nach oben

Software Quality Journal

Erschienen in:

10.07.2019

Extending symbolic execution for automated testing of stored procedures

verfasst von: Maryam Abdul Ghafoor, Muhammad Suleman Mahmood, Junaid Haroon Siddiqui

Erschienen in: Software Quality Journal | Ausgabe 2/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Stored procedures in database management systems are often used to implement complex business logic. Correctness of these procedures is critical for flawless working of the system. However, testing them remains difficult due to many possible database states and constraints on data. This leads to mostly manual testing. Newer tools offer automated execution for unit testing of stored procedures but the test cases are still written manually. We propose an approach of using dynamic symbolic execution for generating automated test cases and corresponding database states for stored procedures. We model the constraints on data imposed by the schema and the SQL statements, treating values in database tables as symbolic. We use SMT solver to find values that will drive the stored procedure on a particular execution path. We instrument the internal execution plans generated by PostgreSQL to extract constraints. We use Z3 to generate test cases consisting of table data and procedure inputs. Our evaluation using stored procedures from a large business application and various GitHub repositories quantifies the evidence of effectiveness of our technique by generating test cases that lead to schema constraint violations and user-defined exceptions.

Vorheriger Artikel Improving dynamic domain reduction test data generation method by Euler/Venn reasoning system

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

http://www.postgresql.org

http://www.xtuple.com/postbooks

https://github.com/Abstrct/Schemaverse.git

https://github.com/Yizhe-FAN/ParisVII_ProjectDataBase.git

https://github.com/LSostaric/PostgreSQL-Node-Tree.git

https://github.com/ashenoy95/plpgsql.git

https://sourceforge.net/p/riskitinsurance

https://www.enterprisedb.com/

https://www.visualstudio.com

Barrett, C., & Tinelli, C. (2007). CVC3. In Proceedings 19th international conference on computer aided verification (CAV) (pp. 298–302).

Binnig, C., Kossmann, D., Lo, E. (2007). Reverse query processing. In IEEE 23rd international conference on data engineering (ICDE) (pp. 506–515).

Bush, W.R., Pincus, J.D., Sielaff, D.J. (2000). A static analyzer for finding dynamic programming errors. Software Practice Experience, 30(7), 775–802.CrossRef

Cadar, C., & Engler, D. (2005). Execution generated test cases: how to make systems code crash itself. In Proceedings of the international SPIN workshop on model checking of software (pp. 2–23).

Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R. (2006). EXE: automatically generating inputs of death. In Proc 13th Conference on computer and communications security (CCS) (pp. 322–335).

Cadar, C., Dunbar, D., Engler, D.R. (2008). KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th symposium on operating systems design and implementation (OSDI) (pp. 209–224).

Castelein, J., Aniche, M., Soltani, M., Panichella, A., van Deursen, A. (2018). Search-based test data generation for sql queries. In Proceedings of the 40th international conference on software engineering (pp. 1230–1230). ACM.

Chan, M.-Y., & Cheung, S-C. (1999). Testing database applications with sql semantics. CODAS, 99, 363–374.

Chen, T., Zhang, X.-S., Guo, S.-Z., Li, H.g.-Y., Wu, Y. (2013). State of the art: dynamic symbolic execution for automated test generation. Future Generation Computer Systems, 29(7), 1758–1773.CrossRef

Clarke, L.A. (1976a). A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering (TSE), 2(3), 215–222.

Clarke, L.A. (1976b). Test data generation and symbolic execution of programs as an aid to program validation. PhD thesis, University of Colorado at Boulder.

De La Riva, C, Suárez-Cabal, MJ, Tuya, J. (2010). Constraint-based test database generation for SQL queries. In Proceedings of the 5th workshop on automation of software testing (pp. 67–74).

de Moura, L, & Bjørner, N. (2008). Z3: an efficient SMT solver. In International conference on tools and algorithms for the construction and analysis of systems (TACAS) (pp. 337–340).

Deng, Y, Frankl, P, Chays, D. (2005). Testing database transactions with AGENDA. In Proceedings of the 27th international conference on software engineering (pp. 78–87).

Elkarablieh, B., Garcia, I., Suen, Y.L., Khurshid, S. (2007). Assertion-based repair of complex data structures. In Proceedings of the 22nd international conference on automated software engineering (ASE) (pp. 64–73).

