簡易檢索 / 詳目顯示

回結果列表
研究生: 陳羿勳
Yi-Hsin Chen
論文名稱: AIR Tester: 針對腳本語言與網頁應用程式之侵入式回歸測試工具
AIR Tester: Automated Intrusive Regression Testing for Script Languages and Web Applications
指導教授: 鄭永斌
Cheng, Yung-Pin
學位類別: 碩士
Master
系所名稱: 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2011
畢業學年度: 99
語文別: 中文
論文頁數: 54
中文關鍵詞: 回歸測試腳本語言網路服務程式嵌入
英文關鍵詞: regression testing, script language, web service, program instrumentation
論文種類: 學術論文
相關次數: 點閱:113下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 在各種網頁應用程式與服務(以下簡稱網路服務)普及化的同時,網路服務的安全與穩定成為新的議題。網路服務經常被新增或修改功能,在這些修改過程中,可能會更動到之前的程式碼,造成新的安全性問題而未發覺。為了避免此類問題,在開發過程中導入回歸測試(Regression Testing)是常見的解決方案。
    然而傳統式的網路服務回歸測試只會模擬使用者輸入,並檢查網頁上輸出的資訊;對於許多網路服務而言,僅檢查輸出資訊將可能遺漏許多有用的資訊,包括:SESSION、COOKIE記錄、POST信息,或其他不會輸出在網頁上的資訊。若在這些資訊中發生錯誤,將很可能被忽略,這對於網路服務的安全性將無法達到有效的改善。
    為了解決上述網路服務安全性的問題,本研究開發了一套針對網路服務的回歸測試工具,利用自動化分析的方式來進行程式嵌入(Program Instrumentation),減輕開發人員或測試人員的負擔。

    While web services become more and more popular nowadays, the security issues and the stability of the web services have been taken more seriously. Since web services can be modified often, new bugs might be created in the changes and hence causing some new security problems. To avoid the issue stated above, the common way is to use regression testing to ensure that stable features have not been broken by the changes.
    However, conventional regression testing can be ineffective in addressing the problems, since the technique mostly depends on simulating user input and checking the output data shown on the web pages. Lots of useful information such as browser sessions, cookies, or http post data which could not be outputted on the pages could not be verified. Therefore if there is an error occurs below the “surface”, it is likely to be ignored.
    To solve the problem, we develop a regression testing tool called “AIR Tester” for web applications. Not only it analyzes the source files of the web applications automatically, but it is able to access all information in the web application through “program instrumentation”. The goal of this tool is to increase the power of test regression so that hidden errors can be revealed.

    摘要 i ABSTRACT ii 目錄 iii 附圖目錄 v 附表目錄 vi 第一章 緒論 1 1.1 研究動機 1 1.2 研究目標 2 1.3 論文架構 4 第二章 研究背景 5 2.1 軟體測試 5 2.2 回歸測試 6 2.3 程式嵌入 6 2.4 回歸測試的學術研究 7 2.5 回歸測試在開源軟體或商業化的應用 8 2.6 相關研究 8 2.7 相關工具比較 13 第三章 系統操作流程 15 3.1 系統流程概觀 15 3.1.1 觀測點嵌入 15 3.1.2 錄製階段 16 3.1.3 驗證階段 17 3.2 專案定義與專案設定 18 3.3 腳本分析(靜態) 19 3.4 測試案例錄製 21 3.5 測試案例列表 23 3.6 腳本分析(動態) 24 3.7 測試案例重播與驗證 26 第四章 系統架構 28 4.1 傳統回歸測試工具的問題 28 4.2 系統架構概觀 29 4.3 運行模式 30 4.3.1 腳本分析模式 31 4.3.2 錄製模式 32 4.3.3 驗證模式 34 4.4 動態分析器、播放器與驗證器 35 4.5 腳本語言套件 36 4.6 專案保存與同步 40 第五章 案例探討與評估 42 5.1 系統驗證 42 5.2 系統比較 45 第六章 結論與未來展望 47 6.1 結論 47 6.2 未來研究方向及應用 48 參考文獻 50

