MOREST: Model-based RESTful API Testing with Execution Feedback
Thu 12 May 2022 12:25 - 12:30 at ICSE room 2-even hours - Software Engineering in Practice 5 Chair(s): Mehrdad Sabetzadeh
RESTful APIs are arguably the most popular endpoints for accessing Web services. Blackbox testing is one of the emerging techniques for ensuring the reliability of RESTful APIs. The major challenge in testing RESTful APIs is the need for correct sequences of API operation calls for in-depth testing. To build meaningful operation call sequences, researchers have proposed techniques to learn and utilize the API dependencies based on OpenAPI specifications. However, these techniques either lack the overall awareness of how all the APIs are connected or the flexibility of adaptively fixing the learned knowledge.
In this paper, we propose MOREST, a model-based RESTful API testing technique that builds and maintains a dynamically updating RESTful-service Property Graph (RPG) to model the behaviors of RESTful-services and guide the call sequence generation. We empirically evaluated MOREST and the results demonstrate that \textsc{Morest} can successfully request an average of 152.66%-232.45% more API operations, cover 26.16%-103.24% more lines of code, and detect 40.64%-215.94% more bugs than state-of-the-art techniques.
In total, we applied MOREST to 6 real-world projects and found 44 bugs (13 of them cannot be detected by existing approaches). Specifically, 2 of the confirmed bugs are from Bitbucket, a famous code management service with more than 6 million users.
Wed 11 MayDisplayed time zone: Eastern Time (US & Canada) change
03:00 - 04:00 | Validation and Verification 2Technical Track / Journal-First Papers at ICSE room 4-odd hours Chair(s): Grischa Liebel Reykjavik University | ||
03:00 5mTalk | Verification of Consistency between Process Models, Object Life Cycles, and Context-dependent Semantic Specifications Journal-First Papers Ralph Hoch Institute of Computer Technology, TU Wien, Christoph Luckeneder Vienna University of Technology, Roman Popp TU Wien, Vienna, Austria, Hermann Kaindl Institute of Computer Technology, TU Wien Link to publication DOI Pre-print Media Attached | ||
03:05 5mTalk | Verification of ORM-based Controllers by Summary Inference Technical Track Geetam Chawla Indian Insitute of Science, Bangalore, Navneet Aman Indian Institute of Science, Bangalore, Raghavan Komondoor IISc Bengaluru, Ashish Shashikant Bokil Indian Institute of Science, Bangalore, Nilesh Ramesh Kharat Indian Institute of Science, Bangalore Pre-print Media Attached | ||
03:10 5mTalk | Data-Driven Loop Bound Learning for Termination Analysis Technical Track DOI Pre-print Media Attached | ||
03:15 5mTalk | Refty: Refinement Types for Valid Deep Learning Models Technical Track Yanjie Gao Microsoft Research, lizhengxian Microsoft Research, Haoxiang Lin Microsoft Research, Hongyu Zhang University of Newcastle, Ming Wu Shanghai Tree-Graph Blockchain Research Institute, Mao Yang Microsoft Research DOI Pre-print Media Attached | ||
03:20 5mTalk | GraphFuzz: Library API Fuzzing with Lifetime-aware Dataflow Graphs Technical Track DOI Pre-print Media Attached | ||
03:25 5mTalk | MOREST: Model-based RESTful API Testing with Execution Feedback Technical Track Yi Liu Nanyang Technological University, Yuekang Li Nanyang Technological University, Gelei Deng Nanyang Technological University, Yang Liu Nanyang Technological University, Ruiyuan Wan Huawei Inc., Runchao Wu Huawei Inc., Dandan Ji Huawei Inc., Shiheng Xu Huawei Inc., Minli Bao Huawei Inc. Pre-print Media Attached |
Thu 12 MayDisplayed time zone: Eastern Time (US & Canada) change
12:00 - 13:00 | Software Engineering in Practice 5Technical Track / SEIP - Software Engineering in Practice at ICSE room 2-even hours Chair(s): Mehrdad Sabetzadeh University of Ottawa | ||
12:00 5mTalk | Automatic Anti-Pattern Detection in Microservice Architectures based on Distributed Tracing SEIP - Software Engineering in Practice Tim Hubener ING Bank N.V., Yaping Luo ING; Eindhoven University of Technology, Pieter Vallen ING, Jonck van der Kogel ING Bank N.V., Tom Liefheid ING Bank N.V., Michel Chaudron Eindhoven University of Technology, The Netherlands Media Attached | ||
12:05 5mTalk | Organizational Culture and its impact on the BizDev interface SEIP - Software Engineering in Practice Pre-print Media Attached | ||
12:10 5mTalk | A Software Impact Analysis Tool based on Change History Learning and its Evaluation SEIP - Software Engineering in Practice Haruya Iwasaki Shibaura Institute of Technologies, Tsuyoshi Nakajima Shibaura Institute of Technology, Ryota Tsukamoto Mitsubishi Electric Corporation, Kazuko Takahashi Mitsubishi Electric Corporation, Shuichi Tokumoto Mitsubishi Electric Corporation DOI Media Attached | ||
12:15 5mTalk | Looking for Lacunae in Bitcoin Core’s Fuzzing Efforts SEIP - Software Engineering in Practice Alex Groce Northern Arizona University, Kush Jain Carnegie Mellon University, Rijnard van Tonder Sourcegraph, Goutamkumar Tulajappa Kalburgi Northern Arizona University, Claire Le Goues Carnegie Mellon University | ||
12:20 5mTalk | AI for Automated Code Updates SEIP - Software Engineering in Practice Salwa Alamir J.P. Morgan AI Research, Petr Babkin J.P. Morgan AI Research, Nacho Navarro J.P. Morgan AI Research, Sameena Shah J.P. Morgan AI Research Pre-print Media Attached | ||
12:25 5mTalk | MOREST: Model-based RESTful API Testing with Execution Feedback Technical Track Yi Liu Nanyang Technological University, Yuekang Li Nanyang Technological University, Gelei Deng Nanyang Technological University, Yang Liu Nanyang Technological University, Ruiyuan Wan Huawei Inc., Runchao Wu Huawei Inc., Dandan Ji Huawei Inc., Shiheng Xu Huawei Inc., Minli Bao Huawei Inc. Pre-print Media Attached |