当前位置: X-MOL 学术J. Syst. Softw. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A deductive reasoning approach for database applications using verification conditions
Journal of Systems and Software ( IF 3.5 ) Pub Date : 2021-01-05 , DOI: 10.1016/j.jss.2020.110903
Md. Imran Alam , Raju Halder , Jorge Sousa Pinto

Deductive verification has gained paramount attention from both academia and industry. Although intensive research in this direction covers almost all mainstream languages, the research community has paid little attention to the verification of database applications. This paper proposes a comprehensive set of Verification Conditions (VCs) generation techniques from database programs, adapting Symbolic Execution, Conditional Normal Form, and Weakest Precondition. The validity checking of the generated VCs for a database program determines its correctness w.r.t. the annotated database properties. The developed prototype DBverify based on our theoretical foundation allows us to instantiate VC generation from PL/SQL codes, yielding to detailed performance analysis of the three approaches under different circumstances. With respect to the literature, the proposed approach shows its competence to support crucial SQL features (aggregate functions, nested queries, NULL values, and set operations) and the embedding of SQL codes within a host imperative language. For the chosen set of benchmark PL/SQL codes annotated with relevant properties of interest, our experiment shows that only 38% of procedures are correct, while 62% violate either all or part of the annotated properties. The primary cause for the latter case is mostly due to the acceptance of runtime inputs in SQL statements without proper checking.



中文翻译:

使用验证条件的数据库应用程序的演绎推理方法

演绎验证已引起学术界和行业的高度重视。尽管对此方向的深入研究几乎涵盖了所有主流语言,但是研究界很少关注数据库应用程序的验证。本文提出了一套全面的验证条件(VC)生成技术,这些技术来自数据库程序,适用于符号执行,条件正规形式和最弱前提。对数据库程序生成的VC的有效性检查将通过带注释的数据库属性确定其正确性。开发的原型DBverify基于我们的理论基础,我们可以从PL / SQL代码实例化VC生成,从而对三种方法在不同情况下的详细性能进行分析。关于文献,所提出的方法显示了其支持关键SQL功能(聚合函数,嵌套查询,NULL值和设置操作)以及将SQL代码嵌入宿主命令性语言中的能力。对于选择的标有相关属性的基准PL / SQL代码,我们的实验表明,只有38%的过程是正确的,而62%的过程违反了全部或部分带注释的属性。后一种情况的主要原因主要是由于在未经适当检查的情况下接受了SQL语句中的运行时输入。

更新日期:2021-01-24
down
wechat
bug