Web Application Testing Using Deep Reinforcement Learning

Document Type : Original Article

Authors

1 Department of Computer Engineering, Yazd University, Yazd, Iran.

2 Department of Computer Science, New York Institute of Technology, Vancouver, BC, Canada.

Abstract

Web applications (apps) are integral to our daily lives. Before users can use web apps, testing must be conducted to ensure their reliability. There are various approaches for testing web apps. However, they still require improvement. In fact, they struggle to achieve high coverage of web app functionalities. On the one hand, web apps typically have an extensive state space, which makes testing all states inefficient and time-consuming. On the other hand, specific sequences of actions are required to access certain functionalities. Therefore, the optimal testing strategy extremely depends on the app’s features. Reinforcement Learning (RL) is a machine learning technique that learns the optimal strategy to solve a task through trial-and-error rather than explicit supervision, guided by positive or negative reward. Deep RL extends RL, and exploits the learning capabilities of neural networks. These features make Deep RL suitable for testing complex state spaces, such as those found in web apps. However, modern approaches support fundamental RL. We have proposed WeDeep, a Deep RL testing approach for web apps. We evaluated our method using seven open-source web apps. Results from experiments prove it has higher code coverage and fault detection than other existing methods

Keywords

References

[1]  “World Internet Users Statistics and 2023 World Population Stats.” https://www.internetworldstats.com/stats.htm (accessed Feb. 03, 2023).
[2] “What is the Document Object Model?” https://www.w3.org/TR/WD-DOM/introduction.html (accessed Jan. 05, 2023).
[3] A. Mesbah, A. van Deursen, and S. Lenselink, “Crawling Ajax-Based Web Applications through Dynamic Analysis of User Interface State Changes,” ACM Trans. Web, vol. 6, no. 1, Mar. 2012, doi: 10.1145/2109205.2109208.
[4] A. Mesbah, A. van Deursen, and D. Roest, “Invariant-Based Automatic Testing of Modern Web Applications,” IEEE Trans. Softw. Eng., vol. 38, no. 1, pp. 35–53, Jan. 2012, doi: 10.1109/TSE.2011.28.
[5] M. Biagiola, F. Ricca, and P. Tonella, “Search Based Path and Input Data Generation for Web Application Testing,” in Search Based Software Engineering, T. Menzies and J. Petke, Eds., Cham: Springer International Publishing, 2017, pp. 18–32.
[6] M. Biagiola, A. Stocco, F. Ricca, and P. Tonella, “Diversity-based Web Test Generation,” in Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, in ESEC/FSE 2019. New York, NY, USA: ACM, 2019, pp. 142–153. doi: 10.1145/3338906.3338970.
[7] Y. Zheng et al., “Automatic Web Testing Using Curiosity-Driven Reinforcement Learning,” in Proceedings of the 43rd International Conference on Software Engineering, in ICSE ’21. IEEE Press, 2021, pp. 423–435. doi: 10.1109/ICSE43902.2021.00048.
[8] A. van Deursen, A. Mesbah, and A. Nederlof, “Crawl-based analysis of web applications: Prospects and challenges,” Sci. Comput. Program., vol. 97, pp. 173–180, 2015, doi: https://doi.org/10.1016/j.scico.2014.09.005.
[9] R. S. Sutton and A. G. Barto, Reinforcement Learning: An Introduction. Cambridge, MA, USA: A Bradford Book, 2018.
[10] V. Mnih et al., “Playing Atari with Deep Reinforcement Learning,” CoRR, vol. abs/1312.5, 2013, [Online]. Available: http://arxiv.org/abs/1312.5602
[11] K. Arulkumaran, M. P. Deisenroth, M. Brundage, and A. A. Bharath, “Deep Reinforcement Learning: A Brief Survey,” IEEE Signal Process. Mag., vol. 34, no. 6, pp. 26–38, Nov. 2017, doi: 10.1109/MSP.2017.2743240.
[12] مریم عسگری عراقی، وحید رافع و اکرم کلائی، «تولید مورد آزمون مبتنی بر مدل از توصیفات تبدیل گراف با استفاده از الگوریتم جستجوی پرتو»، مجله مهندسی برق دانشگاه تبریز، جلد ۴۹، شماره ۱، صفحات ۳۵۶-۳۴۳، ۱۳۹۸.
