SMALLTALK-80: the interactive programming environment
SMALLTALK-80: the interactive programming environment
Types and persistence in database programming languages
ACM Computing Surveys (CSUR)
Fully static dimensional analysis with C++
ACM SIGPLAN Notices
The design and evolution of C++
The design and evolution of C++
C/C++ Users Journal
Generic programming and the STL: using and extending the C++ Standard Template Library
Generic programming and the STL: using and extending the C++ Standard Template Library
Programming pearls: little languages
Communications of the ACM
Some high level language constructs for data of type relation
ACM Transactions on Database Systems (TODS)
Domain specific embedded compilers
Proceedings of the 2nd conference on Domain-specific languages
SQLJ Part 1: SQL routines using the Java programming language
ACM SIGMOD Record
Generative programming: methods, tools, and applications
Generative programming: methods, tools, and applications
A relational model of data for large shared data banks
Communications of the ACM
Types and programming languages
Types and programming languages
Oracle: The Complete Reference,Electronic Edition
Oracle: The Complete Reference,Electronic Edition
Using Microsoft SQL Server 7.0
Using Microsoft SQL Server 7.0
SQL: The Complete Reference
Standard C++ Bible
The Java Programming Language
Writing Secure Code
Mysql Reference Manual
DB2: The Complete Reference
C++ Templates
Visual C++(R).Net: The Complete Reference
Visual C++(R).Net: The Complete Reference
Making smalltalk a database system
SIGMOD '84 Proceedings of the 1984 ACM SIGMOD international conference on Management of data
The Lambda library: unnamed functions in C++
Software—Practice & Experience
Proceedings of the 2004 ACM symposium on Applied computing
Applied Data Structures with C++
Applied Data Structures with C++
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
SQL DOM: compile time checking of dynamic SQL statements
Proceedings of the 27th international conference on Software engineering
Safe query objects: statically typed objects as remotely executable queries
Proceedings of the 27th international conference on Software engineering
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
LINQ: reconciling object, relations and XML in the .NET framework
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
Concepts: linguistic support for generic programming in C++
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Adding domain-specific and general purpose language features to Java with the Java language extender
Companion to the 21st ACM SIGPLAN symposium on Object-oriented programming systems, languages, and applications
Compile time symbolic derivation with C++ templates
COOTS'98 Proceedings of the 4th conference on USENIX Conference on Object-Oriented Technologies and Systems - Volume 4
Combining structural subtyping and external dispatch
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Making standard ML a practical database programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
| Hi-index | 0.00 |
Most large software applications rely on an external relational database for storing and managing persistent data. Typically, such applications interact with the database by first constructing strings that represent SQL statements, and then submitting these for execution by the database engine. The fact that these statements are only checked for correctness at runtime is a source for many potential defects, including type and syntax errors and vulnerability to injection attacks. The AraRat system presented here offers a method for dealing with these difficulties by coercing the host C++ compiler to do the necessary checks of the generated strings. A library of templates and preprocessor directives is used to embed in C++ a little language representing an augmented relational algebra formalism. Type checking of this embedded language, carried out by our template library, assures, at compile-time, the correctness and safety of the generated SQL strings. All SQL statements constructed by AraRat are guaranteed to be syntactically correct, and type safe with respect to the database schema. Moreover, AraRat statically ensures that the generated statements are immune to all injection attacks. The standard techniques of ''expression templates'' and ''compile-time symbolic derivation'' for compile-time representation of symbolic structures, are enhanced in our system. We demonstrate the support of a type system and a symbol table lookup of the symbolic structure. A key observation of this work is that type equivalence of instantiated nominally typed generics in C++ (as well as other languages, e.g., Java) is structural rather than nominal. This makes it possible to embed the structural type system, characteristic to persistent data management, in the nominal type system of C++. For some of its advanced features, AraRat relies on two small extensions to the standard C++ language: the typeof pseudo operator and the __COUNTER__ preprocessor macro.