Emmi, M., Majumdar, R., Sen, K. (2007). Dynamic test input generation for database applications. In Proceedings of the 2007 international symposium on software testing and analysis (pp. 151–162).

Ghafoor, M.A., Mahmood, M.S., Siddiqui, J.H. (2016). Effective partial order reduction in model checking database applications. In 2016 IEEE international conference on software testing, verification and validation (ICST) (pp. 146–156). IEEE.

Godefroid, P. (2007). Compositional dynamic test generation. In Proceedings of the 34th symposium on principles of programming languages (POPL) (pp. 47–54).

Godefroid, P., Klarlund, N., Sen, K. (2005). DART: directed automated random testing. In Proceedings of the 2005 conference on programming languages design and implementation (PLDI) (pp. 213–223).

Jackson, D. (2002). Alloy: a lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology (TOSEM), 11(2), 256–290.CrossRef

Khalek, SA, & Khurshid, S. (2011). Systematic testing of database engines using a relational constraint solver. In Proceedings of the fourth IEEE international conference on software testing, verification and validation (ICST) (pp. 50–59).

Khurshid, S., Pasareanu, C.S., Visser, W. (2003). Generalized symbolic execution for model checking and testing. In Proceedings of the 9th international conference on tools and algorithms for the construction and analysis of systems (TACAS) (pp. 553–568).

King, J. C. (1976). Symbolic execution and program testing. Communications ACM, 19(7), 385–394.MathSciNetCrossRef

Li, C, & Csallner, C. (2010). Dynamic symbolic database application testing. In Proceedings of the third international workshop on testing database systems (DBTest).

Mahmood, MS, Ghafoor, M, Siddiqui, JH. (2016). Symbolic execution of stored procedures in database management systems. In 2016 31st IEEE/ACM international conference on automated software engineering (ASE) (pp. 519–530). IEEE.

Marcozzi, M., Vanhoof, W., Hainaut, J.-L. (2013). A relational symbolic execution algorithm for constraint-based testing of database programs. In IEEE 13th international working conference on source code analysis and manipulation (SCAM) (pp. 179–188).

Marcozzi, M., Vanhoof,W., Hainaut, J.-L. (2014). Towards testing of full-scale SQL applications using relational symbolic execution. In Proceedings of the 6th international workshop on constraints in software testing, verification, and analysis (pp. 12–17).

Marcozzi, M., Vanhoof, W., Hainaut, J.-L. (2015). Relational symbolic execution of sql code for unit testing of database programs. Science of Computer Programming, 105, 44–72.CrossRef

Matthew, N, & Stones, R. (2005). Beginning Databases with PostgreSQL. Apress.

McMinn, P., Wright, C.J., Kapfhammer, G.M. (2015). An analysis of the effectiveness of different coverage criteria for testing relational database schema integrity constraints. Department of Computer Science, University of Sheffield, Tech. Rep.

Mohamed, M.A., Altrafi, O.G., Ismail, M.O. (2014). Relational vs. nosql databases: a survey. International Journal of Computer and Information Technology, 3(03), 598–601.

Pan, K., Wu, X., Xie, T. (2011). Database state generation via dynamic symbolic execution for coverage criteria. In Proceedings of the fourth international workshop on testing database systems (p. 4).

Pan, K., Wu, X., Xie, T. (2014). Guided test generation for database applications via synthesized database interactions. ACM Transactions on Software Engineering and Methodology (TOSEM), 23(2), 12.CrossRef

Pan, K., Wu, X., Xie, T. (2015). Program-input generation for testing database applications using existing database states. Automated Software Engineering, 22(4), 439–473.CrossRef

Person, S., Yang, G., Rungta, N., Khurshid, S. (2011). Directed incremental symbolic execution. In Proceedings of the 2011 conference on programming languages design and implementation (PLDI) (pp. 504–515).

Ramos, DA, & Engler, DR. (2011). Practical, low-effort equivalence verification of real code. In Proceedings of the 23rd international conference on computer aided verification (CAV) (pp. 669– 685).

