Lidé

Ing. Karel Frajták, Ph.D.

Všechny publikace

Visualizing Anti-Patterns in Microservices at Runtime: A Systematic Mapping Study

  • Autoři: Parker, G., Kim, S., Maruf, A.A., Cerny, T., Ing. Karel Frajták, Ph.D., Tisnovsky, P., Taibi, D.
  • Publikace: IEEE Access. 2023, 11 4434-4442. ISSN 2169-3536.
  • Rok: 2023
  • DOI: 10.1109/ACCESS.2023.3236165
  • Odkaz: https://doi.org/10.1109/ACCESS.2023.3236165
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    In the world of microservices, companies must be able to create systems that operate in the most efficient way. To achieve this, anti-patterns must be avoided because of their detriment to the quality of the system. Some of the most troubling anti-patterns are hard to detect because of their appearance at runtime. Effectively removing anti-patterns from a system requires dynamic analysis because of the large size of microservice-based systems. While the detection of anti-patterns is helpful, being able to visualize them offers a great benefit to companies working with microservices. Seeing how the overall system is flowing and recognizing the existence of anti-patterns can help improve microservice-based systems. In this paper, a systematic mapping study was performed to find the current state of research on visualizing anti-patterns in microservices from the dynamic perspective. Several hundred papers were examined and a total of 31 were found to be relevant to the research topic. The papers, when analyzed, revealed that there are mechanisms to detect anti-patterns at runtime in microservices, and there are also mechanisms for visualizing the architecture of a microservice-based system. This study's findings could help to identify and remove anti-patterns that occur during runtime in microservices, as well as a means of visualizing these anti-patterns.

An Innovative E-Learning Support for Modern History Distance Learning and the Experience during the COVID-19 Lockdown

  • DOI: 10.3390/su14063631
  • Odkaz: https://doi.org/10.3390/su14063631
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Inquiry-based education in the field of history using modern multimedia and communication technologies has been the subject of several previous studies. However, much less work exists to analyse the unique situation of distance learning, which has been broadly implemented to satisfy lockdown restrictions during the current COVID-19 pandemic. This paper presents an overview of the HistoryLab project, which uses various types of multimedia and communication technology to support an interactive education of modern history and encourage an engagement in historical thinking amongst students. This project was successfully employed in recent distance teaching measures enforced under the COVID-19 lockdown in Czechia, so we report on this experience and the lessons learned, useful for the educational community, in this study.

Analyzing Technical Debt by Mapping Production Logs with Source Code

  • Autoři: Das, D., Islam, R., Kim, S., Cerny, T., Ing. Karel Frajták, Ph.D., doc. Ing. Miroslav Bureš, Ph.D., Tisnovsky, P.
  • Publikace: The Recent Advances in Transdisciplinary Data Science. Basel: Springer Nature Switzerland AG, 2022. p. 200-212. ISSN 1865-0929. ISBN 978-3-031-23386-9.
  • Rok: 2022
  • DOI: 10.1007/978-3-031-23387-6_15
  • Odkaz: https://doi.org/10.1007/978-3-031-23387-6_15
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Poor coding practices, bad design decisions, and expedited software delivery can introduce technical debt. As software grows, manual detection and management of technical debt become increasingly difficult. To address these problems, recent research offers a variety of approaches for automating the process of recognizing and managing technical debt. Unfortunately, current strategies for measuring technical debt depend on static standards that fail to acknowledge software usage patterns in production. In this paper, we utilized existing tools to identify technical debt using static code analysis and then employed production log analysis to rank these debts dynamically.

On Persistent Implications of E2E Testing

  • Autoři: Ing. Karel Frajták, Ph.D., Černý, T.
  • Publikace: Enterprise Information Systems. Basel: Springer Nature Switzerland AG, 2022. p. 326-338. ISSN 1865-1348. ISBN 978-3-031-08964-0.
  • Rok: 2022
  • DOI: 10.1007/978-3-031-08965-7_16
  • Odkaz: https://doi.org/10.1007/978-3-031-08965-7_16
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    An emerging paradigm of reactive systems architecture comes with important implications on software testing. Despite community interests in running effective end-to-end (E2E) tests on reactive systems, little work has considered the implications of tests that modify the database. We propose a framework to the group and orchestrate E2E tests based on data qualities across a series of parallel containerized application instances. The framework is designed to run completely independent tests in parallel while being mindful of resource costs. We present a conceptual version of the framework and discuss database implications for this type of software testing.

