ANTLR: a predicated-LL(k) parser generator
Software—Practice & Experience
Efficiency of a Good But Not Linear Set Union Algorithm
Journal of the ACM (JACM)
A framework for testing database applications
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Database Systems: The Complete Book
Database Systems: The Complete Book
Generating consistent test data: restricting the search space by a generator formula
The VLDB Journal — The International Journal on Very Large Data Bases
Automatic Generation of Database Instances for White-box Testing
COMPSAC '01 Proceedings of the 25th International Computer Software and Applications Conference on Invigorating Software Development
CVC: A Cooperating Validity Checker
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
A family of test adequacy criteria for database-driven applications
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
JDBC Checker: A Static Analysis Tool for SQL/JDBC Applications
Proceedings of the 26th International Conference on Software Engineering
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Simplify: a theorem prover for program checking
Journal of the ACM (JACM)
CUTE: a concolic unit testing engine for C
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Command-Form Coverage for Testing Database Applications
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
CUTE and jCUTE: concolic unit testing and explicit path model-checking tools
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Symstra: a framework for generating object-oriented unit tests using symbolic execution
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Execution generated test cases: how to make systems code crash itself
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2008 ACM SIGMOD international conference on Management of data
Query-based test generation for database applications
Proceedings of the 1st international workshop on Testing database systems
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Finding bugs in dynamic web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Precise interface identification to improve testing and analysis of web applications
Proceedings of the eighteenth international symposium on Software testing and analysis
Query-aware shrinking test databases
Proceedings of the Second International Workshop on Testing Database Systems
Real application testing with database replay
Proceedings of the Second International Workshop on Testing Database Systems
Query-Aware Test Generation Using a Relational Constraint Solver
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
ACM Transactions on Information and System Security (TISSEC)
Constraint-based test database generation for SQL queries
Proceedings of the 5th Workshop on Automation of Software Test
Dynamic symbolic database application testing
Proceedings of the Third International Workshop on Testing Database Systems
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
MODA: automated test generation for database applications via mock objects
Proceedings of the IEEE/ACM international conference on Automated software engineering
Automated SQL query generation for systematic testing of database engines
Proceedings of the IEEE/ACM international conference on Automated software engineering
Directed test suite augmentation: techniques and tradeoffs
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Qex: symbolic SQL query explorer
LPAR'10 Proceedings of the 16th international conference on Logic for programming, artificial intelligence, and reasoning
Testing Data Consistency of Data-Intensive Applications Using QuickCheck
Electronic Notes in Theoretical Computer Science (ENTCS)
Database state generation via dynamic symbolic execution for coverage criteria
Proceedings of the Fourth International Workshop on Testing Database Systems
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
HAMPI: a string solver for testing, analysis and vulnerability detection
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Silverline: toward data confidentiality in storage-intensive cloud applications
Proceedings of the 2nd ACM Symposium on Cloud Computing
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Applying constraint logic programming to SQL test case generation
FLOPS'10 Proceedings of the 10th international conference on Functional and Logic Programming
Generating program inputs for database application testing
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Test input generation for database programs using relational constraints
DBTest '12 Proceedings of the Fifth International Workshop on Testing Database Systems
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 34th International Conference on Software Engineering
STING: finding name resolution vulnerabilities in programs
Security'12 Proceedings of the 21st USENIX conference on Security symposium
HAMPI: A solver for word equations over strings, regular expressions, and context-free grammars
ACM Transactions on Software Engineering and Methodology (TOSEM)
Dynamic test data generation for data intensive applications
HVC'11 Proceedings of the 7th international Haifa Verification conference on Hardware and Software: verification and testing
ConSMutate: SQL mutants for guiding concolic testing of database applications
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Model checking database applications
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Extending XData to kill SQL query mutants in the wild
Proceedings of the Sixth International Workshop on Testing Database Systems
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
KATCH: high-coverage testing of software patches
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Guided test generation for database applications via synthesized database interactions
ACM Transactions on Software Engineering and Methodology (TOSEM)
Word equations with length constraints: what's decidable?
HVC'12 Proceedings of the 8th international conference on Hardware and Software: verification and testing
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
Hi-index | 0.00 |
We describe an algorithm for automatic test input generation for database applications. Given a program in an imperative language that interacts with a database through API calls, our algorithm generates both input data for the program as well as suitable database records to systematically explore all paths of the program, including those paths whose execution depend on data returned by database queries. Our algorithm is based on concolic execution, where the program is run with concrete inputs and simultaneously also with symbolic inputs for both program variables as well as the database state. The symbolic constraints generated along a path enable us to derive new input values and new database records that can cause execution to hit uncovered paths. Simultaneously, the concrete execution helps to retain precision in the symbolic computations by allowing dynamic values to be used in the symbolic executor. This allows our algorithm, for example, to identify concrete SQL queries made by the program, even if these queries are built dynamically. The contributions of this paper are the following. We develop an algorithm that can track symbolic constraints across language boundaries and use those constraints in conjunction with a novel constraint solver to generate both program inputs and database state. We propose a constraint solver that can solve symbolic constraints consisting of both linear arithmetic constraints over variables as well as string constraints (string equality, disequality, as well as membership in regular languages). Finally, we provide an evaluation of the algorithm on a Java implementation of MediaWiki, a popular wiki package that interacts with a database back-end.