Applying static analysis for automated extraction of database interactions in web applications

详细信息    查看全文

• 作者：Minh Ngoc Ngo ; Hee Beng Kuan Tan
• 关键词：Database interactions ; Web applications ; Automated extraction ; Symbolic execution ; Slicing
• 刊名：Information and Software Technology
• 出版年：2008
• 出版时间：February 2008
• 年：2008
• 卷：50
• 期：3
• 页码：160-175
• 全文大小：403 K

文摘

Database interactions are among the most essential functional features in web applications. Therefore, for the testing and maintenance of a web application, it is important that the web engineer could identify all the database interactions in the web application. However, the highly dynamic nature of web applications makes it challenging to extract all the possible database interactions from source code.

In this paper, we propose an automated approach to extract database interactions from source code by using symbolic execution and inference rules. Our approach automatically identifies all the possible database interaction points. After that, all the program paths, which pass through each interaction point, are also computed. Each of these paths is then symbolically executed following our proposed symbolic evaluation rules. We also develop inference rules to deduce the interaction types from the set of symbolic expressions derived during the symbolic execution. Experiments have been conducted to evaluate the performance and usefulness of the proposed approach. The results indicate that even with some limitations in handling function calls, pointers and polymorphism, our approach still gives an average precision of 79.2 % , which is 45.4 % more than that of the conservative approach.