Verification of ORM-based Controllers by Summary Inference

In this work we describe a novel approach for modeling, analysis and verification of database-accessing applications that use the ORM (Object Relational Mapping) paradigm. Rather than directly analyze ORM code to check specific properties, our approach infers a general-purpose relational algebra summary of each controller in the application. This summary can then be fed into any off-the-shelf relational algebra solver to check for properties or specifications given by a developer. The summaries can also aid program understanding, and may have other applications. We have implemented our approach as a prototype tool that works for ‘Spring’ based MVC applications. A preliminary evaluation reveals that the approach is efficient, and gives good results while checking a set of properties given by human subjects.

[1]  Jayant R. Haritsa,et al.  Shedding Light on Opaque Application Queries , 2021, SIGMOD Conference.

[2]  Karthik Ramachandra,et al.  Aggify: Lifting the Curse of Cursor Loops using Custom Aggregates , 2020, SIGMOD Conference.

[3]  Daniel Jackson,et al.  Alloy: a language and tool for exploring software designs , 2019, Commun. ACM.

[4]  Martin Rinard,et al.  Using active learning to synthesize models of applications that access databases , 2019, PLDI.

[5]  R. Hilborn,et al.  Supplementary Materials , 2019 .

[6]  Isil Dillig,et al.  Verifying equivalence of database-driven applications , 2017, Proc. ACM Program. Lang..

[7]  Raghavan Komondoor,et al.  Testing and analysis of web applications using page models , 2017, ISSTA.

[8]  Helmut Veith,et al.  On the automated verification of web applications with embedded SQL , 2016, ICDT.

[9]  S. Sudarshan,et al.  Extracting Equivalent SQL from Imperative Code in Database Applications , 2016, SIGMOD Conference.

[10]  Tevfik Bultan,et al.  Coexecutability for Efficient Verification of Data Model Updates , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[11]  Tevfik Bultan,et al.  Inductive verification of data model invariants for web applications , 2014, ICSE.

[12]  Alvin Cheung,et al.  Optimizing database-backed applications with query synthesis , 2013, PLDI.

[13]  Saurabh Sinha,et al.  Guided test generation for web applications , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[14]  Joseph P. Near,et al.  Rubicon: bounded verification of web applications , 2012, SIGSOFT FSE.

[15]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[16]  Willy Zwaenepoel,et al.  JReq: Database Queries in Imperative Languages , 2010, CC.

[17]  William R. Cook,et al.  Interprocedural query extraction for transparent persistence , 2008, OOPSLA.

[18]  Rupak Majumdar,et al.  Dynamic test input generation for database applications , 2007, ISSTA '07.

[19]  Paolo Tonella,et al.  Analysis and testing of Web applications , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[20]  Roy T. Fielding,et al.  Principled design of the modern Web architecture , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.