Static Analysis of Dynamic Database Usage in Java Systems

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9694)

Abstract

Understanding the links between application programs and their database is useful in various contexts such as migrating information systems towards a new database platform, evolving the database schema, or assessing the overall system quality. In the case of Java systems, identifying which portion of the source code accesses which portion of the database may prove challenging. Indeed, Java programs typically access their database in a dynamic way. The queries they send to the database server are built at runtime, through String concatenations, or Object-Relational Mapping frameworks like Hibernate and JPA. This paper presents a static analysis approach to program-database links recovery, specifically designed for Java systems. The approach allows developers to automatically identify the source code locations accessing given database tables and columns. It focuses on the combined analysis of JDBC, Hibernate and JPA invocations. We report on the use of our approach to analyse three real-life Java systems.

Keywords

Database access recovery Static analysis Java ORM 

References

  1. 1.
    Tiobe programming community index. Accessed 01-02-2016. http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html
  2. 2.
    Brink, H.V.D., Leek, R.V.D., Visser, J.: Quality assessment for embedded SQL. In: SCAM 2007, pp. 163–170. IEEE Computer Society (2007)Google Scholar
  3. 3.
    Chen, T.H., Shang, W., Jiang, Z.M., Hassan, A.E., Nasser, M., Flora, P.: Detecting performance anti-patterns for applications developed using object-relational mapping. In: ICSE 2014, pp. 1001–1012. ACM (2014)Google Scholar
  4. 4.
    Christensen, A.S., Møller, A., Schwartzbach, M.I.: Precise analysis of string expressions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 1–18. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Clark, S.R., Cobb, J., Kapfhammer, G.M., Jones, J.A., Harrold, M.J.: Localizing SQL faults in database applications. In: ASE 2011, p. 213. IEEE (2011)Google Scholar
  6. 6.
    Cleve, A., Mens, T., Hainaut, J.L.: Data-intensive system evolution. IEEE Comput. 43(8), 110–112 (2010)CrossRefGoogle Scholar
  7. 7.
    Goeminne, M., Decan, A., Mens, T.: Co-evolving code-related and database-related changes in a data-intensive software system. In: CSMR-WCRE 2014, pp. 353–357 (2014)Google Scholar
  8. 8.
    Goeminne, M., Mens, T.: Towards a survival analysis of database framework usage in Java projects. In: ICSME 2015 (2015)Google Scholar
  9. 9.
    Gould, C., Su, Z., Devanbu, P.: Static checking of dynamically generated queries in database applications. In: ICSE 2004, pp. 645–654. IEEE (2004)Google Scholar
  10. 10.
    Javid, M.A., Embury, S.M.: Diagnosing faults in embedded queries in database applications. In: EDBT/ICDT 2012 Workshops, pp. 239–244. ACM (2012)Google Scholar
  11. 11.
    Maule, A., Emmerich, W., Rosenblum, D.S.: Impact analysis of database schema changes. In: ICSE 2008, pp. 451–460. ACM (2008)Google Scholar
  12. 12.
    Meurice, L., Bermudez, J., Weber, J., Cleve, A.: Establishing referential integrity in legacy information systems: reality bites!. In: ICSM 2014. IEEE (2014)Google Scholar
  13. 13.
    Nagy, C., Meurice, L., Cleve, A.: Where was this SQL query executed?: a static concept location approach. In: SANER 2015, ERA Track. IEEE (2015)Google Scholar
  14. 14.
    Ngo, M.N., Tan, H.B.K.: Applying static analysis for automated extraction of database interactions in web applications. Inf. Softw. Technol. 50(3), 160 (2008)CrossRefGoogle Scholar
  15. 15.
    Sonoda, M., Matsuda, T., Koizumi, D., Hirasawa, S.: On automatic detection of SQL injection attacks by the feature extraction of the single character. In: SIN 2011, pp. 81–86. ACM (2011)Google Scholar
  16. 16.
    Wang, X., Lo, D., Cheng, J., Zhang, L., Mei, H., Yu, J.X.: Matching dependence-related queries in the system dependence graph. In: ASE 2010, pp. 457–466. ACM (2010)Google Scholar
  17. 17.
    Wassermann, G., Gould, C., Su, Z., Devanbu, P.: Static checking of dynamically generated queries in database applications. ACM ToSEM 16(4), 308–339 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.PReCISE Research CenterUniversity of NamurNamurBelgium

Personalised recommendations