Download presentation
Presentation is loading. Please wait.
1
Communicating with Databases
String based queries are prevalent: JPA, Hibernate, TopLink Strings JAVA DB
2
Example: Using JPA to query DB
Query in JPA Query Language: “SELECT w FROM Weblog w WHERE w.id = ?1 AND w.link.id = ?2” Java syntax in query String Mapping Java Classes to DB Tables: Expressed in Object Relational Mapping (ORM)
3
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
4
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Build query string
5
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Build query string Create query
6
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Build query string Create query Set parameters
7
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Build query string Create query Set parameters
8
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Build query string Create query Set parameters Execute query
9
Example: Using JPA to query DB
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Build query string Create query Set parameters Execute query Efficient Flexible Unsafe
10
Uncaught Errors String getText(String id, Link link) { String qStr;
Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
11
Uncaught Errors String getText(String id, Link link) { String qStr;
Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); // q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
12
Uncaught Errors Unset parameter String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); // q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter
13
Uncaught Errors Unset parameter String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter
14
Uncaught Errors Unset parameter Unsafe param type
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, new Weblog()); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter Unsafe param type
15
Uncaught Errors Unset parameter Unsafe param type
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter Unsafe param type
16
Uncaught Errors Unset parameter Unsafe param type Unsafe downcast
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Warranty w = (Warranty) q.execQuery(); return w.text; } Unset parameter Unsafe param type Unsafe downcast
17
Uncaught Errors String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter Unsafe param type Unsafe downcast Java compiler does not reason about the query strings; cannot typecheck.
18
Refactor: Weblog.id Weblog.name
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter Unsafe param type Unsafe downcast
19
Refactor: Weblog.id Weblog.name
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Refactor Unset parameter Unsafe param type Unsafe downcast Don’t Refactor Need to know type of w and w.link to refactor safely.
20
Refactor: Weblog.id Weblog.name
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter Unsafe param type Unsafe downcast Refactoring difficult
21
String Based Query Challenges
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Unset parameter Unsafe param type Unsafe downcast Refactoring difficult
22
Deep Typechecking Example
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Query safety: All params set Params safely set Result safely downcast Is this query exec safe? Need to know: query string param types
23
Deep Typechecking Example
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Bound Query: query string param types Example : query : “SELECT … ?1 … ?2 … ?3 …” ?1 : String ?2 : Weblog ?3 : unknown At each program point map each var to a set of BQs.
24
Bound Query Analysis String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
25
Bound Query Analysis qStr = “SELECT … ?2”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } qStr = “SELECT … ?2”
26
Bound Query Analysis qStr = “SELECT … ?2”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } qStr = “SELECT … ?2”
27
Bound Query Analysis qStr = “SELECT … ?2”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } qStr = “SELECT … ?2”
28
Bound Query Analysis qStr = “SELECT … ?2” query : “SELECT …”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } qStr = “SELECT … ?2” query : “SELECT …” ?1 : unknown ?2 : unknown
29
Bound Query Analysis qStr = “SELECT … ?2” query : “SELECT …”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } qStr = “SELECT … ?2” query : “SELECT …” ?1 : unknown ?2 : unknown query : “SELECT …” ?1 : String ?2 : unknown
30
Bound Query Analysis qStr = “SELECT … ?2” query : “SELECT …”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } qStr = “SELECT … ?2” query : “SELECT …” ?1 : unknown ?2 : unknown query : “SELECT …” ?1 : String ?2 : unknown query : “SELECT …” ?1 : String ?2 : int
31
Bound Query Analysis Checking param types: Parse query string
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Checking param types: Parse query string Check all params set Check param types Bound Queries: query : “SELECT …” ?1 : String ?2 : int
32
Bound Query Analysis Checking result type: Infer result type
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } Checking result type: Infer result type Propagate result type Check downcasts Bound Queries: query : “SELECT …” ?1 : String ?2 : int result : Weblog query : “SELECT …” ?1 : String ?2 : int
33
Bound Query Analysis String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } If a query passes Deep Typechecking, then it will not cause an error at runtime. Therefore, Bound Query Analysis has no silent failures.