Selected Code-Quality Characteristics and Metrics for Internet of Things Systems

  • DOI: 10.1109/ACCESS.2022.3170475
  • Odkaz: https://doi.org/10.1109/ACCESS.2022.3170475
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Software code is present on multiple levels within current Internet of Things (IoT) systems. The quality of this code impacts system reliability, safety, maintainability, and other quality aspects. In this paper, we provide a comprehensive overview of code quality-related metrics, specifically revised for the context of IoT systems. These metrics are divided into main code quality categories: Size, redundancy, complexity, coupling, unit test coverage and effectiveness, cohesion, code readability, security, and code heterogeneity. The metrics are then linked to selected general quality characteristics from the ISO/IEC 25010:2011 standard by their possible impact on the quality and reliability of an IoT system, the principal layer of the system, the code levels and the main phases of the project to which they are relevant. This analysis is followed by a discussion of code smells and their relation to the presented metrics. The overview presented in the paper is the result of a thorough analysis and discussion of the author's team with the involvement of external subject-matter experts in which a defined decision algorithm was followed. The primary result of the paper is an overview of the metrics accompanied by applicability notes related to the quality characteristics, the system layer, the level of the code, and the phase of the IoT project.

On Log Analysis and Stack Trace Use to Improve Program Slicing

  • Autoři: Bushong, V., Curtis, J., Sanders, R., Du, M., Černý, T., Ing. Karel Frajták, Ph.D., Tisnovsky, P., Shin, D.
  • Publikace: Information Science and Applications - Proceedings of ICISA 2020. Berlin: Springer Science+Business Media, 2021. p. 265-275. vol. 739. ISSN 1876-1100. ISBN 9789813363847.
  • Rok: 2021
  • DOI: 10.1007/978-981-33-6385-4_25
  • Odkaz: https://doi.org/10.1007/978-981-33-6385-4_25
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Program slicing is a common technique to help reconstruct the path of execution a program has taken. It is beneficial for assisting developers in debugging their programs, but its usefulness depends on the slice accuracy that can be achieved, which is limited by the sources of information used in building the slice. In this paper, we demonstrate that two sources of information, namely program logs, and stack traces, previously used in isolation to build program slices, can be combined to build a program slicer capable of handling more scenarios than either method individually. We also demonstrate a sample application of our proposed slicing approach by showing how our slicer can deduce integer inputs that will recreate the detected error’s execution path.

On Microservice Analysis and Architecture Evolution: A Systematic Mapping Study

  • DOI: 10.3390/app11177856
  • Odkaz: https://doi.org/10.3390/app11177856
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Microservice architecture has become the leading design for cloud-native systems. The highly decentralized approach to software development consists of relatively independent services, which provides benefits such as faster deployment cycles, better scalability, and good separation of concerns among services. With this new architecture, one can naturally expect a broad range of advancements and simplifications over legacy systems. However, microservice system design remains challenging, as it is still difficult for engineers to understand the system module boundaries. Thus, understanding and explaining the microservice systems might not be as easy as initially thought. This study aims to classify recently published approaches and techniques to analyze microservice systems. It also looks at the evolutionary perspective of such systems and their analysis. Furthermore, the identified approaches target various challenges and goals, which this study analyzed. Thus, it provides the reader with a roadmap to the discipline, tools, techniques, and open challenges for future work. It provides a guide towards choices when aiming for analyzing cloud-native systems. The results indicate five analytical approaches commonly used in the literature, possibly in combination, towards problems classified into seven categories.

