CSI 5118 Winter 2008

VerdictSamples.java: illustrates tests that pass, fail, have errors, throw exceptions, or time out.
SimpleParameterizedBitTest.java: illustrates how to use parameters to run one test with varying data
BitTest.java: a “more complete” test of the Bit class – but how complete is it?

o Coverage Tools, shown January 24:

Eclipse project .zip file: CoverageDemo.zip
Requires: JUnit, Emma Eclipse plug-in, CodeCover Eclipse plug-in

o TPTP, shown January 29 :

The Fourier plot program (shown as a profiling example): FourierWindow.java, FourierPlotPanel.java
Requires: JUnit, Eclipse TPTP plug-in and its requirements
Anti-requirements: Does not work with JUnit 4 or Java 6

o Mock objects, shown January 31 / February 5

Eclipse project .zip file: MockDemo.zip
Requires: JUnit 4.4 (see below), EasyMock, jMock
The JUnit 4.4 library should point to the file junit-4.4.jar. This is the “official” release from the JUnit web site, and is not the customized version found within Eclipse.

o Database testing, shown February 7 / 12:

Eclipse project .zip file: DatabaseDemo.zip
Requires: JUnit, DbUnit, MySQL connector, MySQL database

o Web application testing, shown February 12 / 14. Eclipse project .zip files:

Web client, tested with mock objects created manually: ClientMockDemo.zip
Web client, tested with stubs and the Jetty small server. ClientJettyDemo.zip

Requires: JUnit, Jetty, Apache Commons Logging

Servlets, tested with mock objects or Cactus on a server: ServletDemo.zip

Requires: JUnit, Cactus, Jetty, EasyMock, Tomcat server

End-to-end web application: test database access from servlet, and resulting web page: CustomerWebApp.zip

Requires: JUnit, Cactus, DbUnit, HttpUnit, Tomcat server, MySQL connector, MySQL database

o SDL State space exploration example: (February 28)

River crossing problem (description), using Telelogic SDL suite 6.0: SDL_River.zip
An SDL tutorial
Some lab rooms (including STE 2060) are missing environment variables for the Visual Studio C++ compiler used by the SDL tool suite (and SPIN). If you are trying to use “make” to create a simulator or a state-space exploration, and you get problems with messages such as “nmake command not found” or that “make cannot find (some libarary), this is the evidence that the environment variables are not fixed.

If you see this problem, click this link for the necessary environment settings.

Add a new environment variable INCLUDE, set to be the paths shown in the link file (that is, everything after the equal sign).
Add a new environment variable LIB, set to be to be the paths shown in the link file.
Append the paths in the link file to the PATH variable (be sure that a semicolon ; separates the additional entries from what is already there).

You will need to restart the SDL suite tool after changing the environment variables.

Requires: Telelogic SDL suite (licensed for lab rooms only), command-line access to a C++ compiler (Visual Studio in the labs)

o SPIN State space exploration example: (March 4 / 6)

See note above for information about tools that compile C/C++ code using the Visual Studio in the lab rooms.
Models of the river crossing problem (description), using Promela:

Model with no termination: River.pml.txt
Model that terminates when everyone crosses the river: RiverEnd.pml.txt
Model that terminates on either success or failure, with acceptance states for success: RiverEaten.pml.txt
Model that terminates on either success or failure, but no acceptance states (useful for “never” claim for success): RiverAltEaten.pml.txt

Extra files for using SPIN with Microsoft Visual Studio compilers:

Modified XSpin Tcl script to use “cl” as the compile command: xspin430.tcl
Include file not provided by Visual Studio; add this file to a location searched for .h files: stdint.h

o Capture and replay / GUI testing demo: (March 18 / 20)

GUIDemo.zip: an Eclipse project, including:

Application to be tested (also used for Jacareto and Marathon)
An Abbot script
JUnit test case using Abbot script
JUnit test case using Abbot libraries
Requires: Abbot
Anti-requirement: Does not work with JUnit 4

JacaretoSession.zip: a Jacareto session folder

Requires: Jacareto, application from GUIDemo.zip
Anti-requirements: Does not work with Java 6

MarathonSession.zip: a Marathon session folder

Requires: Marathon, application from GUIDemo.zip

o UML test profile example (March 25)

See note above for information about tools that compile C/C++ code using the Visual Studio in the lab rooms.
UMLTestProfile.zip: a Tau 2.7 workspace (the .ttw file), including:

Application to be tested (the PingPong class)
Test context

Requires: Telelogic Tau 2.7 UML tool (licensed for lab rooms only), command-line access to a C++ compiler (Visual Studio in the labs)

