Static Checking of Dynamically Generated Queries in Database Applications

Many data-intensive applications dynamically constructqueries in response to client requests and execute them.Java servlets, e.g., can create string representations ofSQL queries and then send the queries, using JDBC, to adatabase server for execution. The servlet programmer enjoysstatic checking vi...

Full description

Saved in:
Bibliographic Details
Published in:International Conference on Software Engineering: Proceedings of the 26th International Conference on Software Engineering; 23-28 May 2004 pp. 645 - 654
Main Authors: Gould, Carl, Su, Zhendong, Devanbu, Premkumar
Format: Conference Proceeding
Language:English
Published: Washington, DC, USA IEEE Computer Society 23.05.2004
Series:ACM Conferences
Subjects:
Applied sciences
Computer science; control theory; systems
Exact sciences and technology
Information systems > Data management systems > Database management system engines > Database query processing
Information systems > Data management systems > Query languages
Information systems > Information retrieval > Information retrieval query processing
Information systems. Data bases
Memory organisation. Data processing
Software
Software and its engineering > Software notations and tools > General programming languages > Language types
Software and its engineering > Software organization and properties > Software functional properties > Correctness
Software engineering
Theory of computation > Logic > Logic and verification
Theory of computation > Logic > Proof theory
Theory of computation > Semantics and reasoning > Program reasoning > Program analysis
Theory of computation > Semantics and reasoning > Program semantics
Theory of computation > Theory and algorithms for application domains > Database theory > Database query languages (principles)
Theory of computation > Theory and algorithms for application domains > Database theory > Database query processing and optimization (theory)
Type theory
High performance
JAVA language
Software development
Database query
Very large databases
Information retrieval
Program analysis
Distributed computing
Program verification
SQL
Character string
Sound analysis
Static analysis
Defect
Purchases
Computer server
Algorithm analysis
Software engineering
ISBN:9780769521633, 0769521630
ISSN:0270-5257
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many data-intensive applications dynamically constructqueries in response to client requests and execute them.Java servlets, e.g., can create string representations ofSQL queries and then send the queries, using JDBC, to adatabase server for execution. The servlet programmer enjoysstatic checking via Javaýs strong type system. However,the Java type system does little to check for possible errorsin the dynamically generated SQL query strings. Thus,a type error in a generated selection query (e.g., comparinga string attribute with an integer) can result in an SQLruntime exception. Currently, such defects must be rootedout through careful testing, or (worse) might be found bycustomers at runtime. In this paper, we present a sound,static, program analysis technique to verify the correctnessof dynamically generated query strings. We describe ouranalysis technique and provide soundness results for ourstatic analysis algorithm. We also describe the details of aprototype tool based on the algorithm and present severalillustrative defects found in senior software-engineeringstudent-team projects, online tutorial examples, and a real-worldpurchase order system written by one of the authors.
Bibliography:SourceType-Conference Papers & Proceedings-1
ObjectType-Conference Paper-1
content type line 25
ISBN:9780769521633
0769521630
ISSN:0270-5257
DOI:10.5555/998675.999468