摘要 |
Program source code is annotated to support dataflow analysis or other program analysis, without requiring changes to compilers. Annotation statements are embedded inside comments or other non-code-generative portions of the source code. The annotations can be used to express contracts at routine boundaries, allowing an analyzer to check the global correctness of the source code through modular (local) analysis, with performance that is linear in the number of routines. In particular, annotated SQL source code may be analyzed to identify SQL injection vulnerabilities.
|