25,645 research outputs found
A generic persistence model for CLP systems (and two useful implementations)
This paper describes a model of persistence in (C)LP languages and two different and practically very useful ways to implement this model in current systems. The fundamental idea is that persistence is a characteristic of certain dynamic predicates (Le., those which encapsulate
state). The main effect of declaring a predicate persistent is that the dynamic changes made to such predicates persist from one execution to the next one. After proposing a syntax for declaring persistent predicates, a simple, file-based implementation of the concept is presented and
some examples shown. An additional implementation is presented which stores persistent predicates in an external datábase. The abstraction of the concept of persistence from its implementation allows developing applications
which can store their persistent predicates alternatively in files or databases with only a few simple changes to a declaration stating the location and modality used for persistent storage. The paper presents the model, the implementation approach in both the cases of using files
and relational databases, a number of optimizations of the process (using information obtained from static global analysis and goal clustering), and performance results from an implementation of these ideas
Open issues in semantic query optimization in relational DBMS
After two decades of research into Semantic Query Optimization (SQO) there is clear agreement as to the efficacy of SQO. However, although there are some experimental implementations there are still no commercial implementations. We
first present a thorough analysis of research into SQO. We identify three problems which inhibit the effective use of SQO in Relational Database Management Systems(RDBMS). We then propose solutions to these problems and describe first steps towards the implementation of an effective semantic query optimizer for relational databases
Reify Your Collection Queries for Modularity and Speed!
Modularity and efficiency are often contradicting requirements, such that
programers have to trade one for the other. We analyze this dilemma in the
context of programs operating on collections. Performance-critical code using
collections need often to be hand-optimized, leading to non-modular, brittle,
and redundant code. In principle, this dilemma could be avoided by automatic
collection-specific optimizations, such as fusion of collection traversals,
usage of indexing, or reordering of filters. Unfortunately, it is not obvious
how to encode such optimizations in terms of ordinary collection APIs, because
the program operating on the collections is not reified and hence cannot be
analyzed.
We propose SQuOpt, the Scala Query Optimizer--a deep embedding of the Scala
collections API that allows such analyses and optimizations to be defined and
executed within Scala, without relying on external tools or compiler
extensions. SQuOpt provides the same "look and feel" (syntax and static typing
guarantees) as the standard collections API. We evaluate SQuOpt by
re-implementing several code analyses of the Findbugs tool using SQuOpt, show
average speedups of 12x with a maximum of 12800x and hence demonstrate that
SQuOpt can reconcile modularity and efficiency in real-world applications.Comment: 20 page
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
Preventing SQL Injection through Automatic Query Sanitization with ASSIST
Web applications are becoming an essential part of our everyday lives. Many
of our activities are dependent on the functionality and security of these
applications. As the scale of these applications grows, injection
vulnerabilities such as SQL injection are major security challenges for
developers today. This paper presents the technique of automatic query
sanitization to automatically remove SQL injection vulnerabilities in code. In
our technique, a combination of static analysis and program transformation are
used to automatically instrument web applications with sanitization code. We
have implemented this technique in a tool named ASSIST (Automatic and Static
SQL Injection Sanitization Tool) for protecting Java-based web applications.
Our experimental evaluation showed that our technique is effective against SQL
injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
- …