Deep typechecking and refactoring

Large software systems are typically composed of multiple layers, written in different languages and loosely coupled using a string-based interface. For example, in modern web-applications, a server written in Java communicates with a database back-end by passing in query strings. This widely prevalent approach is unsafe as the analyses developed for the individual layers are oblivious to the semantics of the dynamically constructed strings, making it impossible to statically reason about the correctness of the interaction. Further, even simple refactoring in such systems is daunting and error prone as the changes must also be applied to isolated string fragments scattered across the code base. We present techniques for deep typechecking and refactoring for systems that combine Java code with a database back-end using the Java Persistence API [10]. Deep typechecking ensures that the queries that are constructed dynamically are type safe and that the values returned from the queries are used safely by the program. Deep refactoring builds upon typechecking to allow programmers to safely and automatically propagate code refactorings through the query string fragments. Our algorithms are implemented in a tool called QUAIL. We present experiments evaluating the effectiveness of QUAIL on several benchmarks ranging from 3,369 to 82,907 lines of code.We show that QUAIL is able to verify that 84% of query strings in our benchmarks are type safe. Finally, we show that QUAIL reduces the number of places in the code that a programmer must look at in order to perform a refactoring by several orders of magnitude.

[1]  Malcolm P. Atkinson,et al.  An orthogonally persistent Java , 1996, SGMD.

[2]  Premkumar T. Devanbu,et al.  Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[3]  Michael Pizzo,et al.  SQL/CLI—a new binding style for SQL , 1995, SGMD.

[4]  Miguel Castro,et al.  Safe and efficient sharing of persistent objects in Thor , 1996, SIGMOD '96.

[5]  Florian Matthes,et al.  The DBPL Project: Advances in Modular Database Programming , 1994, Inf. Syst..

[6]  David Maier,et al.  Representing Database Programs as Objects , 1990, DBPL.

[7]  Florian Matthes,et al.  Tycoon: A Scalable and Interoperable Persistent System Environment , 2000 .

[8]  Gavin M. Bierman,et al.  Lost in translation: formalizing proposed extensions to c# , 2007, OOPSLA.

[9]  R.A. McClure,et al.  SQL DOM: compile time checking of dynamic SQL statements , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[10]  Jeffrey S. Foster,et al.  Checking type safety of foreign function calls , 2005, PLDI '05.

[11]  Limsoon Wong,et al.  Kleisli, a functional query system , 2000, J. Funct. Program..

[12]  Philip Wadler,et al.  Links: Web Programming Without Tiers , 2006, FMCO.

[13]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[14]  S. Rai,et al.  Safe query objects: statically typed objects as remotely executable queries , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[15]  William R. Cook,et al.  Extracting queries by static analysis of transparent persistence , 2007, POPL '07.

[16]  J. Gregory Morrisett,et al.  Ilea: inter-language analysis across java and c , 2007, OOPSLA.

[17]  James Noble,et al.  Efficient Object Querying for Java , 2006, ECOOP.