| This dissertation details the design, implementation, and applications of the PQL program analysis system. PQL---the Program Query Language---is a high-level specification language focusing on specifying patterns that occur during a program run. The patterns expressible allow free variables within them and even without this, the patterns are more general than context-free languages. The query itself tends to look like a program snippet demonstrating the smallest piece of code demonstrating the pattern.;We provide three analyses that use PQL as a specification language. First, we have developed a dynamic analysis that will detect or react to a query match automatically at run time. This can be used by itself or as part of an aspect-oriented design. Our second analysis is a static pointer-based analysis that can determine those program points that may participate in a query match. Finally, we have created a model-checking-based system that can automatically develop plausible attack vectors for Java-based web applications.;We have applied PQL to the problems of specification mining and defect detection. We extract several detailed usage models for components of the Java standard libraries, including the J2EE extensions. We also discovered many software defects, including SQL injection and Cross-Site Scripting attacks against applications of up to 80,000 lines of code.;Our results demonstrate that high-level specification languages are practical and useful for a wide array of analyses. |
