Title :
JDBC checker: a static analysis tool for SQL/JDBC applications
Author :
Gould, Carl ; Su, Zhendong ; Devanbu, Premkumar
Author_Institution :
Dept. of Comput. Sci., California Univ., Davis, CA, USA
Abstract :
In data-intensive applications, it is quite common for the implementation code to dynamically construct database query strings and execute them. For example, a typical Java servlet Web service constructs SQL query strings and dispatches them over a JDBC connector to an SQL-compliant database. The servlet programmer enjoys static checking via Java´s strong type system. However, the Java type system does little to check for possible errors in the dynamically generated SQL query strings. For example, a type error in a generated selection query (e.g., comparing a string attribute with an integer) can result in an SQL runtime exception. Currently, such defects must be rooted out through careful testing, or (worse) might be found by customers at runtime. In this paper, we describe JDBC Checker, a sound static analysis tool to verify the correctness of dynamically generated query strings. We have successfully applied the tool to find known and unknown defects in realistic programs using JDBC. We give a short description of our tool in this paper.
Keywords :
Java; SQL; database management systems; program diagnostics; query processing; JDBC application; JDBC checker; JDBC connector; Java servlet Web service; Java type system; SQL application; SQL query strings; SQL runtime exception; SQL-compliant database; database query strings; implementation code; selection query; static analysis tool; static checking; type error; Application software; Automata; Computer science; Connectors; Databases; Java; Programming profession; Runtime; Testing; Web services;
Conference_Titel :
Software Engineering, 2004. ICSE 2004. Proceedings. 26th International Conference on
Print_ISBN :
0-7695-2163-0
DOI :
10.1109/ICSE.2004.1317494