Technical Debt Resulting from Architectural Degradation and Code Smells: A Systematic Mapping Study

  • DOI: 10.1145/3512753.3512755
  • Odkaz: https://doi.org/10.1145/3512753.3512755
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Poor design choices, bad coding practices, or the need to produce software quickly can stand behind technical debt. Unfortunately, manually identifying and managing technical debt gets more difficult as the software matures. Recent research offers various techniques to automate the process of detecting and managing technical debt to address these challenges. This manuscript presents a mapping study of the many aspects of technical debt that have been discovered in this field of study. This includes looking at the various forms of technical debt, as well as detection methods, the financial implications, and mitigation strategies. The findings and outcomes of this study are applicable to a wide range of software development life-cycle decisions.

A Comprehensive View on Quality Characteristics of the IoT Solutions

  • Autoři: doc. Ing. Miroslav Bureš, Ph.D., Bellekens, X., Ing. Karel Frajták, Ph.D., Al-Beywanee, B.
  • Publikace: Proceedings of 3rd EAI International Conference on IoT in Urban Space. Cham: Springer International Publishing, 2020. p. 59-69. ISSN 2522-8609. ISBN 978-3-030-28925-6.
  • Rok: 2020
  • DOI: 10.1007/978-3-030-28925-6_6
  • Odkaz: https://doi.org/10.1007/978-3-030-28925-6_6
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Categorization of quality characteristics helps in a more effective structuring of the testing process and in the determination of properties, which can be verified in the system under test. In the emerging area of Internet of Things (IoT) systems, several individual attempts have been made to summarize these aspects, but the previous work is rather heterogenic and focuses on specific subareas. Hence, we consolidated the quality characteristics into one unified view, which specifically emphasizes the aspects of security, privacy, reliability, and usability, as these aspects are often quoted as major challenges in the quality of contemporary IoT systems. The consolidated view also covers other areas of system quality, which are relevant for IoT system testing and quality assurance. In the paper, we also discuss relevant synonyms of particular quality characteristics as presented in the literature or being used in the current industry praxis. The consolidated view uses two levels of characteristics to maintain a suitable level of granularity and specificity in the discussed quality characteristics.

Failure Prediction by Utilizing Log Analysis: A Systematic Mapping Study

  • Autoři: Das, D., Schiewe, M., Brighton, E., Fuller, M., Černý, T., doc. Ing. Miroslav Bureš, Ph.D., Ing. Karel Frajták, Ph.D., Shin, H., Tišnovský, P.
  • Publikace: Proceedings of the International Conference on Research in Adaptive and Convergent Systems. New York: ACM, 2020. p. 188-195. ISSN 2153-1633. ISBN 978-1-4503-8025-6.
  • Rok: 2020
  • DOI: 10.1145/3400286.3418263
  • Odkaz: https://doi.org/10.1145/3400286.3418263
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    In modern computing, log files provide a wealth of information regarding the past of a system, including the system failures and security breaches that cost companies and developers a fortune in both time and money. While this information can be used to attempt to recover from a problem, such an approach merely mitigates the damage that has already been done. Detecting problems, however, is not the only information that can be gathered from log files. It is common knowledge that segments of log files, if analyzed correctly, can yield a good idea of what the system is likely going to do next in real-time, allowing a system to take corrective action before any negative actions occur. In this paper, the authors put forth a systematic map of this field of log prediction, screening several hundred papers and finally narrowing down the field to approximately 30 relevant papers. These papers, when broken down, give a good idea of the state of the art, methodologies employed, and future challenges that still must be overcome. Findings and conclusions of this study can be applied to a variety of software systems and components, including classical software systems, as well as software parts of control, or the Internet of Things (IoT) systems.

