Geekly Articles each Day
πŸ“œ ⬆️ ⬇️

Static analysis of dynamically generated expressions

Introduction


Often, when developing complex software systems, more than one programming language is used - even within the same source file. In this case, it is customary to talk about the main (or source) language and one or several embedded languages. From the string expressions of the main language, programs are dynamically formed in a language different from it, which are then interpreted by special components that work during execution, such as databases or web browsers. Most general-purpose programming languages ​​can play the role of both the main and embedded languages. Below are examples of using built-in languages.

Javascript code execution from Java code:

import javax.script.*; public class InvokeScriptFunction { public static void main(String[] args) { ScriptEngineManager manager = new ScriptEngineManager(); ScriptEngine engine = manager.getEngineByName("JavaScript"); // JavaScript code in a String String script = "function hello(name) {print('Hello, ' + name);}"; // evaluate script engine.eval(script); } }


Dynamic SQL code:
') 
 CREATE PROCEDURE [dbo].[MyProc] @TABLERes VarChar(30) AS EXECUTE ( 'INSERT INTO ' + @TABLERes + ' (sText1)' + ' SELECT ''Additional condition: '' + sName' + ' from #tt where sAction = ''1000000''') GO

Using several different built-in PHP languages ​​(MySQL, HTML):

 <?php // Embedded SQL $query = 'SELECT * FROM my_table'; $result = mysql_query($query); // HTML markup generation echo "<table>\n"; while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "\t<tr>\n"; foreach ($line as $col_value) { echo "\t\t<td>$col_value</td>\n"; } echo "\t</tr>\n"; } echo "</table>\n"; ?>


Built-in languages ​​allow you to compensate for the lack of expressiveness of general-purpose languages ​​when used in a context specific to the domain. However, the use of such an approach presents a number of difficulties. Dynamically formed expressions are usually constructed from string constants and expressions of the main language by means of concatenation in loops, branches of conditional operators, or recursive procedures, and these structures can be nested into each other, which gives rise to many different options. Code snippets in embedded languages ​​are perceived by the source language compiler as simple strings that cannot be analyzed. Thus, standard tools do not allow even simple parsing of dynamically generated expressions. The impossibility of static verification of the correctness of the formed expression leads to a high probability of errors during the execution of the program.

A common practice when writing code is to use integrated development environments (IDE), which produce syntax highlighting and autocompletion, signaling syntax errors, providing the ability to perform various refactoring. All these functions greatly simplify the process of developing and debugging applications. Tools that analyze a variety of expressions that are dynamically formed from the string expressions of the main language during program execution may be useful. This process will be called static analysis of dynamically generated expressions or abstract
by analysis.

Existing tools


At the moment there are a number of tools for working with dynamically formed expressions in specific languages ​​that have performed well in practice. The tools differ in the approaches used as well as the ease of adding new language extensions. Below is a brief overview of the capabilities of the tools.

Phpstorm

PhpStorm is an integrated development environment for PHP, which provides highlighting and autocompletion of the embedded code in HTML, CSS, JavaScript, SQL. However, such support is provided only in cases where the string is received without the use of any string operations (for example, concatenation). As an example, consider the program presented in Figure 1. The operators β€œ.” And β€œ. =” Are concatenation and concatenation with assignment operators. The right side of the assignment to the variable $hello1 recognized and highlighted as an HTML expression. However, you can't say the same about the $string variable.

image

Fig. 1. A snippet of PHP code in PHPStorm.

PHPStorm also provides a separate text editor for each embedded language.
The disadvantages of this tool include the fact that if the queries in the built-in languages ​​contain errors, then no notification will be displayed about them (see $ error in the figure).

Intellilang

IntelliLang is a plugin for PHPStorm and IntelliJ IDEA development environments that allows you to highlight and report errors in the embedded languages ​​(HTML, SQL, XML, JavaScript) in the specified development environments.

An example of IntelliLang operation is shown in Figure 2.

image
Fig. 2. A fragment from the code in the built-in Java language in IDEA.

For the IDEA development environment, Intellilang plugin also provides a separate text editor for working with the embedded language (similar to PHPStorm).

The disadvantages of the plugin include the fact that for each string variable you must manually specify the language. For example, consider Figure 3. Note the html variable as an expression in the HTML language. After that, only the tags on the right side of the definition will be highlighted. In this case, the right side of the body variable will still be perceived as a regular line, although the variable is involved in the formation of an expression marked as HTML.

image
Fig. 3: The string β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . . β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .
β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .
β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .
β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .
β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .
β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .
β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .

β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .

β€œβ€ HTML, body

Alvor
Alvor β€” Eclipse, SQL-, Java. , . 4].

image
. 4 Alvor

β€” Alvor . , . , (. 5).

image
.5 Eclipse IDE

SQL-, , . Alvor SQL (PLSQL, MySQL), .

Java String Analyzer
Java String Analyzer β€” , , Java. JSA 6.

image
. 6 JSA

JSA , front-end , flow-. Back-end flow- - , . Java . . , , , .

PHP String Analyzer
PHP String Analyzer β€” , PHP. HTML XML. JSA. -. .


, , ORM. , . , COBOL. C++, Java .

, , , . .

Source: https://habr.com/ru/post/237717/

More articles:


All Articles