Execution Fault Localization in Large Dynamic Web Application Using Randomized Input Generation

International Journal of Computer Science (IJCS) Published by SK Research Group of Companies (SKRGC).

Abstract

In today's online oriented environment, localization of dynamic faults has become a major role in web application development. This paper describes the novel framework named as Pin Down, an automated root cause analysis of dynamically generated web pages. Execution fault localization in dynamic web application is a prominent problem of finding root location that causes failure in which source code changes need to be made in order to fix predicted faults. Execution faults are web application error that causes incorrect functionality to the dynamic web application that also called as execution bugs. The dynamic execution nature of the web application separates the source cause of an execution bug by various fault localization techniques. To identify execution faults in dynamic web applications, some fault localization algorithms improved by using source mapping and extended domain for conditional and functional call statements, but it did not focus on server side vulnerability. This study presents a randomized input generation technique for dynamic web application to check whether the web page is vulnerable to SQL injection or not. An automated random input generation is constructed for all executable statements in source code to determine the execution failures, such as missing include file, incorrect SQL query and uncaught exception of the corresponding statement. In addition, the framework used to determine the HTML failures such as generated HTML page is not syntactically correct according to an HTML validator by checking appropriate tags with closing tags using parsing the DOM tree. Other than execution and HTML failure novel framework Pin Down used to locate execution failures caused by deprecated language constructs that are all produce obstructive exception and error message during execution. Final result shows that code coverage improved from 95% to 100% were the result indicates 100% code covered is a reliable indicator of the effectiveness of a test case.

References

[1] S. Artzi, “Fault localization for dynamic web applications,” J. Dolby, F.Tip, M. Pistoia., IEEE Transl, vol. 38, no 2, [March or April 2012], pp.314–335

[2] C.P.Shabariram, “Fault Localization for Dynamic Web Application : A Survey on Recent Developements.” International conference on Knowledge Collaboration in Engineering [2014].

[3] R. Abreu, “An evaluation of Similarity Coefficient for software fault localization,” P. Zoeteweij, A. J. C. Vangemund., International symposium on dependable computing[2006], pp.39–46.

[4] R. Abreu, “On the accuracy of spectrum based fault localization,” P. Zoeteweij, A. J. C. Vangemund., Conference, [sept 2007 ], pp89–98.

[5] H.Agrawal, “Fault localization using execuion slice and dataflow tests,” J. R. Horgan, S. London, W.E. Wong., International symposium on software reliability engineering[1995], pp.143–151.

[6] C. Cadar, “EXE: Automatically generating the inputs of death,” V. Ganesh, P. M. Pawlowski, D. L. Dill, D. R. Engler., Conference on computer and communication[2006].

[7] P.Godefroid, “DART: Directed automated Random testing,” N. Klarlund, K.Sen., Conference on programming language design and Implementation[2005].

[8] S.Horwitz, “Interprocedural slicing using dependence graph,” T. Reps, D. Binkly., ACM Trans on programming languages and system [1990].

[9] J. Lyle, “Automated Bug localization by program slicing,” M. Weiser., Second International conference on computer and applications[1987].

[10] S. Artzi, “Directed test generation for effective fault localization,” J. Dolby, F.Tip, M. Pistoia., International symposium on software testing and analysis[2010].

[11] S. Artzi, “Practical fault localization for dynamic web applications,” J. Dolby, F.Tip, M. Pistoia., International conference on software engineering[2010].

[12] S. Artzi, “Finding bugs in web application using dynamic test generation and explicit state model checking,” J. Dolby, F.Tip, M. D. Ernst, A. Kiezun, D. Dig, A. Paradkar., IEEE Transl on software engineering, vol. 38, no 2, [march or april 2010], pp.274–294.

[13] P. Arumuga nainar, “Statistical debugging using compund boolean predicates,” T. Chen, T. Rosin, B. Libit., International symposium on software testing and analysis[July 2007].

[14] S. Artzi, “A framework for automated testing java script web applications,” J. Dolby, F.Tip, A. Mollor, S. Jensen., International conference on software engineering[2010].

[15] B. Baudry, “ Improving test suites for efficient fault localization,” International conference on software engineering[2006].

[16] Y. Yu, “An emprical study of the effects of test suite reduction on fault localization,” International conference on software engineering[2008].

[17] C.P.Shabariram et al, “Novel Dynamic Fault Localization for Server side Vulnerabilities.” International conference on Global Innovations in computing Technology [2014].

[18] C.P.Shabariram et al, “Pin Down : Fault Localization in Large Dynamic Web Application.” International conference on Knowledge Collaboration in Engineering [2014].

[19] M. Y. Chen et al, “ Pinpoint: Problem determination in large,dynamic internet services. In Proc. DSN?02, pp. 595– 604, Washington, DC, USA,[2002].

[20] J. A.Jones et al, “Visualization of test information to assist fault localization. In Proc. ICSE?02, pp. 467–477. [2002].

[21] V. Dallmeier et al, “ Lightweight defect localization for Java. In Proc. ECOOP?05, UK, [2005].

Keywords

Pin Down, Fault Localization, Bug, Random input generation, dynamic web application, SQL Injection, Execution failure, HTML failure, HTML validator, DOM tree.