JSquash: Source Code Analysis of Embedded Database Applications for Determining Sql Statements

In this paper, we analyse Java source code of embedded database applications by means of static code analysis. If the underlying database schema is changed due to refactoring or database tuning, then the SQL statements in the embedding Java program need to be adapted correspondingly. This should be done mostly automatically, since changing software manually is error–prone and time consuming. For determining the SQL statements that access the database, we can either look at the database logfile, an audit file, or at the Java source code itself. Here, we show how to statically determine even the strings for dynamically built SQL statements directly from the Java source code. We do this without using a debugger or a virtual machine technique; instead, we trace the values of variables that contribute to a query string backwards to predict the values as precisely as possible. We use PROLOG’s declarative features and its backtracking mechanism for code analysis, refactoring, and tuning.