short-paper

ArtForm: a tool for exploring the codebase of form-based websites

Authors:

Michael Benedikt,

Anders Møller,

Franck van BreugelAuthors Info & Claims

ISSTA 2017: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 380 - 383

https://doi.org/10.1145/3092703.3098226

Published: 10 July 2017 Publication History

Abstract

We describe ArtForm, a tool for exploring the codebase of dynamic data-driven websites where users enter data via forms. ArtForm extends an instrumented browser, so it can directly implement user interactions, adding in symbolic and concolic execution of JavaScript. The tool supports a range of exploration modes with varying degrees of user intervention. It includes a number of adaptations of concolic execution to the setting of form-based web programs.

Supplementary Material

Auxiliary Video (issta17-demosid5-s.mp4)

A screencast demo of the ArtForm tool, described in ArtForm: A Tool for Exploring the Codebase of Form-Based Websites. The video is also available at http://www.cs.ox.ac.uk/projects/ArtForm/demo/

Download
91.92 MB

References

[1]

S. Anand, M. Naik, M. Harrold, and H. Yang. Automated concolic testing of smartphone apps. In FSE, 2012.

Digital Library

[2]

S. Artzi, J. Dolby, S. H. Jensen, A. Møller, and F. Tip. A framework for automated testing of JavaScript web applications. In ICSE, 2011.

Digital Library

[3]

C. Barrett, C. L. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, and C. Tinelli. CVC4. In CAV, 2011.

Digital Library

[4]

Cristian Cadar, Daniel Dunbar, and Dawson Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008.

Digital Library

[5]

P. Godefroid, N. Klarlund, and K. Sen. DART: directed automated random testing. In PLDI, 2005.

Digital Library

[6]

P. Godefroid, M. Y. Levin, and D. Molnar. Automated whitebox fuzz testing. In NDSS, 2008.

[7]

G. Hu, X. Yuan, Y. Tang, and J. Yang. Efficiently, effectively detecting mobile app bugs with AppDoctor. In EuroSys, 2014.

Digital Library

[8]

C. S. Jensen, M. R. Prasad, and A. Møller. Automated testing with targeted event sequence generation. In ISSTA, 2013.

Digital Library

[9]

S. H. Jensen, A. Møller, and P. Thiemann. Type analysis for JavaScript. In SAS, 2009.

Digital Library

[10]

G. Li, E. Andreasen, and I. Ghosh. SymJS: Automatic symbolic testing of JavaScript web applications. In FSE, 2014.

Digital Library

[11]

C. Park and S. Ryu. Scalable and precise static analysis of JavaScript applications via loop-sensitivity. In ECOOP, 2015.

[12]

G. Richards, C. Hammer, B. Burg, and J. Vitek. The eval that men do: A large-scale study of the use of eval in JavaScript applications. In ECOOP, 2011.

Digital Library

[13]

G. Richards, S. Lebresne, B. Burg, and J. Vitek. An analysis of the dynamic behavior of JavaScript programs. In PLDI, 2010.

Digital Library

[14]

P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for JavaScript, 2010.

Digital Library

[15]

K. Sen, S. Kalasapur, T. G. Brutch, and S. Gibbs. Jalangi: a tool framework for concolic testing, selective record-replay, and dynamic analysis of JavaScript. In ESEC/FSE, 2013.

Digital Library

[16]

K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for C. In ESEC/FSE, 2005.

Digital Library

[17]

T.J. Watson Libraries for Analysis. WALA. http://wala.sf.net. Abstract 1 Introduction 2 Using the exploration tool 3 Architecture 4 Demonstration details 5 Related work 6 Conclusion References

Cited By

Hassanshahi BLee HKrishnan P(2022)Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER53432.2022.00079(618-629)Online publication date: Mar-2022
https://doi.org/10.1109/SANER53432.2022.00079
Spencer BBenedikt MSenellart P(2018)Form Filling Based on Constraint SolvingWeb Engineering10.1007/978-3-319-91662-0_7(95-113)Online publication date: 20-May-2018
https://doi.org/10.1007/978-3-319-91662-0_7

Recommendations

SymJS: automatic symbolic testing of JavaScript web applications
FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

We present SymJS, a comprehensive framework for automatic testing of client-side JavaScript Web applications. The tool contains a symbolic execution engine for JavaScript, and an automatic event explorer for Web pages. Without any user intervention, ...
MultiSE: multi-path symbolic execution using value summaries
ESEC/FSE 2015: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering

Dynamic symbolic execution (DSE) has been proposed to effectively generate test inputs for real-world programs. Unfortunately, DSE techniques do not scale well for large realistic programs, because often the number of feasible execution paths of a ...
Concolic testing: a decade later (keynote)
WODA 2015: Proceedings of the 13th International Workshop on Dynamic Analysis

Symbolic execution for software testing has witnessed renewed interest in the recent years due to its ability to generate high-coverage test suites and find deep errors in software systems. In this talk, I will give an overview of a modern symbolic ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2017: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2017

447 pages

ISBN:9781450350761

DOI:10.1145/3092703

General Chair:
Tevfik Bultan
University of California at Santa Barbara, USA
,
Program Chair:
Koushik Sen
University of California at Berkeley, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 10 July 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

ISSTA '17

Sponsor:

SIGSOFT

ISSTA '17: International Symposium on Software Testing and Analysis

July 10 - 14, 2017

CA, Santa Barbara, USA

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
128
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hassanshahi BLee HKrishnan P(2022)Gelato: Feedback-driven and Guided Security Analysis of Client-side Web Applications2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER53432.2022.00079(618-629)Online publication date: Mar-2022
https://doi.org/10.1109/SANER53432.2022.00079
Spencer BBenedikt MSenellart P(2018)Form Filling Based on Constraint SolvingWeb Engineering10.1007/978-3-319-91662-0_7(95-113)Online publication date: 20-May-2018
https://doi.org/10.1007/978-3-319-91662-0_7

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten