This invention relates generally to methods and apparatus for executing and exercising an unknown executable program with a graphical user interface GUI) automatically and in a systematic manner so as to maximize code coverage, and further relates to methods for analyzing computer viruses and methods for software testing.
For the purposes of this patent application, a Computer Virus is defined as follows: a virus is a self-replicating program or routine that spreads in a possibly modified manner without direct human interaction. Reference in this regard may be had to commonly assigned U.S. Pat. No. 5,613,002, incorporated by reference herein in its entirety.
Automatic software testing tools are known in the art. For example, reference can be had to U.S. Pat. No. 5,754,760, xe2x80x9cAutomatic Software Testing Toolxe2x80x9d, by Warfield, and to U.S. Pat. No. 5,600,789. xe2x80x9cAutomated GUI Interface Testingxe2x80x9d, by Parker et al.
Reference can also be had to U.S. Pat. No. 5,475,843, xe2x80x9cSystem and Methods for Improved Program Testingxe2x80x9d, by Halviatti et al.
Certain types of computer viruses replicate only when a specific section of code is executed. This is because, unlike ordinary viruses, they insert themselves into a location in a host application that is not the entry point of the application. In order to replicate this class of viruses one must attempt to exercise every part of the program, i.e., one must attempt to achieve maximum code coverage. As can be appreciated, replicating these viruses is very difficult and time consuming, as it requires the systematic testing of every feature of the host program via the host program""s GUI. Prior to this invention, the inventors are not aware of any automatic software evaluation or testing tool that would be suitable for replicating this type of computer virus.
The foregoing and other problems are overcome by methods and apparatus in accordance with embodiments of this invention.
In a first aspect this invention provides a mechanism for achieving the automatic replication of computer viruses.
In a second aspect this invention provides methods and apparatus to achieve the automatic testing of computer software applications with a user interface in such a way as to simulate the actions of an inexperienced user who is unfamiliar with the application""s features. This enables testers to uncover problems that may otherwise go undetected. A benefit of this method is that problems may be uncovered in the computer code that would not be found by simply following suggested instructions in a user""s manual for the application.
A method is disclosed for automatically exercising a target application process having a Graphical User Interface (GUI), as is a system for implementing the method and a computer program, stored on a computer readable medium, that embodies the method.
The method includes the computer executed steps of starting the target application process; detecting a presence of a first window opened by the target application process; processing the first window by determining the content of the first window, including a list of user controls; exercising the user controls until all of the user controls have been exercised, with user controls likely to cause termination being identified and exercised after user controls that are less likely to cause termination; and closing the first window.
The step of exercising includes steps of estimating a best order of execution of user controls and the text to be input to user input fields. If exercising a particular user control causes the first window to close before all of the user controls have been exercised for the first window, the method further includes steps of reopening the first window; and exercising the window""s user controls other than the particular user control, unless the particular user control is required to close the first window after all of the window""s user controls have been exercised.
If exercising a particular user control causes a second window to open, the method includes steps of determining a content of the second window, including a list of user controls; exercising the user controls until all of the user controls of the second window have been exercised; closing the second window; and continuing the processing of the first window.
The step of exercising includes steps of estimating a best order of execution of user controls and text to be input to user input fields, preferably based at least in part on information obtained from the open window. The order determination applies to all user controls, such as button controls, selection fields before edit controls, edit controls before button controls, and so forth.
After individual ones of the user controls are exercised the method includes further steps of enumerating the system windows; and determining if there has been a change in the enumerated system windows due to a new window being opened; and if there has been a change, processing the new window before resuming the processing of the first window. This aspect of the method further identifies if the newly opened window or windows are associated with the target application process by comparing a process id of the target application process with the process id of each newly opened window. If the new window is not associated with the target application process, the method continues by one of processing the new window or closing the new window; and then continuing the processing of the first window. If it is detected that a plurality of new windows have opened, the method determines if a parent-child relationship exists between the plurality of new windows. If a parent-child relationship is found to exist, the method processes the child window before processing the parent window. If a parent-child relationship is not found to exist between the plurality of new windows, the method may process the plurality of new windows in any (arbitrary) order; and then continues the processing of the first window.
The step of processing includes a step of maintaining a list of windows associated with the target application process, the list containing, for each window, the window""s handle, name, class, a list of user controls contained in the window, a state of the window, and an identification of any user controls that have caused the window to close. Two windows are considered identical only if they have at least the same class, name and user controls, and if a new window has at least the same class, name and user controls as a window present in the list of windows, the new window it is not added to the list of windows, but instead the handle of the corresponding window in the list, and its user controls, are updated accordingly.
In the preferred embodiment of the method the order of processing of dialog user controls are based on their type, wherein Combo box dialog user controls are processed first, followed by Edit fields, followed by button user controls. Among the button user controls those which are most likely to cause termination are processed last.
A Combo box is one includes a list box combined with either a static control or an edit control. The list-box portion of the control may be displayed at all times, or it may only drop down when the user selects the drop-down arrow next to the control. The description of this and other controls may be found in the Microsoft Developer Network knowledge base, in particular in a publication xe2x80x9cVisual C++ programmer guidexe2x80x9d, available from Microsoft Press.
The user controls may also include menu items and submenu items, and during the step of executing a click on a particular menu or submenu item is simulated by sending a command message such as, in the Windows(trademark) environment, a WM_COMMAND message to the target application process, passing the command id as a parameter. The step of processing includes a further step of creating a list of all submenu items, and a step of determining an order of testing of menu items by considering both the name of each menu item and its position, with those menu items that can cause termination being executed last.