Mapping Study on Constraint Consistency Checking in Distributed Enterprise Systems

  • Autoři: Cerny, T., Walker, A., Svacina, J., Bushong, V., Das, D., Ing. Karel Frajták, Ph.D., doc. Ing. Miroslav Bureš, Ph.D., Tisnovsky, P.
  • Publikace: Proceedings of the International Conference on Research in Adaptive and Convergent Systems. New York: ACM, 2020. p. 167-174. ISSN 2153-1633. ISBN 978-1-4503-8025-6.
  • Rok: 2020
  • DOI: 10.1145/3400286.3418257
  • Odkaz: https://doi.org/10.1145/3400286.3418257
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Constraint consistency errors in distributed systems can lead to fatal consequences when left unobserved and undetected. The primary goal of quality engineers should be to avoid system inconsistencies in general. However, it is typically a much more straight forward process in monolith-like systems with one codebase than in distributed solutions where heterogeneity occurs across modules. In this paper, we raise the research question of what is the existing state-of-the-art and research literature practice when it comes to consistency checking in distributed systems. We conducted a systematic search for existing work and assess the evidence to categorize the approaches and to identify used techniques. Identified works offer interesting directions and achievements. Often the works share tool prototypes and instruments to build on the top of when performing further research in this direction and we share them in this paper. Finally, we discuss open challenges and gaps in this field to promote the interest of the research audience.

On Code Analysis Opportunities and Challenges for Enterprise Systems and Microservices

  • DOI: 10.1109/ACCESS.2020.3019985
  • Odkaz: https://doi.org/10.1109/ACCESS.2020.3019985
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Code analysis brings excellent benefits to software development, maintenance, and quality assurance. Various tools can uncover code defects or even software bugs in a range of seconds. For many projects and developers, the code analysis tools became essential in their daily routines. However, how can code analysis help in an enterprise environment? Enterprise software solutions grow in scale and complexity. These solutions no longer involve only plain objects and basic language constructs but operate with various components and mechanisms simplifying the development of such systems. Enterprise software vendors have adopted various development and design standards; however, there is a gap between what constructs the enterprise frameworks use and what current code analysis tools recognize. This manuscript aims to challenge the mainstream research directions of code analysis and motivate for a transition towards code analysis of enterprise systems with interesting problems and opportunities. In particular, this manuscript addresses selected enterprise problems apparent for monolithic and distributed enterprise solutions. It also considers challenges related to the recent architectural push towards a microservice architecture. Along with open-source proof-of-concept prototypes to some of the challenges, this manuscript elaborates on code analysis directions and their categorization. Furthermore, it suggests one possible perspective of the problem area using aspect-oriented programming.

On Matching Log Analysis to Source Code: A Systematic Mapping Study

  • Autoři: Bushong, V., Russell, S., Curtis, J., Du, M., Černý, T., Ing. Karel Frajták, Ph.D., doc. Ing. Miroslav Bureš, Ph.D., Tisnovský, P., Shin, D.
  • Publikace: Proceedings of the International Conference on Research in Adaptive and Convergent Systems. New York: ACM, 2020. p. 181-187. ISSN 2153-1633. ISBN 978-1-4503-8025-6.
  • Rok: 2020
  • DOI: 10.1145/3400286.3418262
  • Odkaz: https://doi.org/10.1145/3400286.3418262
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Logging is a vital part of the software development process. Developers use program logging to monitor program execution and identify errors and anomalies. These errors may also cause uncaught exceptions and generate stack traces that help identify the point of error. Both of these sources contain information that can be matched to points in the source code, but manual log analysis is challenging for large systems that create large volumes of logs and have large codebases. In this paper, we contribute a systematic mapping study to determine the state-of-the-art tools and methods used to perform automatic log analysis and stack trace analysis and match the extracted information back to the program's source code. We analyzed 16 publications that address this issue, summarizing their strategies and goals, and we identified open research directions from this body of work.

On Vulnerability and Security Log analysis: A Systematic Literature Review on Recent Trends

