Mark Grechanik
ABSTRACT
Two or more components (e.g., objects, modules, or programs) interoperate when they exchange data, such as XML data. Using Application Programming Interface (API) calls exported by XML parsers remains a primary mode of accessing and manipulating XML, and these API calls lead to various run-time errors in components that exchange XML data. Currently, no tool checks the source code of interoperating components for potential flaws caused by third-party API calls that lead to incorrect XML data exchanges and runtime errors, even when components are located within the same application
Our solution combines program abstraction and symbolic execution in order to reengineer the approximate schema of XML data that would be output by a component. This schema is compared using bisimulation with the schema of XML data that is expected by some other components. We describe our approach and give our error checking algorithm. We implemented our approach in a tool that we used on open source and commercial systems and discovered errors that were not detected during their design and testing.
- IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. Institute of Electrical and Electronics Engineers, January 1991. Google Scholar
Digital Library
- Cost Analysis of Inadequate Interoperability in the U.S. Capital Facilities Industry, GCR 04-867. NIST, August 2004.Google Scholar
- Institute for Software Research, University of California, Irvine, xADL 2.0 project, Apigen for xArch schemas,. http://www.isr.uci.edu/projects/xarchuci/tools-apigen.html, 2004.Google Scholar
- Sun Microsystems, Java Architecture for XML Binding (JAXB),. http://java.sun.com/xml/jaxb, 2004.Google Scholar
- Castor XML databinding framework,. http://www.castor.org/xml-framework.html, 2005.Google Scholar
- S. Abiteboul, P. Buneman, and D. Suciu. Data on the Web: From Relations to Semistructured Data and XML. Morgan Kaufmann, October 1999. Google ScholarDigital Library
- G. Ammons, R. Bodik, and J. R. Larus. Mining specifications. In POPL, pages 4--16, 2002. Google ScholarDigital Library
- G. M. Bierman, E. Meijer, and W. Schulte. The essence of data access in cmega. In ECOOP, pages 287--311, 2005. Google ScholarDigital Library
- H. Chen and D. Wagner. MOPS: an infrastructure for examining security properties of software. In ACM Conference on Computer and Communications Security, pages 235--244, 2002. Google ScholarDigital Library
- L. A. Clarke and D. J. Richardson, editors. Symbolic evaluation methods for program analysis. Prentice-Hall, 1981.Google Scholar
- B. Curtis, H. Krasner, and N. Iscoe. A field study of the software design process for large systems. Commun. ACM, 31(11):1268--1287, 1988. Google ScholarDigital Library
- X. Fu, T. Bultan, and J. Su. Model checking XML manipulating software. In ISSTA, pages 252--262, 2004. Google ScholarDigital Library
- M. Harren, M. Raghavachari, O. Shmueli, M. G. Burke, R. Bordawekar, I. Pechtchanski, and V. Sarkar. Xj: facilitating xml processing in java. In WWW, pages 278--287, 2005. Google ScholarDigital Library
- D. Jackson and M. Vaziri. Finding bugs with a constraint solver. In ISSTA, pages 14--25, 2000. Google ScholarDigital Library
- J. C. King. A program verifier. In IFIP Congress (1), pages 234--249, 1971.Google Scholar
- J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, 1976. Google ScholarDigital Library
- C. Kirkegaard, A. Møller, and M. I. Schwartzbach. Static analysis of xml transformations in java. IEEE Trans. Software Eng., 30(3):181--192, 2004. Google ScholarDigital Library
- A. J. Ko, B. A. Myers, and H. H. Aung. Six learning barriers in end-user programming systems. In VL/HCC, pages 199--206, 2004. Google ScholarDigital Library
- D. Mandelin, L. Xu, R. Bodík, and D. Kimelman. Jungloid mining: helping to navigate the api jungle. In PLDI, pages 48--61, 2005. Google ScholarDigital Library
- J. Meier, S. Vasireddy, A. Babbar, and A. Mackman. Improving .NET application performance and scalability. Microsoft Corporation, 2004.Google Scholar
- R. Schmelzer. Breaking XML to optimize performance. ZapThink LLC - special to SearchWebServices.com, Oct. 2002.Google Scholar
- D. Spinellis. A critique of the Windows application programming interface. Computer Standards & Interfaces, 20(1):1--8, Nov. 1998. Google ScholarDigital Library
Index Terms
- Finding errors in components that exchange xml data
Recommendations
XML-based XML schema access
WWW '07: Proceedings of the 16th international conference on World Wide WebXML Schema's abstract data model consists of components, which are the structures that eventually define a schema as a whole. XML Schema's XML syntax, on the other hand, is not a direct representation of the schema components, and it proves to be ...
Conceptual modeling of XML schemas
WIDM '03: Proceedings of the 5th ACM international workshop on Web information and data managementXML has become the standard format for representing structured and semi-structured data on the Web. To describe the structure and content of XML data, several XML schema languages have been proposed. Although being very useful for validating XML ...
The essence of XML
The World-Wide Web Consortium (W3C) promotes XML and related standards, including XML Schema, XQuery, and XPath. This paper describes a formalization of XML Schema. A formal semantics based on these ideas is part of the official XQuery and XPath ...
Comments