    [1] Eric S. Raymond “ESR”, “How To Become A Hacker”, 2011
    http://www.catb.org/~esr/faqs/hacker-howto.html
    [2] Eric S. Raymond “ESR”, Ken LEE譯, “如何成為駭客”, 1999
    http://www.angelfire.com/ok/leekawo/hacker.htm
    [3] Alessandro Orso, Nanjuan Shi, and Mary Jean Harrold, “Scaling regression testing to large software systems” in SIGSOFT’04/FSE-12, Oct. 31-Nov. 6, 2004, Newport Beach, CA, USA
    [4] Harry M. Sneed, “Testing a Web Application”, in Proc. Sixth IEEE international Workshop on Web Site Evolution (WSE’04)
    [5] Nancy J. Wahl, “An overview of regression testing” in ACM SIGSOFT Software Engineering Notes vol 24 no 1, January 1999 Page 69
    [6] Gerard Meszaros, “Agile Regression Testing Using Record & Playback” in OOPSLA 2003, Oct 26-30, Anaheim, California
    [7] Atif M. Memon and Mary Lou Soffa, “Regression Testing of GUIs” in ESEC/FSE’03, Sep. 1-5, 2003, Helsinki, Finland
    [8] Marnie L. Hutcheson, “Software Testing Fundamentals: Methods and Metrics”, John Wiley & Sons, Inc. New York, NY, USA, 2003, ISBN:047143020X
    [9] Stephen R. Schach, “Testing: principles and practice” in Computing Surveys (CSUR), Volume 28 Issue 1, Mar. 1996
    [10] Peter J. D. Matthews, “When to White Box Test” in ACM SIGSOFT Software Engineering Notes, Volume 17 Issue 1, Jan. 1992
    [11] Frederick P Brooks Jr., “The Mythical Man-Month”, Addison-Wesley, 1975, ISBN: 0201006502
    [12] Frederick P Brooks Jr., “The Mythical Man-Month”, Page 122
    [13] nihitk, “Pesticide Paradox”, 2004
    http://blogs.msdn.com/b/nihitk/archive/2004/07/16/185836.aspx
    [14] Zhonglei Wang, Antonio Sanchez, and Andreas Herkersdorf, “SciSim: A Software Performance Estimation Framework using Source Code Instrumentation” in Proc. of the 7th international workshop on Software and performance (WOSP’08)
    [15] Marina Biberstein, Vugranam C. Sreedahar, Bilha Mendelson, Daniel Citron, and Alberto Giammaria, “Instrumenting Annotated Programs” in Proc. VEE’05 1st ACM/USENIX international conference on Virtual execution environments
    [16] Bruno Cabral, Paulo Marques, and Luís Silva, “RAIL: Code Instrumentation for .NET” in Proc. OOPSLA’04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
    [17] Heidi Pan, Krste Asanović, Robert Cohn, and Chi-Keung Luk, “Controlling Program Execution through Binary Instrumentation” in ACM SIGRACH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application, Volume 33 Issue 5, Dec. 2005
    [18] Elena Machkasova, Kevin Archelger, and Fernando Trinciante, “The Observer Effect of Profiling on Dynamic Java Optimizations” in Proc. of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications(OOPSLA’09)
    [19] Lei Xu, Baowen Xu, Zhenqiang Chen, Jixiang Jiang, and Huowang Chen, “Regression Testing for Web Applications Based on Slicing” in Proc. 27th Annual International Computer Software and Applications Conference (COMPSAC’03)
    [20] Abbas Tarhini, Hacène Fouchal, and Nashat Mansour, “Regression Testing Web Services-based Applications” in Proc. IEEE International Conference on Computer Systems and Applications (AICCSA’06)
    [21] Abbas Tarhini, Zahi Ismail, and Nashat Mansour, “Regression Testing Web Applications” in ICACTE, pp.902-906, 2008 International Conference on Advanced Computer Theory and Engineering, 2008
