Proceedings of the 23rd ACM SIGPLAN Conference on Object-Oriented Programming Systems Languages and Applications 2008
DOI: 10.1145/1449764.1449768
|View full text |Cite
|
Sign up to set email alerts
|

Deep typechecking and refactoring

Abstract: Large software systems are typically composed of multiple layers, written in different languages and loosely coupled using a string-based interface. For example, in modern webapplications, a server written in Java communicates with a database back-end by passing in query strings. This widely prevalent approach is unsafe as the analyses developed for the individual layers are oblivious to the semantics of the dynamically constructed strings, making it impossible to statically reason about the correctness of the… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
6
0

Year Published

2009
2009
2014
2014

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 13 publications
(6 citation statements)
references
References 9 publications
0
6
0
Order By: Relevance
“…The lack of integration of such query languages with the programming language and thus compiler however makes it harder to statically check queries [53]. In addition, such languages can hardly support advanced features such as parametric guards [26], where guards contain program variables whose values are propagated across the network whenever they change.…”
Section: Event Methodsmentioning
confidence: 99%
“…The lack of integration of such query languages with the programming language and thus compiler however makes it harder to statically check queries [53]. In addition, such languages can hardly support advanced features such as parametric guards [26], where guards contain program variables whose values are propagated across the network whenever they change.…”
Section: Event Methodsmentioning
confidence: 99%
“…Tan and Croft use static analyses to study security issues in Java's standard library . Of course, static multilingual bug checkers are not restricted to Java and C. For example, Quail performs string analysis for Java/SQL safety . Static analysis is complementary to dynamic debugging, which helps find some bugs static analysis misses.…”
Section: Related Workmentioning
confidence: 99%
“…Since the C code expresses Java type information in strings, standard static type checking cannot resolve the types and even sophis-ticated interprocedural analysis cannot always resolve them [10,28]. Consequently, the C compiler does not statically enforce typing constraints on the "Collections" and "sort" names or the ls and cmp parameters.…”
Section: Type Constraintsmentioning
confidence: 99%
“…For example, JNI's use of string arguments to describe class names and method signatures cleanly abstracts over the underlying JVM and its implementation. Unfortunately, these strings prevent standard static type checking, and even advanced interprocedural static analysis is incomplete [10,28]. Similarly, complete static checking of pending exceptions and the count of local references is impossible.…”
Section: Introductionmentioning
confidence: 99%