Content area

Abstract

Translate

A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.

Details

1009240
Subject
Automation;
Case studies;
Data base management systems;
Decision analysis;
Program verification (computers);
Applications programs;
Queries;
Computer conferencing;
Relational data bases;
Query languages;
Databases
URL
http://arxiv.org/abs/1610.02101
Title
On the automated verification of web applications with embedded SQL
Author
Shachar Itzhaky; Kotek, Tomer; Rinetzky, Noam; Sagiv, Mooly; Orr, Tamir; Veith, Helmut; Zuleger, Florian
Publication title
arXiv.org; Ithaca
Publication year
2016
Publication date
Oct 6, 2016
Section
Computer Science
Publisher
Cornell University Library, arXiv.org
Source
arXiv.org
Place of publication
Ithaca
Country of publication
United States
University/institution
Cornell University Library arXiv.org
Publication subject
Biology, Statistics, Physics, Mathematics, Engineering--Electrical Engineering, Computers--Computer Engineering, Business And Economics--Banking And Finance
e-ISSN
2331-8422
Source type
Working Paper
Language of publication
English
Document type
Working Paper
Publication history
 
 
Online publication date
2016-10-10
Milestone dates
2016-10-06 (Submission v1)
Publication history
 
 
   First posting date
10 Oct 2016
ProQuest document ID
2080375338
Document URL
https://www.proquest.com/working-papers/on-automated-verification-web-applications-with/docview/2080375338/se-2?accountid=208611
Full text outside of ProQuest
http://arxiv.org/abs/1610.02101
Copyright
© 2016. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Last updated
2020-03-18
Database
ProQuest One Academic