Sen, K, Marinov, D, Agha, G. (2005). CUTE: a concolic unit testing engine for C. In Proceedings of the 5th joint meeting of the European software engineering conference and symposium on foundations of software engineering (ESEC/FSE) (pp. 263–272).

Seo, C, Malek, S, Medvidovic, N. (2008). Component-level energy consumption estimation for distributed java-based software systems. In Proceedings of the 11th international symposium on component-based software engineering (pp. 97–113).

Siddiqui, JH, & Khurshid, S. (2010). ParSym: parallel symbolic execution. In Proceedings of the 2nd international conference on software technology and engineering (ICSTE) (pp. pages V1: 405– 409).

Siddiqui, JH, & Khurshid, S. (2012a). Staged symbolic execution. In Proceedings of the 27th symposium on applied computing (SAC): software verification and testing track (SVT).

Siddiqui, JH, & Khurshid, S. (2012b). Scaling symbolic execution using ranged analysis. In Proceedings of the 27th annual conference on object oriented programming systems, languages, and applications (OOPSLA).

Silberschatz, A, Korth, HF, Sudarshan, S, et al. (1997). Database system concepts (Vol. 4). New York: McGraw-Hill.MATH

Sörensson, N, & Een, N. (2003). An extensible SAT-solver. In Proceedings of the 6th international conference on theory and applications of satisfiability testing (SAT) (pp. 502–518).

Staats, M, & Pǎsǎreanu, C. (2010). Parallel symbolic execution for structural test generation. In Proceedings of the 19th international symposium on software testing and analysis (ISSTA) (pp. 183–194).

Suárez-Cabal, M J, de la Riva, C, Tuya, J, Blanco, R. (2017). Incremental test data generation for database queries. Automated Software Engineering, 24(4), 719–755.CrossRef

Tsumura, K, Washizaki, H, Fukazawa, Y, Oshima, K, Mibe, R. (2016). Pairwise coverage-based testing with selected elements in a query for database applications. In 2016 IEEE ninth international conference on software testing, verification and validation workshops (ICSTW) (pp. 92–101). IEEE.

Tuya, J, Suárez-Cabal, MJ, de la Riva, C. (2010). Full predicate coverage for testing SQL database queries. Journal of Software Testing, Verification and Reliability, 20(3), 237–288.CrossRef

Veanes, M, Grigorenko, P, De Halleux, P, Tillmann, N. (2009). Symbolic query exploration. In Formal methods and software engineering (pp. 49–68). Springer.

Wei, K., Muthuprasanna, M., Kothari, S. (2006). Preventing sql injection attacks in stored procedures. In Proceedings of the Australian software engineering conference (ASWEC). ISBN 0-7695-2551-2. https://doi.org/10.1109/ASWEC.2006.40(pp. 191–198).

Yang, G, Păsăreanu, C S, Khurshid, S. (2012). Memoized symbolic execution. In Proceedings of the 2012 international symposium on software testing and analysis (ISSTA), ISSTA 2012. ISBN 978-1-4503-1454-1. https://doi.org/10.1145/2338965.2336771. (pp. 144–154).

Zhang, J, Xu, C, Cheung, S-C. (2001). Automatic generation of database instances for white-box testing. In 25th annual international computer software and applications conference, 2001. COMPSAC 2001 (pp. 161–165). IEEE.

Zhu, H., Hall, P.A.V., May, J.H.R. (1997). Software unit test coverage and adequacy. ACM Computing Surveys (CSUR), 29(4), 366–427.CrossRef

Titel: Extending symbolic execution for automated testing of stored procedures
verfasst von: Maryam Abdul Ghafoor
Muhammad Suleman Mahmood
Junaid Haroon Siddiqui
Publikationsdatum: 10.07.2019
Verlag: Springer US
Erschienen in: Software Quality Journal / Ausgabe 2/2020
Print ISSN: 0963-9314
Elektronische ISSN: 1573-1367
DOI: https://doi.org/10.1007/s11219-019-09453-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 2/2020

Special section on testing and repair for software engineering technologies and applications

An automated approach to assess the similarity of GitHub repositories

Verifying temporal specifications of Java programs

Model generation of component-based systems

Improving dynamic domain reduction test data generation method by Euler/Venn reasoning system

Component attributes and their importance in decisions and component selection

Premium Partner