  • Autoři: Svacina, J., Raffety, J., Woodahl, C., Stone, B., Černý, T., doc. Ing. Miroslav Bureš, Ph.D., Shin, D., Ing. Karel Frajták, Ph.D., Tisnovsky, P.
  • Publikace: Proceedings of the International Conference on Research in Adaptive and Convergent Systems. New York: ACM, 2020. p. 175-180. ISSN 2153-1633. ISBN 978-1-4503-8025-6.
  • Rok: 2020
  • DOI: 10.1145/3400286.3418261
  • Odkaz: https://doi.org/10.1145/3400286.3418261
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Log analysis is a technique of deriving knowledge from log files containing records of events in a computer system. A common application of log analysis is to derive critical information about a system's security issues and intrusions, which subsequently leads to being able to identify and potentially stop intruders attacking the system. However, many systems produce a high volume of log data with high frequency, posing serious challenges in analysis. This paper contributes with a systematic literature review and discusses current trends, advancements, and future directions in log security analysis within the past decade. We summarized current research strategies with respect to technology approaches from 34 current publications. We identified limitations that poses challenges to future research and opened discussion on issues towards logging mechanism in the software systems. Findings of this study are relevant for software systems as well as software parts of the Internet of Things (IoT) systems.

Aspects of Quality in Internet of Things (IoT) Solutions: A Systematic Mapping Study

  • DOI: 10.1109/ACCESS.2019.2893493
  • Odkaz: https://doi.org/10.1109/ACCESS.2019.2893493
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    Internet of Things (IoT) is an emerging technology that has the promising power to change our future. Due to the market pressure, IoT systems may be released without sufficient testing. However, it is no longer acceptable to release IoT systems to the market without assuring the quality. As in the case of new technologies, the quality assurance process is a challenging task. This paper shows the results of the first comprehensive and systematic mapping study to structure and categories the research evidence in the literature starting in 2009 when the early publication of IoT papers for IoT quality assurance appeared. The conducted research is based on the most recent guidelines on how to perform systematic mapping studies. A set of research questions is defined carefully regarding the quality aspects of the IoT. Based on these questions, a large number of evidence and research papers is considered in the study (478 papers). We have extracted and analyzed different levels of information from those considered papers. Also, we have classified the topics addressed in those papers into categories based on the quality aspects. The study results carry out different areas that require more work and investigation in the context of IoT quality assurance. The results of the study can help in a further understanding of the research gaps. Moreover, the results show a roadmap for future research directions.

Testing the consistency of business data objects using extended static testing of CRUD matrices

  • DOI: 10.1007/s10586-017-1118-7
  • Odkaz: https://doi.org/10.1007/s10586-017-1118-7
  • Pracoviště: Katedra počítačů, Laboratoř inteligentního testování systémů
  • Anotace:
    Static testing is used to detect software defects in the earlier phases of the software development lifecycle, which makes the total costs caused by defects lower and the software development project less risky. Different types of static testing have been introduced and are used in software projects. In this paper, we focus on static testing related to data consistency in a software system. In particular, we propose extensions to contemporary static testing techniques based on CRUD matrices, employing cross-verifications between various types of CRUD matrices made by different parties at various stages of the software project. Based on performed experiments, the proposed static testing technique significantly improves the consistency of Data Cycle Test cases. Together with this trend, we observe growing potential of test cases to detect data consistency defects in the system under test, when utilizing the proposed technique.

Tapir: Automation Support of Exploratory Testing Using Model Reconstruction of the System Under Test

  • DOI: 10.1109/TR.2018.2799957
  • Odkaz: https://doi.org/10.1109/TR.2018.2799957
  • Pracoviště: Laboratoř inteligentního testování systémů
  • Anotace:
    For a considerable number of software projects, the creation of effective test cases is hindered by design documentation that is either lacking, incomplete or obsolete. The exploratory testing approach can serve as a sound method in such situations. However, the efficiency of this testing approach strongly depends on the method, the documentation of explored parts of a system, the organization and distribution of work among individual testers on a team, and the minimization of potential (very probable) duplicities in performed tests. In this paper, we present a framework for replacing and automating a portion of these tasks. A screen-flow-based model of the tested system is incrementally reconstructed during the exploratory testing process by tracking testers’ activities. With additional metadata, the model serves for an automated navigation process for a tester. Compared with the exploratory testing approach, which is manually performed in two case studies, the proposed framework allows the testers to explore a greater extent of the tested system and enables greater detection of the defects present in the system. The results show that the time efficiency of the testing process improved with framework support. This efficiency can be increased by team-based navigational strategies that are implemented within the proposed framework, which is documented by another case study presented in this paper.