[13] مجتبی وحیدی اصل، محمدرضا دهقانی تفتی و علیرضا خلیلیان، «رویکردی جدید مبتنی‌بر سنجه‌های نرم‌افزاری جهت افزایش سودمندی آزمون بازگشت»، مجله مهندسی برق دانشگاه تبریز، جلد ۵۰، شماره ۱، صفحات ۴۷۶-۴۶۳، ۱۳۹۹.
[14] “Claroline.” https://sourceforge.net/projects/claroline/ (accessed Sep. 15, 2022).
[15] C. J. C. H. Watkins and P. Dayan, “Q-learning,” Mach. Learn., vol. 8, no. 3, pp. 279–292, 1992, doi: 10.1007/BF00992698.
[16] R. Bellman, “On the Theory of Dynamic Programming,” Proc. Natl. Acad. Sci., vol. 38, no. 8, pp. 716–719, 1952, doi: 10.1073/pnas.38.8.716.
[17] T. Y. Chen, H. Leung, and I. K. Mak, “Adaptive Random Testing,” in Advances in Computer Science - ASIAN 2004. Higher-Level Decision Making, M. J. Maher, Ed., Berlin, Heidelberg: Springer Berlin Heidelberg, 2005, pp. 320–329.
[18] S. Sherin, A. Muqeet, M. U. Khan, and M. Z. Iqbal, “QExplore: An exploration strategy for dynamic web applications using guided search,” J. Syst. Softw., p. 111512, 2022, doi: https://doi.org/10.1016/j.jss.2022.111512.
[19] “The Input element - HTML.” https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input (accessed Feb. 12, 2023).
[20] L. Mariani, M. Pezzè, O. Riganelli, and M. Santoro, “Automatic Testing of GUI-Based Applications,” Softw. Test. Verif. Reliab., vol. 24, no. 5, pp. 341–366, Aug. 2014, doi: 10.1002/stvr.1538.
[21] A. D. Tijsma, M. M. Drugan, and M. A. Wiering, “Comparing exploration strategies for Q-learning in random stochastic mazes,” in 2016 IEEE Symposium Series on Computational Intelligence (SSCI), Dec. 2016, pp. 1–8. doi: 10.1109/SSCI.2016.7849366.
[22] “Selenium.” https://www.selenium.dev/ (accessed Jan. 11, 2022).
[23] “Keras: Deep Learning for humans.” https://keras.io/ (accessed Feb. 28, 2022).
[24] “Attendance Management System.” https://code-projects.org/attendance-management-system-using-php-source-code/ (accessed Sep. 22, 2022).
[25] “Patient Record Management System.” https://code-projects.org/patient-record-management-system-in-php-with-source-code/ (accessed Sep. 22, 2022).
[26] “Bus Booking System.” https://code-projects.org/bus-booking-system-in-php-with-source-code/ (accessed Sep. 23, 2022).
[27] “Addressbook.” https://sourceforge.net/projects/php-addressbook/ (accessed Sep. 15, 2022).
[28] “Timeclock.” https://sourceforge.net/projects/timeclock/ (accessed Sep. 16, 2022).
[29] “dimeshift.” https://github.com/jeka-kiselyov/dimeshift (accessed Sep. 04, 2022).
[30] R. Gopinath, C. Jensen, and A. Groce, “Code Coverage for Suite Evaluation by Developers,” in Proceedings of the 36th International Conference on Software Engineering, in ICSE 2014. New York, NY, USA: Association for Computing Machinery, 2014, pp. 72–82. doi: 10.1145/2568225.2568278.
[31] Y. Jia and M. Harman, “An Analysis and Survey of the Development of Mutation Testing,” IEEE Trans. Softw. Eng., vol. 37, no. 5, pp. 649–678, 2011, doi: 10.1109/TSE.2010.62.
[32] J. H. Andrews, L. C. Briand, and Y. Labiche, “Is Mutation an Appropriate Tool for Testing Experiments?,” in Proceedings of the 27th International Conference on Software Engineering, in ICSE ’05. New York, NY, USA: Association for Computing Machinery, 2005, pp. 402–411. doi: 10.1145/1062455.1062530.
[33] J. H. Andrews, L. C. Briand, Y. Labiche, and A. S. Namin, “Using Mutation Analysis for Assessing and Comparing Testing Coverage Criteria,” IEEE Trans. Softw. Eng., vol. 32, no. 8, pp. 608–624, Aug. 2006, doi: 10.1109/TSE.2006.83.
[34] S. Mirshokraie, A. Mesbah, and K. Pattabiraman, “Guided Mutation Testing for JavaScript Web Applications,” IEEE Trans. Softw. Eng., vol. 41, no. 5, pp. 429–444, May 2015, doi: 10.1109/TSE.2014.2371458.
[35] S. Sherin, M. Z. Iqbal, M. U. Khan, and A. A. Jilani, “Comparing coverage criteria for dynamic web application: An empirical evaluation,” Comput. Stand. Interfaces, p. 103467, 2020, doi: https://doi.org/10.1016/j.csi.2020.103467.

Files

Share

How to cite

Statistics