Improving Test Case Generation for REST APIs Through Hierarchical Clustering

Abstract

With the ever-increasing use of web APIs in modernday applications, it is becoming more important to test the system as a whole. In the last decade, tools and approaches have been proposed to automate the creation of system-level test cases for these APIs using evolutionary algorithms (EAs). One of the limiting factors of EAs is that the genetic operators (crossover and mutation) are fully randomized, potentially breaking promising patterns in the sequences of API requests discovered during the search. Breaking these patterns has a negative impact on the effectiveness of the test case generation process. To address this limitation, this paper proposes a new approach that uses agglomerative hierarchical clustering (AHC) to infer a linkage tree model, which captures, replicates, and preserves these patterns in new test cases. We evaluate our approach, called LT-MOSA, by performing an empirical study on 7 real-world benchmark applications w.r.t. branch coverage and real-fault detection capability. We also compare LT-MOSA with the two existing state-of-the-art white-box techniques (MIO, MOSA) for REST API testing. Our results show that LT-MOSA achieves a statistically significant increase in test target coverage (i.e., lines and branches) compared to MIO and MOSA in 4 and 5 out of 7 applications, respectively. Furthermore, LT-MOSA discovers 27 and 18 unique real-faults that are left undetected by MIO and MOSA, respectively.

Publication
Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering
Mitchell Olsthoorn
Mitchell Olsthoorn
PhD student

Mitchell Olsthoorn is a Ph.D. student in the Software Engineering Research Group (SERG) at Delft University of Technology. He is also a member of the Computational Intelligence for Software Engineering lab (CISELab) and the Blockchain lab. Mitchell holds an M.Sc. degree in Computer Science – with a specialization in Cyber Security and Blockchain. His interests include network security, computational intelligence, and pen-testing. Mitchell is currently working on Security testing for blockchain.

Related