Exploratory testing supported by automated reengineering of model of the system under test

  • DOI: 10.1007/s10586-017-0773-z
  • Odkaz: https://doi.org/10.1007/s10586-017-0773-z
  • Pracoviště: Katedra počítačů, Laboratoř inteligentního testování systémů
  • Anotace:
    Exploratory Testing technique is well applicable to software development projects, where test basis is not available (or at least not complete and consistent to the extent allowing the creation of efficient test cases). The key factor for the efficiency of this technique is a structured process for the recording of explored path in the system under test. This approach also allows the creation of the test cases during exploratory testing process. These test cases can be used in the following re-testing of the system. If performed manually, the efficiency of such process strongly depends on the team organization and systematic work of the individuals in the team. This process can be aided by an automated support. In the paper, a framework, which automatically records selected tester’s actions in the system under test is presented. From these recordings, a model of the screen and action flows is reengineered and test cases are prepared. Tester is also able to define more meta-data in the test cases during this process. The recorded model and defined test cases are then available for the next rounds of testing. The performed case study shows that Exploratory Testing aided by this machine support is less resource demanding than Exploratory Testing performed manually only. Also, larger part of SUT was explored during the tests, when this systematic support was available to testers.

Model–Based Testing and Exploratory Testing: Is Synergy Possible?

  • DOI: 10.1109/ICITCS.2016.7740354
  • Odkaz: https://doi.org/10.1109/ICITCS.2016.7740354
  • Pracoviště: Katedra počítačů, Laboratoř inteligentního testování systémů
  • Anotace:
    Model–based testing represents an efficient method to detect software defects. This approach has a limitation, when the model of the system under test is inconsistent, incomplete, or, does not exist at all. An exploratory testing approach represents an alternative for such situations: initially it does not require a model of the tested system. The testers are using their skills and intuition to explore the system. Nevertheless, this technique has also its disadvantages. For example, it is hard to measure the effectiveness of the testing or to re–evaluate certain test when the explored path and exercised test cases are not being documented properly. In this paper, we are proposing a technique that utilizes advantages of the both model–based testing and exploratory testing and tries to eliminate their issues. The model of the application is dynamically created and updated in the exploratory stage when state data (the page user is currently on, all input, action and link elements) and every step that was taken is recorded. This structure documents what parts of the tested system were explored and what parts has to be explored later on. Recorded steps are also converted to test case scenario that can be reused later in the testing process.

Transformation of IFML Schemas to Automated Tests

  • DOI: 10.1145/2811411.2811556
  • Odkaz: https://doi.org/10.1145/2811411.2811556
  • Pracoviště: Katedra počítačů
  • Anotace:
    Interaction Flow Modelling Language (IFML) is a recently standardized modelling language designed to capture the structure and properties of the application user interface. In the paper we discuss suitability of the IFML model for automatic generation of automated application front-end tests, as detailed model of the application front-end provides enough information to exercise particular actions in the tested application front-end to verify expected behaviour. Our approach is based on the multi-level transformation of an IFML model to automated tests. The IFML model is converted to an application front-end test model. Then abstract test cases are created from this model using set of defined rules. Finally the abstract test cases are transformed to a particular physical automated test cases using a template engine.

Using the Interaction Flow Modelling Language for Generation of Automated Front–End Tests

  • DOI: 10.15439/2015F392
  • Odkaz: https://doi.org/10.15439/2015F392
  • Pracoviště: Katedra počítačů
  • Anotace:
    In the paper we explore the possibilities of automated test-case generation from the IFML model of application front–end. As opposed to the previous core UML standard, IFML captures the structure and properties of the application user interface, which gives us new possibilities in model–based test case generation: produced test cases have a higher probability of being consistent and of respecting the real feasibility of the tests in the tested application. In the presented solution we leverage the capabilities of an IFML model to capture details of front–end components to generate front–end automated tests, exercising particular actions in the tested application front–end to verify its expected behaviour according to an IFML model. The approach is based on the transformation of an IFML model to an application front–end test model — a more straightforward structure for the automated generation of test cases. Then, based on the defined rules, the abstract test cases are created from the model. The abstract test cases are then transformed using a template engine, to particular physical automated test cases which can be run to test the application.

