Michael Linschulte

Event-driven modeling and testing of real-time web services

A service-oriented architecture (SOA) for web applications is often implemented using web services (WSs) and consists of different operations the executions of which are perceived as events. The order and time-appropriateness of occurrences of these events play a vital role for the proper functioning of a real-time SOA. This paper presents an event-based approach to modeling and testing of functional behavior of WSs by event sequence graphs (ESG). Nodes of an ESG represent events, e.g., “request” or “response”, and arcs give the sequence of these events. For representing parameter values, e.g., for time-out of operation calls, ESG are augmented by decision tables. A case study carried out on a commercial web system with SOA validates the approach and analyzes its characteristic issues. The novelty of the approach stems from (i) its simplicity and lucidity in representing complex real-time web applications based on WSs in SOA, and (ii) its modeling that considers also testing and thus enables a comfortable fault management leading to a holistic view.

A holistic approach to model-based testing of Web service compositions

The behavior of composed Web services depends on the results of the invoked services; unexpected behavior of one of the invoked services can threat the correct execution of an entire composition. This paper proposes an event‐based approach to black‐box testing of Web service compositions based on event sequence graphs, which are extended by facilities to deal not only with service behavior under regular circumstances (i.e., where cooperating services are working as expected) but also with their behavior in undesirable situations (i.e., where cooperating services are not working as expected). Furthermore, the approach can be used independently of artifacts (e.g., Business Process Execution Language) or type of composition (orchestration/choreography). A large case study, based on a commercial Web application, demonstrates the feasibility of the approach and analyzes its characteristics. Test generation and execution are supported by dedicated tools. Especially, the use of an enterprise service bus for test execution is noteworthy and differs from other approaches. The results of the case study encourage to suggest that the new approach has the power to detect faults systematically, performing properly even with complex and large compositions. Copyright

Event- and Coverage-Based Testing of Web Services

Service-Oriented Architecture (SOA) fosters the development of loosely coupled applications. Web services have been favored as a promising technology to implement SOAs. Since web services are often involved in complex business processes and safety-critical systems, it is important that they are of high level of reliability. In this paper a strategy for event-based testing of web services is introduced which enables a systematic test case generation for structural testing with the focus on code coverage. The novelty of the approach stems from its integration of an event-based view with a coverage-based view. This forms a combination of black- and white-box testing leading to grey-box testing. A bank service example illustrates the strategy.

Event-Based Input Validation Using Design-by-Contract Patterns

This paper proposes an approach for validation of numerical inputs based on graphical user interfaces (GUI) that are modeled and specified by event sequence graphs (ESG). For considering complex structures of input data, ESGs are augmented by decision tables and patterns of design by contract (DbC). The approach is evaluated by experiments on boundary overflows, which occur when input values violate the range of specified values. Furthermore, a tool is presented that implements our approach enabling a semi-automatically detection of boundary overflow errors and suggesting correction steps based on DbC.

GUI-Based Testing of Boundary Overflow Vulnerability

Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error(s) are detected, the source code will be analyzed to localize and correct the encountered error(s) automatically.

Model-based testing of web service compositions

The use of web services integrated in different applications, especially the composition of services, brings challenges for testing due to their complex interactions. In this paper, we propose an event-based approach to test web service compositions. The approach is based on event sequence graphs which we extend by facilities to consider the specific features of web service compositions. An enterprise service bus component supports the test case execution. A case study, based on a commercial web application, demonstrates the feasibility of the approach and analyzes its characteristics. The results of empirical work suggest that the approach is a promising candidate to reach a high level of confidence and reliability.

Fault Detection Likelihood of Test Sequence Length

Testing of graphical user interfaces is important due to its potential to reveal faults in operation and performance of the system under consideration. Most existing test approaches generate test cases as sequences of events of different length. The cost of the test process depends on the number and total length of those test sequences. One of the problems to be encountered is the determination of the test sequence length. Widely accepted hypothesis is that the longer the test sequences, the higher the chances to detect faults. However, there is no evidence that an increase of the test sequence length really affect the fault detection. This paper introduces a reliability theoretical approach to analyze the problem in the light of real-life case studies. Based on a reliability growth model the expected number of additional faults is predicted that will be detected when increasing the length of test sequences.

Does "Depth" Really Matter? On the Role of Model Refinement for Testing and Reliability

Model-based testing attempts to generate test cases from a model focusing on relevant aspects of a given system under consideration (SUC). When SUC becomes too large to be modeled in a single step, existing design techniques usually require a modularization of the modeling process. Thereby, the refinement process results in a decomposition of the model into several hierarchical layers. Conventional testing requires the refined components be completely replaced by these subcomponents for test case generation. Mostly, this resolution of components leads to an oversized, large model where test case generation becomes very costly, and the generated test case set is very large leading to infeasible long test execution time. To solve these problems, we present a new strategy to reduce (i) the number of test cases, and (ii) the costs of test case generation and test execution. For determining the trade-off due to this cost reduction, the reliability achieved by the new approach is compared with the reliability of the conventional approach. A case study based on a large web-based commercial system validates the approach and discusses its characteristics. We found out that the new approach could detect about 80% of the faults for about 20% of the test effort compared with the conventional approach.

Input Contract Testing of Graphical User Interfaces

User inputs are critical for the security, safety, and reliability of software systems. This paper proposes a new concept called user input contracts, which is an integral part of a design-by-contract supplemented development process, and a model-based testing approach to detect violations of user input contracts. The approach generates test cases from an input contract integrated with graph-based model of user interface specification and applies them to the system under consideration. The paper presents a proof-of-concept tool that has been developed and used to validate the approach by experiments. The experiments are conducted on a web-based system for marketing tourist services to analyze input robustness of system under consideration with respect to user input contracts.

Cost Reduction through Combining Test Sequences with Input Data

Nowadays computer applications mainly depend on input data that bear additional constraints to be considered and evaluated carefully. Very often, this invokes test sequences that describe the path to the place where input data is to be entered, e.g., while testing graphical user interactions. Model based testing allows deriving those test sequences from a model, for example, based on event sequence graphs (ESGs) where the nodes represent events. Unfortunately, combining ESG with the great variety of input data considerably inflates them with respect to the number of their nodes. To avoid this event inflation, previous work extended ESGs by decision tables to take this variety and constraints on input data into account. This paper extends the previous work and shows how to derive input data-supplemented test sequences and, at the same time, to considerably reduce effort for test generation and test execution. A case study drawn from a large commercial web portal evaluates the approach and analyzes its characteristics.