Inference and Regeneration of Programs that Manipulate Relational Databases
We present a new technique that infers models of programs that manipulate relational databases. This technique generates test databases and input commands, runs the program, then observes the resulting outputs and updated databases to infer the model. Because the technique works only with the extern...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Published: |
2017
|
| Online Access: | http://hdl.handle.net/1721.1/111067 |
| _version_ | 1811097890315042816 |
|---|---|
| author | Shen, Jiasi Rinard, Martin |
| author2 | Martin Rinard |
| author_facet | Martin Rinard Shen, Jiasi Rinard, Martin |
| author_sort | Shen, Jiasi |
| collection | MIT |
| description | We present a new technique that infers models of programs that manipulate relational databases. This technique generates test databases and input commands, runs the program, then observes the resulting outputs and updated databases to infer the model. Because the technique works only with the externally observable inputs, outputs, and databases, it can infer the behavior of programs written in arbitrary languages using arbitrary coding styles and patterns. We also present a technique for automatically regenerating an implementation of the program based on the inferred model. The regenerator can produce a translated implementation in a different language and systematically include relevant security and error checks. We present results that illustrate the use of the technique to eliminate SQL injection vulnerabilities and the translation of applications from Java and Ruby on Rails to Python. |
| first_indexed | 2024-09-23T17:06:35Z |
| id | mit-1721.1/111067 |
| institution | Massachusetts Institute of Technology |
| last_indexed | 2024-09-23T17:06:35Z |
| publishDate | 2017 |
| record_format | dspace |
| spelling | mit-1721.1/1110672019-04-11T12:53:49Z Inference and Regeneration of Programs that Manipulate Relational Databases Shen, Jiasi Rinard, Martin Martin Rinard Program Analysis and Compilation We present a new technique that infers models of programs that manipulate relational databases. This technique generates test databases and input commands, runs the program, then observes the resulting outputs and updated databases to infer the model. Because the technique works only with the externally observable inputs, outputs, and databases, it can infer the behavior of programs written in arbitrary languages using arbitrary coding styles and patterns. We also present a technique for automatically regenerating an implementation of the program based on the inferred model. The regenerator can produce a translated implementation in a different language and systematically include relevant security and error checks. We present results that illustrate the use of the technique to eliminate SQL injection vulnerabilities and the translation of applications from Java and Ruby on Rails to Python. 2017-08-29T22:00:05Z 2017-08-29T22:00:05Z 2017-08-29 2017-08-29T22:00:05Z http://hdl.handle.net/1721.1/111067 MIT-CSAIL-TR-2017-012 14 p. application/pdf |
| spellingShingle | Shen, Jiasi Rinard, Martin Inference and Regeneration of Programs that Manipulate Relational Databases |
| title | Inference and Regeneration of Programs that Manipulate Relational Databases |
| title_full | Inference and Regeneration of Programs that Manipulate Relational Databases |
| title_fullStr | Inference and Regeneration of Programs that Manipulate Relational Databases |
| title_full_unstemmed | Inference and Regeneration of Programs that Manipulate Relational Databases |
| title_short | Inference and Regeneration of Programs that Manipulate Relational Databases |
| title_sort | inference and regeneration of programs that manipulate relational databases |
| url | http://hdl.handle.net/1721.1/111067 |
| work_keys_str_mv | AT shenjiasi inferenceandregenerationofprogramsthatmanipulaterelationaldatabases AT rinardmartin inferenceandregenerationofprogramsthatmanipulaterelationaldatabases |