Dependency information (data- and/or control-dependencies) among program variables and program statements is playing crucial roles in a wide range of software-engineering activities, e.g., program slicing, information flow security analysis, debugging, code-optimization, code-reuse, code-understanding. Most existing dependency analyzers focus on mainstream languages and they do not support database applications embedding queries and data-manipulation commands. The first extension to the languages for relational database management systems, proposed by Willmor et al. in 2004, suffers from the lack of precision in the analysis primarily due to its syntax-based computation and flow insensitivity. Since then no significant contribution is found in this research direction. This paper extends the Abstract Interpretation framework for static dependency analysis of database applications, providing a semantics-based computation tunable with respect to precision. More specifically, we instantiate dependency computation by using various relational and non-relational abstract domains, yielding to a detailed comparative analysis with respect to precision and efficiency. Finally, we present a prototype $\sf{ semDDA}$semDDA, a semantics-based Database Dependency Analyzer integrated with various abstract domains, and we present experimental evaluation results to establish the effectiveness of our approach. We show an improvement of the precision on an average of 6 percent in the interval, 11 percent in the octagon, 21 percent in the polyhedra and 7 percent in the powerset of intervals abstract domains, as compared to their syntax-based counterpart, for the chosen set of Java Server Page (JSP)-based open-source database-driven web applications as part of the GotoCode project.

中文翻译：

---

将抽象解释扩展到数据库应用的依赖分析

程序变量和程序语句之间的依赖信息（数据和/或控制依赖）在广泛的软件工程活动中发挥着至关重要的作用，例如程序切片、信息流安全分析、调试、代码优化、代码重用，代码理解。大多数现有的依赖分析器专注于主流语言，它们不支持嵌入查询和数据操作命令的数据库应用程序。Willmor 等人提出的关系数据库管理系统语言的第一个扩展。在 2004 年，主要由于其基于语法的计算和流程不敏感而在分析中缺乏精确度。从那时起，在这个研究方向上没有发现任何重大贡献。本文扩展了用于数据库应用程序静态依赖分析的抽象解释框架，提供了一种基于语义的可在精度方面进行调整的计算。更具体地说，我们通过使用各种关系和非关系抽象域来实例化依赖性计算，从而对精度和效率进行详细的比较分析。最后，我们展示了一个原型$\sf{ semDDA}$semDDA， 一种 扫描电镜基于滑稽动作的 D数据库 D悬而未决 一种分析器集成了各种抽象领域，我们提供了实验评估结果来确定我们方法的有效性。与基于句法的对应物相比，我们展示了区间中平均 6%、八边形 11%、多面体中 21% 和区间抽象域幂集的精度提高 7%。作为 GotoCode 项目的一部分，选择了一组基于 Java Server Page (JSP) 的开源数据库驱动的 Web 应用程序。