TY - GEN
T1 - On the automated verification of web applications with embedded SQL
AU - Itzhaky, Shachar
AU - Kotek, Tomer
AU - Rinetzky, Noam
AU - Sagiv, Mooly
AU - Tamir, Orr
AU - Veith, Helmut
AU - Zuleger, Florian
N1 - Publisher Copyright:
© Shachar Itzhaky, Tomer Kotek, Noam Rinetzky, Mooly Sagiv, Orr Tamir, Helmut Veith, and Florian Zuleger; licensed under Creative Commons License CC-BY 20th International Conference on Database Theory (ICDT 2017).
PY - 2017/3/1
Y1 - 2017/3/1
N2 - A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.
AB - A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.
KW - Decidability
KW - Program verification
KW - Reasoning
KW - SQL
KW - Scripting language
KW - Two-variable fragment of First Order logic
KW - Web services
UR - http://www.scopus.com/inward/record.url?scp=85016220100&partnerID=8YFLogxK
U2 - 10.4230/LIPIcs.ICDT.2017.16
DO - 10.4230/LIPIcs.ICDT.2017.16
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85016220100
T3 - Leibniz International Proceedings in Informatics, LIPIcs
BT - 20th International Conference on Database Theory, ICDT 2017
A2 - Orsi, Giorgio
A2 - Benedikt, Michael
PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
Y2 - 21 March 2017 through 24 March 2017
ER -