Treffer: Finding application errors using PQL: a program query language

A number of effective error detection tools have been built in recent years to check if a program conforms to certain design rules. An important class of design rules deals with sequences of events associated with a set of related objects. This paper presents a language called PQL (Program Query Language) that allows programmers to express such questions easily in an application-specific context. A query looks like a code excerpt corresponding to the shortest amount of code that would violate a design rule. Details of the target application’s precise implementation are abstracted away. The programmer may also specify actions to perform when a match is found, such as recording relevant information or even correcting an erroneous execution on the fly. We have developed both static and dynamic techniques to find solutions to PQL queries. Our static analyzer finds all potential matches conservatively using a context-sensitive, flow-insensitive, inclusionbased pointer alias analysis. While the results may not be precise for certain queries, they are useful in optimizing the dynamic analysis. Our dynamic analyzer instruments the source program to catch all violations precisely as the program runs and to perform the specified actions if such are provided. We have implemented the proposed techniques and used them successfully to find severe breaches of security and important resource leaks in 6 large real-world open-source Java applications containing a total of more than 62,000 classes using a combination of static and dynamic analysis.