Reinforcement Learning-Based REST API Testing with Multi-Coverage

Tien-Quang Nguyen,Nghia-Hieu Cong,Ngoc-Minh Quach,Hieu Dinh Vo,Son Nguyen
2024-10-20
Abstract:REST (Representational State Transfer) APIs have become integral for data communication and exchange due to their simplicity, scalability, and compatibility with web standards. However, ensuring REST APIs' reliability through rigorous testing poses significant challenges, given the complexities of operations, parameters, inputs, dependencies, and call sequences. In this paper, we introduce MUCOREST, a novel Reinforcement Learning (RL)-based API testing approach that leverages Q-learning to maximize code coverage and output coverage, thereby improving bug discovery. By focusing on these proximate objectives rather than the abstract goal of maximizing failures, MUCOREST effectively discovers critical code areas and diverse API behaviors. The experimental results on a benchmark of 10 services show that MUCOREST significantly outperforms state-of-the-art API testing approaches by 11.6-261.1% in the number of discovered API bugs. MUCOREST can generate much fewer API calls to discover the same number of bugs compared to the other approaches. Furthermore, 12.17%-64.09% of the bugs discovered by the other techniques can also be found by MUCOREST.
Software Engineering
What problem does this paper attempt to address?
### What problems does this paper attempt to solve? This paper aims to solve the complexity and challenges in REST API testing to ensure the reliability of APIs. Specifically, the paper proposes an API testing method based on Reinforcement Learning (RL) - **MUCOREST**, whose main goal is to improve the effectiveness of API testing by maximizing code coverage and output coverage, thereby discovering more API defects. #### Main problems: 1. **Complexity of REST API testing**: - The operations, parameters, inputs, dependencies, and invocation sequences of REST APIs are very complex, which makes it difficult for traditional testing methods to cover all possible situations. - Ensuring the reliability of REST APIs requires strict testing, but existing testing methods often perform poorly in the face of these complexities. 2. **Limitations of existing methods**: - Existing API testing tools such as RESTler and Morest can generate effective test cases, but they are still insufficient in exploring API defects, especially when considering the importance of operations and parameters. - Reinforcement - learning - based methods such as ARAT - RL directly reward failed API calls (such as 4xx and 5xx response codes), but this may cause RL agents to have difficulty in effectively learning and discovering API defects. 3. **Improving API testing efficiency**: - The paper points out that existing API testing methods usually require a large number of API calls to discover the same number of defects, while MUCOREST can discover more defects with fewer API calls. #### MUCOREST's solutions: - **Dual - objective optimization**: MUCOREST improves the effectiveness of API testing by maximizing two more specific intermediate goals, code coverage and output coverage, rather than directly pursuing maximizing the number of failures. - **Q - learning algorithm**: MUCOREST uses the Q - learning algorithm and designs a reward function specifically for API testing tasks, encouraging agents to generate API calls that can improve code coverage and output coverage. - **Experimental verification**: The paper proves through experiments that MUCOREST is significantly superior to existing API testing methods on multiple benchmark services, discovers more API defects, and can achieve this goal with fewer API calls. In conclusion, by introducing MUCOREST, this paper provides a more efficient and comprehensive REST API testing method, which solves the deficiencies of existing methods in the face of complex API testing.