REST (Representational State Transfer) APIs have become integral for data communication and exchange due to their simplicity, scalability, and compatibility with web standards. However, ensuring REST APIs' reliability through rigorous testing poses significant challenges, given the complexities of operations, parameters, inputs, dependencies, and call sequences. In this paper, we introduce MUCOREST, a novel Reinforcement Learning (RL)-based API testing approach that leverages Q-learning to maximize code coverage and output coverage, thereby improving bug discovery. By focusing on these proximate objectives rather than the abstract goal of maximizing failures, MUCOREST effectively discovers critical code areas and diverse API behaviors. The experimental results on a benchmark of 10 services show that MUCOREST significantly outperforms state-of-the-art API testing approaches by 11.6-261.1% in the number of discovered API bugs. MUCOREST can generate much fewer API calls to discover the same number of bugs compared to the other approaches. Furthermore, 12.17%-64.09% of the bugs discovered by the other techniques can also be found by MUCOREST.
翻译:REST(表征状态转移)API因其简洁性、可扩展性及与Web标准的兼容性,已成为数据通信与交换的关键组件。然而,鉴于操作、参数、输入、依赖关系及调用序列的复杂性,通过严格测试确保REST API的可靠性面临重大挑战。本文提出MUCOREST——一种基于强化学习(RL)的新型API测试方法,该方法利用Q学习最大化代码覆盖度与输出覆盖度,从而提升缺陷发现能力。通过聚焦于这些近似目标而非抽象的最大化故障目标,MUCOREST能有效发现关键代码区域及多样化的API行为。在10个服务的基准测试中,实验结果表明MUCOREST在发现的API缺陷数量上显著优于现有最优API测试方法11.6%-261.1%。与其他方法相比,MUCOREST发现相同数量缺陷所需的API调用量大幅减少。此外,其他技术发现的缺陷中有12.17%-64.09%同样可被MUCOREST检测到。