Guodong Li
ABSTRACT
We present SymJS, a comprehensive framework for automatic testing of client-side JavaScript Web applications. The tool contains a symbolic execution engine for JavaScript, and an automatic event explorer for Web pages. Without any user intervention, SymJS can automatically discover and explore Web events, symbolically execute the associated JavaScript code, refine the execution based on dynamic feedbacks, and produce test cases with high coverage. The symbolic engine contains a symbolic virtual machine, a string-numeric solver, and a symbolic executable DOM model. SymJS's innovations include a novel symbolic virtual machine for JavaScript Web, symbolic+dynamic feedback directed event space exploration, and dynamic taint analysis for enhancing event sequence construction. We illustrate the effectiveness of SymJS on standard JavaScript benchmarks and various real-life Web applications. On average SymJS achieves over 90% line coverage for the benchmark programs, significantly outperforming existing methods.
- Artzi, S., Dolby, J., Jensen, S. H., Moller, A., and Tip, F. A framework for automated testing of JavaScript Web applications. In International Conference on Software Engineering (ICSE) (2011). Google Scholar
Digital Library
- Boonstoppel, P., Cadar, C., and Engler, D. R. RWset: Attacking path explosion in constraint-based test generation. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems(TACAS) (2008). Google ScholarDigital Library
- Bugrara, S., and Engler, D. R. Redundant state detection for dynamic symbolic execution. In USENIX Annual Technical Conference (USENIX ATC) (2013). Google ScholarDigital Library
- Cadar, C., Dunbar, D., and Engler, D. R. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2008). Google ScholarDigital Library
- Cadar, C., and Sen, K. Symbolic execution for software testing: three decades later. Commun. ACM 56, 2 (2013), 82–90. Google ScholarDigital Library
- Dutertre, B., and Moura, L. D. The Yices SMT Solver. Tech. rep., Computer Science Laboratory, SRI International, 2006.Google Scholar
- Ghosh, I., Shafiei, N., Li, G., and Chiang, W.-F. JST: An automatic test generation tool for industrial Java applications with strings. In International Conference on Software Engineering (ICSE) (2013). Google ScholarDigital Library
- Godefroid, P., Levin, M. Y., and Molnar, D. Sage: Whitebox fuzzing for security testing. Commun. ACM 10, 1 (2012), 20. Google ScholarDigital Library
- Jensen, C. S., Prasad, M. R., and Møller, A. Automated testing with targeted event sequence generation. In International Symposium on Software Testing and Analysis (ISSTA) (2013). Google ScholarDigital Library
- King, J. Symbolic execution and program testing. Communications of the ACM 19, 7 (1976), 385–394. Google ScholarDigital Library
- Kroening, D., and Strichman, O. Decision Procedures: An Algorithmic Point of View. Springer Publishing Company, Incorporated, 2008. Google Scholar
- Kuznetsov, V., Kinder, J., Bucur, S., and Candea, G. Efficient state merging in symbolic execution. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2012). Google ScholarDigital Library
- Li, G., and Ghosh, I. PASS: String solving with parameterized array and interval automaton. In Haifa Verification Conference (HVC) (2013).Google ScholarCross Ref
- Li, G., Ghosh, I., and Rajan, S. P. KLOVER : A symbolic execution and automatic test generation tool for C++ programs. In International Conference on Computer Aided Verification (CAV) (2011). Google ScholarDigital Library
- Li, G., and Gopalakrishnan, G. Scalable SMT-based verification of GPU kernel functions. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering (SIGSOFT FSE) (2010). Google ScholarDigital Library
- Li, G., Li, P., Sawaga, G., Gopalakrishnan, G., Ghosh, I., and Rajan, S. P. GKLEE: Concolic verification and test generation for GPUs. In ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP) (2012). Google ScholarDigital Library
- Pacheco, C., Lahiri, S. K., Ernst, M. D., and Ball, T. Feedback-directed random test generation. In International Conference on Software Engineering (ICSE) (2007). Google ScholarDigital Library
- Pˇ asˇ areanu, C. S., and Rungta, N. Symbolic PathFinder: symbolic execution of Java bytecode. In IEEE/ACM International Conference on Automated Software Engineering (ASE) (2010). Google ScholarDigital Library
- Richards, G., Lebresne, S., Burg, B., and Vitek, J. An analysis of the dynamic behavior of JavaScript programs. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2010). Google ScholarDigital Library
- Rizzi, E. F., Dwyer, M. B., and Elbaum, S. Safely reducing the cost of unit level symbolic execution through read/write analysis. ACM SIGSOFT Software Engineering Notes 39, 1 (2014). Google ScholarDigital Library
- Saxena, P., Akhawe, D., Hanna, S., Mao, F., McCamant, S., and Song, D. A Symbolic Execution Framework for JavaScript. In IEEE Symposium on Security and Privacy (Oakland) (2010). Google ScholarDigital Library
- Sen, K., Brutch, T., Gibbs, S., and Kalasapur, S. Jalangi: A selective record-replay and dynamic analysis framework for JavaScript. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering (SIGSOFT FSE) (2013). Google ScholarDigital Library
- Sen, K., Marinov, D., and Agha, G. CUTE: a concolic unit testing engine for C. In European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) (2005). Google ScholarDigital Library
- Sridharan, M., Artzi, S., Pistoia, M., Guarnieri, S., Tripp, O., and Berg, R. F4F: taint analysis of framework-based Web applications. In ACM International Conference on Object Oriented Programming Systems, Languages and Applications (OOPSLA) (2011). Google ScholarDigital Library
- Tillmann, N., and De Halleux, J. PEX: white box test generation for .net. In International Conference on Tests and Proofs (TAP) (2008). Google ScholarDigital Library
- Tripp, O., Pistoia, M., Fink, S. J., Sridharan, M., and Weisman, O. TAJ: effective taint analysis of Web applications. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2009). Google ScholarDigital Library
Index Terms
- SymJS: automatic symbolic testing of JavaScript web applications
Recommendations
Symbolic Execution for JavaScript
PPDP '18: Proceedings of the 20th International Symposium on Principles and Practice of Declarative ProgrammingWe present a framework for trustworthy symbolic execution of JavaScripts programs, whose aim is to assist developers in the testing of their code: the developer writes symbolic tests for which the framework provides concrete counter-models. We create ...
A framework for automated testing of javascript web applications
ICSE '11: Proceedings of the 33rd International Conference on Software EngineeringCurrent practice in testing JavaScript web applications requires manual construction of test cases, which is difficult and tedious. We present a framework for feedback-directed automated test generation for JavaScript in which execution is monitored to ...
Automated Acceptance Testing of JavaScript Web Applications
WCRE '12: Proceedings of the 2012 19th Working Conference on Reverse EngineeringAcceptance testing is an important part of software development and it is performed to ensure that a system delivers its required functionalities. Today, most modern interactive web applications are designed using Web 2.0 technologies, many among them ...
Comments