    [22] Lijun Mei, Zhenyu Zhang, W. K. Chan, and T. H. Tse, “Test Case Prioritization for Regression Testing of Service-Oriented Business Applications” in WWW’09, April 20-24, 2009, Madrid, Spain
    [23] Sheng Huang, Jun Zhu, and Yuan Ni, “ORTS: A Tool for Optimized Regression Testing Selection” in Proc. OOPSLA’09, 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications
    [24] Wei Jin, Alessandro Orso, and Tao Xie, “BERT: A Tool for Behavioral Regression Testing” in Proc. FSE’10 the 18th ACM SIGSOFT international symposium on Foundations of software engineering
    [25] Matthew H. Netkow, Dennis Brylow, “Xest: An Automated Framework for Regression Testing of Embedded Software” in Proc. of the 2010 Workshop on Embedded Systems Education (WESE’10)
    [26] Ana Cavalli, Stephane Maag, and Gerardo Morales, “Regression and Performance Testing of an e-learning Web Application: dotLRN” in 3rd International IEEE Conference on Signal-Image Technologies and Internet-Based System
    [27] Gregg Rothermel, Sebastian Elbaum, Alexey G. Malishevsky, Praveen Kallakuri, and Xuemei Qiu, “On Test Suite Composition and Cost-Effective Regresssion Testing” in ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 13 Issue 3, July 2004
    [28] Hyunsook Do, Siavash Mirarab, Ladan Tahvildari, and Gregg Rothermel, “An Empirical Study of The Effect of Time Constraints on The Cost-Benefits of Regression Testing” in Proc. of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering (SIGSOFT’08/FSE-16)
    [29] Atif M. Memon, “Automatically Repairing Event Sequence-Based GUI Testing Suites for Regression Testing” in ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 18 Issue 2, November 2008
    [30] IBM Rational Functional Tester
    http://www-01.ibm.com/software/awdtools/tester/functional/
    [31] HP WinRunner
    https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-15-24^1322_4000_100__
    [32] HP QuickTest
    https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-127-24^1352_4000_314__
    [33] Automation Anywhere: Testing Anywhere
    http://www.automationanywhere.com/Testing/
    [34] phpautotest
    http://phpautotest.sourceforge.net/
    [35] Web Corder
    http://www.crimsonsolutions.co.uk/
    [36] David N. Gray, John Hotchkiss, Seth LaForge, Andrew Shalit, and Toby Weinberg, “Modern Languages and Microsoft’s Component Object Model” in magazine Communications of the ACM Volume 41 Issue 5, May 1998
    [37] David Chappell, “Understanding ActiveX and OLE: A Guide for Developers and Managers”, Microsoft Press, 1996, ISBN: 1572312165
    [38] SeleniumHQ: Selenium
    http://seleniumhq.org/
    [39] Alexander Sirotkin, “Web Application Testing with Selenium” in Linux Journal Volume 2010 Issue 192, April 2010
    [40] Vidar Kongsli, “Security Testing with Selenium” in Proc. OOPSLA’07 Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion.
    [41] PHPUnit
    https://github.com/sebastianbergmann/phpunit/
    [42] SeleniumHQ: Selenium RC
    http://seleniumhq.org/docs/05_selenium_rc.html
    [43] Quality First Software: web2test
    http://www.qfs.de/
    [44] VERISIUM: vTest
    http://www.verisium.com/products/vTest/
    [45] HttpUnit
    http://httpunit.sourceforge.net/
    [46] Symbio Team Lite
    http://www.symbioware.com/
    [47] Microsoft: Internet Information Services
    http://www.iis.net/
    [48] Apache Software Foundation: Apache Web Server
    http://www.apache.org

    下載圖示
    QR CODE