Pex extension for generating user input validation code for web applications

  • DOI: 10.5220/0004994103150320
  • Odkaz: https://doi.org/10.5220/0004994103150320
  • Pracoviště: Katedra počítačů
  • Anotace:
    The code written by a software developer is not always flawless. The more code is created the more errors are introduced into the system. In web development different programming languages can be used to implement back-end and front-end sides of the application. For example, it is possible to implement user input validation multiple times - it validates the input values on client-side using JavaScript before the data is sent to server and then the received data is validated again on the server-side. The logic is duplicated, changes made to the validation code must be synchronised on both sides. All implementations must be also unit tested, which increases the time required to create and maintain multiple sets of unit tests. In this paper, we will describe how white-box testing tool Pex can be extended to generate user input validation code for ASP.NET MVC web applications. The validation code won't be duplicated in JavaScript on the client-side and the application will be protected from sending invalid input values from the client-side. The testers can focus on testing using meaningful data input values. Testing of corner cases can be automated thus saving the available resources - testers involved in testing and time spent on testing.

Reducing user input validation code in web applications using Pex extension

  • DOI: 10.1145/2659532.2659633
  • Odkaz: https://doi.org/10.1145/2659532.2659633
  • Pracoviště: Katedra počítačů
  • Anotace:
    Validation of user input data is very important in web application. Not only it protects the system from various exploits, but it also improves the user experience. User immediately sees what values are missing or are not valid and should be fixed. It is important to validate code on client side in the browser, but that does not mean that the validation on server side can be omitted. The golden rule of the web applications is not to trust user input and validate code on server side as well. The user input validation is therefore duplicated - it validates the input values first on client side using JavaScript before the data is sent to server and then the received data is validated again on the server side. Changes made to the validation code must be synchronized in code on both sides. All implementations must be also unit tested, multiple sets of unit tests must be created and maintained. We will describe how we extended white-box testing tool Pex to generate user input validation code for web applications created on .NET platform. The JavaScript client side validation code is generated from the controller code written in C#. The code then validates input values on the client side. Most of the testing can be automated executing generated test. Testing resources - i.e time spent on testing and number of testers involved people - are saved.

Formal specification to support advanced model based testing

  • Pracoviště: Katedra počítačů
  • Anotace:
    Reliability and correctness of a web application are crucial factors to its success. Errors occurring in nondeterministic moments do not attract the target audience of the application. It is quite impossible to deliver 100% reliable application. Hidden errors are discovered when target users are using the application. With proper tooling and support the time between the error discovery or report and the error elimination can be reduced. In this paper we are proposing formal model for a model based improvement of a testing process of the web application. Our goal is to create a formal model and design a testing framework based on the direct guidance of a tester 1through the testing process, verifying his steps and providing better feedback.

Web Software Systems Testing Supported by Model-Based Direct Guidance of the Tester

  • Pracoviště: Katedra počítačů
  • Anotace:
    The common approach to software testing based on manual test design and manual execution of test cases can be made more efficient by suitable automation of this process. In the paper we propose new approach to testing process using automated test cases generation for direct tester guidance and system for tester's guidance through the system based on the model of the system. The proposal increases efficiency of manual software testing in terms of effort spent on test design and reliability and accuracy of performed tests.

Manual testing of web software systems supported by direct guidance of the tester based on design model

  • Pracoviště: Katedra počítačů
  • Anotace:
    Software testing is important stage of development cycle. Current testing process involves tester and electronic documents with test case scenarios. In this paper we focus on new approach to testing process using automated test case generation and tester guidance through the system based on the model of the system. Test case generation and model-based testing is not possible without proper system model. We aim on providing better feedback from the testing process thus eliminating the unnecessary paperwork.

Za stránku zodpovídá: Ing. Mgr. Radovan Suk