,3, with respect to code coverage, and find that the navigation structure exploration by Tansuo, in general, results in high code coverage (more than 80% statement coverage for most of our subject applications when dead code is removed). We compare Tansuo's effectiveness with two other navigation graph tools and find that Tansuo is more effective. Our empirical results indicate that using pairwise coverage in Tansuo results in the efficient generation of navigation graphs and effective exploration of dynamic web applications. Copyright © 2016 John Wiley & Sons, Ltd.     

Systematic testing: A means for validating reactive systems

The validity of the first (formal) model of a system to be developed is crucial for the whole development process. Systematically checking this validity helps avoid costs that could arise if it were discovered too late that the system does not satisfy the customer's needs and expectations. This paper addresses how to validate synchronous reactive programs using the technique of systematic testing. Testing reactive systems differs from testing sequential systems: instead of checking simple pairs of inputs and outputs, sequences of inputs and outputs have to be checked. Thus, testing cannot be based on a simple function model, mapping input values onto output values nor on a control flow graph model (where a path from the start node to the final node represents one execution through the represented program). The model widely used instead is that of a finite-state machine. A systematic testing approach is presented that is both effective and efficient for validating reactive systems. It uses an additional specification based on a finite-state machine model. The approach is demonstrated for the well-known lift example. It is shown how to use the specification for carefully choosing a set of test criteria that address different types of fault; a procedure for selecting test cases and test data that satisfy the chosen criteria is presented.     

AutoGen: Easing model management through two levels of abstraction

Due to its extensive potential applications, model management has attracted many research interests and gained great progress. To provide easy-to-use interfaces, we have proposed a graph transformation-based model management approach that provides intuitive interfaces for manipulation of graphical data models. The approach consists of two levels of graphical operators: low-level customizable operators and high-level generic operators, both of which consist of a set of graph transformation rules. Users need to program or tune the low-level operators for desirable results. To further improve the ease-of-use of the graphical model management, automatic generation of low level of operators is highly desirable. The paper formalizes specifications of low- and high-level operators and proposes a generator to automatically transform high-level operators into low-level operators upon specific input data models. Based on graph transformation theoretical foundation, we design an algorithm for the generator to automatically produce low-level operators from input data models and mappings according to a high-level operator. The generator, called AutoGen, therefore eliminates many tedious specifications and thus eases the use of the graphical model management system.     

Validating a size measure for effort estimation in model-driven Web development

Web development is moving towards model-driven processes whose goal is the development of Web applications at a higher level of abstraction based on models and model transformations. This brings new opportunities to the Web project manager to make early estimates of the size and the effort required to produce Web applications based on their conceptual models. In the last few years, several studies for size and effort estimation have been performed. However, there are no studies regarding effort estimation in model-driven Web development. In this paper, we present the validation of a model-based size measure (OO-HFP) for Web effort estimation in the context of a model-driven Web development method. The validation is performed by comparing the prediction accuracy that OO-HFP provides with the accuracy provided by the standard function point analysis (FPA) method. The results of the study (using industrial data gathered from 31 Web projects) show that the effort estimates obtained for projects that are sized using OO-HFP are more accurate than the effort estimates obtained using the standard FPA method. This suggests that by following a model-driven development approach, the size measure obtained at the conceptual model of a Web application can be considered a suitable predictor of effort.     

面向软件攻击面的Web应用安全评估模型研究

Web应用已成为互联网和企事业单位信息管理的主要模式。随着Web应用的普及,攻击者越来越多地利用它的漏洞实现恶意攻击,Web应用的安全评估已成为信息安全研究的热点。结合Web应用的业务逻辑,提出了其相关资源软件攻击面的形式化描述方法,构造了基于软件攻击面的攻击图模型,在此基础上,实现对Web应用的安全评估。本文构造的安全评估模型,在现有的通用漏洞检测模型基础上,引入业务逻辑安全性关联分析,解决了现有检测模型业务逻辑安全检测不足的缺陷,实现了Web应用快速、全面的安全评估。     

WebSpec: a visual language for specifying interaction and navigation requirements in web applications

Web application development is a complex and time-consuming process that involves different stakeholders (ranging from customers to developers); these applications have some unique characteristics like navigational access to information, sophisticated interaction features, etc. However, there have been few proposals to represent those requirements that are specific to Web applications. Consequently, validation of requirements (e.g., in acceptance tests) is usually informal and as a result troublesome. To overcome these problems, we present WebSpec, a domain-specific language for specifying the most relevant and characteristic requirements of Web applications: those involving interaction and navigation. We describe WebSpec diagrams, discussing their abstraction and expressive power. With a simple though realistic example, we show how we have used WebSpec in the context of an agile Web development approach discussing several issues such as automatic test generation, management of changes in requirements, and improving the understanding of the diagrams through application simulation.