Code Library

o Apache Commons Logging (1.1.1)

o Cobertura (1.9)

o DbUnit (2.2)

o EasyMock (2.3)

o HttpUnit (1.6.2)

o Jetty (5.1.12)

o jMock (2.4.0)

o JUnit (4.4)

o MySQL JDBC Connector (5.0.7)

o SPIN

o Tcl/Tk (get the ActiveTcl “standard” distribution; it’s free)

o Jacareto (0.7.12) download installer from SourceForge

o Marathon (1.1.3)

o Abbot (1.0.1)

o Eclipse automated GUI testing plug-in (4.4.1)

Useful links:

o Eclipse: integrated development environment

o Eclipse Test and Performance Tools Platform (TPTP)

o JUnit home page

o Emma code coverage tool:

o Standalone: Emma

o Eclipse plug-in: EclEmma

o CodeCover coverage tool

o Cobertura coverage tool

o Coverlipse coverage tool (not recently updated; won’t work with Java 6 or Eclipse 3.3)

o EasyMock mock objects framework

o jMock mock objects framework

o DbUnit database test tool

o HttpUnit web page test tool

o MySQL database

o Jetty small web server

o Apache Tomcat web server

o SPIN state-space exploration, logic model checking program

o Jacareto capture and replay tool for Java/Swing

o Marathon capture and replay tool for Java/Swing

o Abbot GUI testing framework for Java [versions for Swing or SWT]

o TPTP automated GUI testing plug-in, for Eclipse / SWT based applications

o Nmap, port mapping tool

o Wireshark, network sniffer tool

o Open Web Application Security Project (OWASP) home page, including

o WebScarab security proxy tool

o Security testing project

Professor:

o Alan Williams

o e-mail: awilliam@site.uottawa.ca (this is the preferred contact method)

o Office: STE 5007

o Phone: (613) 562-5800 x6914

o Office hours: Wednesdays: 13:00 – 14:30

Schedule:

o Tuesdays 13:00 – 14:30, Thursdays 11:30 – 13:00

o Location: STE 2060

o First lecture: Tuesday Jan. 8

o Last lecture: Tuesday Apr. 8.

o No lectures: Tuesday Feb. 19 or Thurs. Feb. 21, Thurs. April 10

Resources:

o Course web page: http://www.site.uottawa.ca/~awillliam/csi5118_w08

o Course presentation material will be posted there.

o Suggested references (all are optional):

o J.B. Rainsberger, JUnit Recipes (2005)

o V. Massol, JUnit in Action (2004)

o C. Wysopal, L. Nelson, D.Dai Zovi, E. Dustin, The Art of Software Security Testing (2007)

Pre-requisites:

o There is no specific pre-requisite for the course other than an undergraduate background in computer science or software engineering or equivalent experience. The material is complementary to CSI 5111 (Software Quality Engineering), but it is not necessary to have taken that course. Knowledge of the Java programming language would be useful for this course, as well as some familiarity with web applications.

Evaluation:

o There will be two assignments and a project for the course, as well as a final exam. The assignments will each be worth 15% of the final grade, and the project will be worth 25%, while the exam will be worth 45%. The assignments will be due near the end of February and March, and the project will be due at the end of the term.

Course topics:

o The official calendar description: Topics in formal test derivation methods, test management, high-level, CASE-based verification and validation, data-flow & control-flow measures and metrics for assessing quality of designs and code, regression analysis & testing.

o The intention is to investigate issues related to software test automation, what capabilities are (and are not) available in current test tools, and what is the potential for new capabilities. The course takes a software engineering approach and provides the opportunity for some “hands-on” work with test tools. After taking this course, the goal is to be an intelligent user of software test tools, and provide the background to design and improve such tools.

o Theme for this offering of the course: tools for web and security testing

o Topics to be covered:

o Introduction: what is automated verification and validation, when is it feasible (and not feasible)?

o Types of testing, and the impact on tools.

o Test execution systems:

o General functions: issues with test execution and management

o JUnit: what it does, and how it works.

o Eclipse Test and Performance Tools Platform

o Performance measurement tools.

o Issues with testing graphical user interfaces.

o Coverage measurement and tools:

o What is being measured?

o Approaches for measuring coverage.

o Tools that measure coverage: Emma, Cobertura, CodeCover, Clover

o Tool issues

o Web application testing:

o Applications that use databases, and the DbUnit tool.

o Testing on web application servers, and the Cactus tool.

o Testing web page responses, and the Http/HtmlUnit tools.

o Other web components: XML files, scripts, tag libraries, etc.

o Web page verifiers

o Security testing:

o Security issues

o Tools to analyze software footprint and internals.

o Tools to generate invalid input and protocol messages.

o Verification tools:

o State-space exploration

o Issues with verification tools

o SPIN and its derivatives

Most recent update to this page: Tuesday April 8, 2008 12:05