Abstract
We perform static analysis of Java programs to answer a simple question: which values may occur as results of string expressions? The answers are summarized for each expression by a regular language that is guaranteed to contain all possible values. We present several applications of this analysis, including statically checking the syntax of dynamically generated expressions, such as SQL queries. Our analysis constructs flow graphs from class files and generates a context-free grammar with a nonterminal for each string expression. The language of this grammar is then widened into a regular language through a variant of an algorithm previously used for speech recognition. The collection of resulting regular languages is compactly represented as a special kind of multi-level automaton from which individual answers may be extracted. If a program error is detected, examples of invalid strings are automatically produced. We present extensive benchmarks demonstrating that the analysis is efficient and produces results of useful precision.
Original language | English |
---|---|
Title of host publication | Static Analysis : 10th International Symposium, SAS 2003 San Diego, CA, USA, June 11-13, 2003 Proceedings |
Number of pages | 18 |
Publisher | Springer |
Publication date | 2003 |
Pages | 1-18 |
ISBN (Print) | 3-540-40325-6 |
DOIs | |
Publication status | Published - 2003 |
Event | Static Analysis International Symposium. SAS 2003 - San Diego, California, United States Duration: 11 Jun 2003 → 13 Jun 2003 Conference number: 10 |
Conference
Conference | Static Analysis International Symposium. SAS 2003 |
---|---|
Number | 10 |
Country/Territory | United States |
City | San Diego, California |
Period | 11/06/2003 → 13/06/2003 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 2694 |
ISSN | 0302-9743 |
Keywords
- Regular language
- Static analysis
- Graph flow
- Flow graphs
- Fluence graph
- SQL
- Regular expression
- Speech recognition
- Context free grammar
- Data flow
- Database query
- JAVA language
- Program verification
- Program analysis
- Character string