34
Deep Refactoring Example
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
35
Deep Refactoring Example
Refactor Weblog field: id name String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
36
Deep Refactoring Example
Refactor Weblog field: id name String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
37
Deep Refactoring Example
Refactor Weblog field: id name String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
38
Deep Refactoring Example
Refactor Weblog field: id name String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } query : SELECT w FROM Weblog w WHERE w.id = ?1 AND w.link.id = ?2 ?1 : String ?2 : int
39
Deep Refactoring Example
Refactor Weblog field: id name Refactor full query String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } query : SELECT w FROM Weblog w WHERE w.id = ?1 AND w.link.id = ?2 ?1 : String ?2 : int
40
Deep Refactoring Example
Refactor Weblog field: id name Refactor full query String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } query : SELECT w FROM Weblog w WHERE w.name = ?1 AND w.link.id = ?2 ?1 : String ?2 : int
41
Deep Refactoring Example
Refactor Weblog field: id name Refactor full query Propagate changes String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } query : SELECT w FROM Weblog w WHERE w.name = ?1 AND w.link.id = ?2 ?1 : String ?2 : int
42
Deep Refactoring Example
Refactor Weblog field: id name Refactor full query Propagate changes String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.name = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; } query : SELECT w FROM Weblog w WHERE w.name = ?1 AND w.link.id = ?2 ?1 : String ?2 : int
43
Flow Sensitivity String getText(String id, Link link) { String qStr;
Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
44
Flow Sensitivity String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
45
Flow Sensitivity String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
46
Flow Sensitivity String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text;
47
Flow Sensitivity String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text;
48
Flow Sensitivity String getText(String id, Link link) {
String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text;
49
Flow Sensitivity qStr = “SELECT … ?2”
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text;
50
Flow Sensitivity qStr = “SELECT … ?2” query : “SEL … ?2” ?1 : String
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; query : “SEL … ?2” ?1 : String ?2 : int
51
Flow Sensitivity qStr = “SELECT … ?2” query : “SEL … ?2” ?1 : String
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; query : “SEL … ?2” ?1 : String ?2 : int qStr = “SELECT … ?1”
52
Flow Sensitivity qStr = “SELECT … ?2” query : “SEL … ?2” ?1 : String
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; query : “SEL … ?2” ?1 : String ?2 : int qStr = “SELECT … ?1”
53
Flow Sensitivity qStr = “SELECT … ?2” query : “SEL … ?2” ?1 : String
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; query : “SEL … ?2” ?1 : String ?2 : int qStr = “SELECT … ?1”
54
Flow Sensitivity qStr = “SELECT … ?2” query : “SEL … ?2” ?1 : String
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; query : “SEL … ?2” ?1 : String ?2 : int qStr = “SELECT … ?1” query : “SEL … ?1” ?1 : String
55
Flow Sensitivity qStr = “SELECT … ?2” query : “SEL … ?2” ?1 : String
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; query : “SEL … ?2” ?1 : String ?2 : int qStr = “SELECT … ?1” query : “SEL … ?1” ?1 : String “SEL … ?2” ?1 : String ?2 : int “SEL … ?1”
56
Flow Sensitivity As before, for each bound query: Check param types
String getText(String id, Link link) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; if(link != null) { qStr += “AND w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); } else { } Weblog w = (Weblog) q.execQuery(); return w.text; As before, for each bound query: Check param types Check result type In general, we express Bound Query Analysis as a dataflow analysis. “SEL … ?2” ?1 : String ?2 : int “SEL … ?1”
57
Loops String getText(String id, Link link) { String qStr; Query q;
qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “OR w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
58
Loops String getText(String id, List<Link> links) { String qStr;
Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “OR w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
59
Loops String getText(String id, List<Link> links) { String qStr;
Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; qStr += “OR w.link.id = ?2”; q = createQuery(qStr); q.setParam(1, id); q.setParam(2, link.id); Weblog w = (Weblog) q.execQuery(); return w.text; }
60
Loops String getText(String id, List<Link> links) { String qStr;
Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; for(int i = 0; i < links.size(); i++) { qStr += “ OR w.link.id = ?” + i; } q = createQuery(qStr); ...
61
Loops qStr = ??? qStr = “SELECT … w.id = ?1” ( “ OR w.link.id = ?#” )*
String getText(String id, List<Link> links) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; for(int i = 0; i < links.size(); i++) { qStr += “ OR w.link.id = ?” + i; } q = createQuery(qStr); ... qStr = “SELECT … w.id = ?1” ( “ OR w.link.id = ?#” )* qStr = ???
62
Loops qStr = “SELECT … w.id = ?1” ( “ OR w.link.id = ?#” )*
String getText(String id, List<Link> links) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; for(int i = 0; i < links.size(); i++) { qStr += “ OR w.link.id = ?” + i; } q = createQuery(qStr); ... qStr = “SELECT … w.id = ?1” ( “ OR w.link.id = ?#” )*
63
Loops qStr = “SELECT … w.id = ?1” ( “ OR w.link.id = ?#” )*
Deep Refactoring: know query structure know fragment locs refactor across loops String getText(String id, List<Link> links) { String qStr; Query q; qStr = “SELECT w FROM Weblog w ”; qStr += “WHERE w.id = ?1 ”; for(int i = 0; i < links.size(); i++) { qStr += “ OR w.link.id = ?” + i; } q = createQuery(qStr); ... Deep Typechecking: unknown # of params do not check params can still check result qStr = “SELECT … w.id = ?1” ( “ OR w.link.id = ?#” )*
64
Multiple Methods String Analysis : interprocedural compute regexps
Bound Query Analysis : intraprocedural no complex aliasing Result Analysis : propagate result type String mainQueryStr() { return “SELECT ... ?1”; } Object getMain() { String qStr = mainQueryStr(); Query q = createQuery(qStr); q.setParam(1, “main”); return q.execQuery(); String mainId() { return ((Weblog) getMain()).id;
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.