Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Control flow analysis in scheme
PLDI '88 Proceedings of the ACM SIGPLAN 1988 conference on Programming Language design and Implementation
POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Interconvertbility of set constraints and context-free language reachability
PEPM '97 Proceedings of the 1997 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Multi-stage programming with explicit annotations
PEPM '97 Proceedings of the 1997 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
LFP '86 Proceedings of the 1986 ACM conference on LISP and functional programming
Global Data Flow Analysis and Iterative Algorithms
Journal of the ACM (JACM)
Projection merging: reducing redundancies in inclusion constraint graphs
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A type system for dynamic Web documents
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Static validation of dynamically generated HTML
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
ACM Transactions on Internet Technology (TOIT)
Soot - a Java bytecode optimization framework
CASCON '99 Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative research
A family of test adequacy criteria for database-driven applications
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Safe query objects: statically typed objects as remotely executable queries
Proceedings of the 27th international conference on Software engineering
Combining static analysis and runtime monitoring to counter SQL-injection attacks
WODA '05 Proceedings of the third international workshop on Dynamic analysis
Java Data Objects
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A practical string analyzer by the widening approach
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Classification Agent-Based Techniques for Detecting Intrusions in Databases
HAIS '08 Proceedings of the 3rd international workshop on Hybrid Artificial Intelligence Systems
Model-based fault detection in context-aware adaptive applications
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Abstract Parsing: Static Analysis of Dynamically Generated String Output Using LR-Parsing Technology
SAS '09 Proceedings of the 16th International Symposium on Static Analysis
Abstract parsing for two-staged languages with concatenation
GPCE '09 Proceedings of the eighth international conference on Generative programming and component engineering
Symbolic automata constraint solving
LPAR'10 Proceedings of the 17th international conference on Logic for programming, artificial intelligence, and reasoning
An interactive tool for analyzing embedded SQL queries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Formal modeling
Test input generation for database programs using relational constraints
DBTest '12 Proceedings of the Fifth International Workshop on Testing Database Systems
A type system for regular expressions
Proceedings of the 14th Workshop on Formal Techniques for Java-like Programs
Automated repair of HTML generation errors in PHP applications using string constraint solving
Proceedings of the 34th International Conference on Software Engineering
Green streams for data-intensive software
Proceedings of the 2013 International Conference on Software Engineering
Effective quotation: relating approaches to language-integrated query
Proceedings of the ACM SIGPLAN 2014 Workshop on Partial Evaluation and Program Manipulation
| Hi-index | 0.00 |
Many data-intensive applications dynamically construct queries in response to client requests and execute them. Java servlets, for example, can create strings that represent SQL queries and then send the queries, using JDBC, to a database server for execution. The servlet programmer enjoys static checking via Java's strong type system. However, the Java type system does little to check for possible errors in the dynamically generated SQL query strings. Thus, a type error in a generated selection query (e.g., comparing a string attribute with an integer) can result in an SQL runtime exception. Currently, such defects must be rooted out through careful testing, or (worse) might be found by customers at runtime. In this article, we present a sound, static program analysis technique to verify that dynamically generated query strings do not contain type errors. We describe our analysis technique and provide soundness results for our static analysis algorithm. We also describe the details of a prototype tool based on the algorithm and present several illustrative defects found in senior software-engineering student-team projects, online tutorial examples, and a real-world purchase order system written by one of the authors.