EvoMaster (www.evomaster.org) is the first (2016) open-source AI-driven tool that automatically generates system-level test cases for web/enterprise applications. This is related to Fuzzing. Not only EvoMaster can generate inputs that find program crashes, but also it generates small effective test suites that can be used for regression testing.

EvoMaster is an AI driven tool. In particular, internally it uses an Evolutionary Algorithm and Dynamic Program Analysis to be able to generate effective test cases. The approach is to evolve test cases from an initial population of random ones, trying to maximize measures like code coverage and fault detection. EvoMaster uses several kinds of AI heuristics to improve performance even further, building on decades of research in the field of Search-Based Software Testing.

Key features:

• Web APIs: At the moment, EvoMaster can generate test cases for REST and GraphQL APIs.

• Blackbox testing mode: can run on any API (regardless of its programming language, e.g., Python and Go). However, results for blackbox testing will be worse than whitebox testing (e.g., due to lack of code analysis).

• Whitebox testing mode: can be used for APIs compiled to JVM (e.g., Java and Kotlin). EvoMaster analyses the bytecode of the tested applications, and uses several heuristics such as testability transformations and taint analysis to be able to generate more effective test cases. We support JDK 8 and the major LTS versions after that (currently JDK 17). Might work on other JVM versions, but we provide NO support for it. Note: there is initial support for other languages as well, like for example JavaScript/TypeScript, but they are not in a stable, feature-complete state yet.

• Installation: we provide installers for the main operating systems: Windows (.msi), OSX (.dmg) and Linux (.deb). We also provide an uber-fat JAR file.

• State-of-the-art: an independent study (2022), comparing 10 fuzzers on 20 RESTful APIs, shows that EvoMaster gives the best results.

• Schema: REST APIs must provide a schema in OpenAPI/Swagger format (either v2 or v3).

• Output: the tool generates JUnit (version 4 or 5) tests, written in either Java or Kotlin. There is initial support for other formats. For complete list, see the documentation for the CLI parameter --outputFormat.

• Fault detection: EvoMaster can generate tests cases that reveal faults/bugs in the tested applications. Different heuristics are employed, like checking for 500 status codes and mismatches from the API schemas.

• Self-contained tests: the generated tests do start/stop the application, binding to an ephemeral port. This means that the generated tests can be used for regression testing (e.g., added to the Git repository of the application, and run with any build tool such as Maven and Gradle).

• SQL handling: EvoMaster can intercept and analyse all communications done with SQL databases, and use such information to generate higher code coverage test cases. Furthermore, it can generate data directly into the databases, and have such initialization automatically added in the generated tests. At the moment, EvoMaster supports Postgres, MySQL and H2 databases.

• Authentication: we support auth based on authentication headers and cookies.

Known limitations:

• Driver: to be used for whitebox testing, users need to write a driver manually. We recommend to try blackbox mode first (should just need a few minutes to get it up and running) to get an idea of what EvoMaster can do for you.

• Execution time: to get good results, you might need to run the search for several hours. We recommend to first try the search for 10 minutes, just to get an idea of what type of tests can be generated. But, then, you should run EvoMaster for something like between 1 and 24 hours (the longer the better, but it is unlikely to get better results after 24 hours).

• External services: (e.g., other RESTful APIs) currently there is no support for them (e.g., to automatically mock them). It is work in progress.

• NoSQL databases: (e.g., MongoDB) currently no support. It is work in progress.

• Failing tests: the tests generated by EvoMaster should all pass, and not fail, even when they detect a fault. In those cases, comments/test-names would point out that a test is revealing a possible fault, while still passing. However, in some cases the generated tests might fail. This is due to the so called flaky tests, e.g., when a test has assertions based on the time clock (e.g., dates and timestamps). There is ongoing effort to address this problem, but it is still not fully solved.

• A short video (5 minutes) shows the use of EvoMaster on one of the case studies in EMB.

• This 13-minute video shows how to write a white-box driver for EvoMaster, for the rest-api-example.

• How to Download and Install EvoMaster on Windows 10, using its .msi installer.

Depending on the year, we might have funding for postdoc and PhD student positions to work on this project (in Oslo, Norway).

Current positions:

• 2023: PhD student positions. Apply here.
• 2023: Postdoc position. Apply here.

For questions on these positions, please contact Prof. Andrea Arcuri.

If you are trying to use EvoMaster, but the instructions in this documentation are not enough to get you started, or they are too unclear, then it means it is a bug in the documentation, which then would need to be clarified and updated. In such cases, please create a new issue.

• Example of generated tests
• Download and Install EvoMaster
• Build EvoMaster from source
• Command-Line Interface (CLI) options
• OpenApi/Swagger Schema
• Using EvoMaster for Black-Box Testing (easier to setup, but worse results)
• Using EvoMaster for White-Box Testing (harder to setup, but better results)
  • Write an EvoMaster Driver for White-Box Testing
  • Dealing with JDKs above version 8
• Console output
• Library dependencies for the generated tests
• How to contribute
  • Technical notes for developers contributing to EvoMaster
• Troubleshooting
  • Windows and networking
• More Info
  • Academic papers related to EvoMaster
  • Slides of presentations/seminars
  • Replicating studies

EvoMaster has been funded by:

• 2020-2025: a 2 million Euro grant by the European Research Council (ERC), as part of the ERC Consolidator project Using Evolutionary Algorithms to Understand and Secure Web/Enterprise Systems.
• 2018-2021: a 7.8 million Norwegian Kroner grant by the Research Council of Norway (RCN), as part of the Frinatek project Evolutionary Enterprise Testing.

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 864972).

EvoMaster's source code is released under the LGPL (v3) license. For a list of the used third-party libraries, you can directly see the root pom.xml file. For a list of code directly imported (and then possibly modified/updated) from other open-source projects, see here.

YourKit supports open source projects with its full-featured Java Profiler. YourKit, LLC is the creator of YourKit Java Profiler and YourKit .NET Profiler, innovative and intelligent tools for profiling Java and .NET applications.