Inference and Regeneration of Programs that Manipulate Relational Databases

Shen, Jiasi; Rinard, Martin

Author(s)

Shen, Jiasi; Rinard, Martin

DownloadMIT-CSAIL-TR-2017-012.pdf (788.9Kb)

Other Contributors

Program Analysis and Compilation

Advisor

Martin Rinard

Metadata

Show full item record

Abstract

We present a new technique that infers models of programs that manipulate relational databases. This technique generates test databases and input commands, runs the program, then observes the resulting outputs and updated databases to infer the model. Because the technique works only with the externally observable inputs, outputs, and databases, it can infer the behavior of programs written in arbitrary languages using arbitrary coding styles and patterns. We also present a technique for automatically regenerating an implementation of the program based on the inferred model. The regenerator can produce a translated implementation in a different language and systematically include relevant security and error checks. We present results that illustrate the use of the technique to eliminate SQL injection vulnerabilities and the translation of applications from Java and Ruby on Rails to Python.

Date issued

2017-08-29

URI

http://hdl.handle.net/1721.1/111067

Series/Report no.

MIT-CSAIL-TR-2017-012

Collections

CSAIL Technical Reports (July 1, 2003 - present)