Understanding software application interfaces via string analysis

In software systems, different software applications often interact with each other through specific interfaces by exchanging data in string format. For example, web services interact with each other through XML strings. Database applications interact with a database through strings of SQL statements. Sometimes these interfaces between different software applications are complex and distributed. For example, a table in a database can be accessed by multiple methods in a database application and a single method can access multiple tables. In this paper, we propose an approach to understanding software application interfaces through string analysis. The approach first performs a static analysis of source code to identify interaction points (in the form of interface-method-call sites). We then leverage existing string analysis tools to collect all possible string data that can be sent through these different interaction points. Then we manipulate collected string data by grouping similar data together. For example, we group together all collected SQL statements that access the same table. Then we associate various parts of aggregated data with interaction points in order to show the connections between entities from interacting applications. Our preliminary results show that the approach can help us understand the characteristics of interactions between database applications and databases. We also identify some challenges in this approach for our future work.

[1]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[2]  Ian Witten,et al.  Data Mining , 2000 .

[3]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[4]  Martin P. Robillard,et al.  Concern graphs: finding and describing concerns using structural program dependencies , 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002.

[5]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[6]  David Notkin,et al.  Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions , 2004, ICFEM.

[7]  Gregor Kiczales,et al.  Aspect-oriented programming , 2001, ESEC/FSE-9.

[8]  Mary Lou Soffa,et al.  A family of test adequacy criteria for database-driven applications , 2003, ESEC/FSE-11.

[9]  Alessandro Orso,et al.  AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks , 2005, ASE.

[10]  Thomas Erl,et al.  Service-Oriented Architecture: A Field Guide to Integrating XML and Web Services , 2004 .

[11]  Atanas Rountev,et al.  Static and dynamic analysis of call chains in java , 2004, ISSTA '04.

[12]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[13]  Shing-Chi Cheung,et al.  Automatic generation of database instances for white-box testing , 2001, 25th Annual International Computer Software and Applications Conference. COMPSAC 2001.

[14]  Monica S. Lam,et al.  Automatic extraction of object-oriented component interfaces , 2002, ISSTA '02.

[15]  Rada Chirkova,et al.  A Formal Model for the Problem of View Selection for Aggregate Queries , 2005, ADBIS.

[16]  S. Diehl,et al.  Software visualization , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[17]  Premkumar T. Devanbu,et al.  Static checking of dynamically generated queries in database applications , 2004, Proceedings. 26th International Conference on Software Engineering.

[18]  Javier Tuya,et al.  Using an SQL coverage measurement for testing database applications , 2004, SIGSOFT '04/FSE-12.

[19]  Tao Xie,et al.  Automatic Extraction of Sliced Object State Machines for Component Interfaces , 2004 .

[20]  Elaine J. Weyuker,et al.  An AGENDA for testing relational database applications , 2004, Softw. Test. Verification Reliab..