Towards Automated Verification of Database Scripts A. Azurat1 , I.S.W.B. Prasetya2 , T.E.J. Vos3 , H. Suhartanto1 , B. Widjaja1 , L.Y. Stefanus1 , R. Wenang1 , S. Aminah1 , and J. Bong1
3
1 Fakultas Ilmu Komputer, Universitas Indonesia, Indonesia. ? {ade,heru,bela,yohanes,wenang,aminah,jimmy}@cs.ui.ac.id 2 Informatiekunde en Informatica Instituut, Universiteit Utrecht, Netherlands.
[email protected] Instituto Tecnol´ ogico de Inform´ atica, Universidad Polit´ecnica de Valencia, Spain.
[email protected]
Abstract. The article reports on our preliminary research activities towards the verification of database transaction scripts. It gives a first order specification language for database transaction scripts and its accompanying logic. The logic is expressed in terms of weakest pre-condition rules and is quite simple and intuitive. The logic is sound, and, if the underlying basic expression language is limited, specifications in our language are decidable. Tables in a database are usually guarded by various integrity constraints. At the moment the logic only supports single attribute primary key constraint. The language has been embedded in HOL theorem prover. A verification case study on Student Entrance Test Application is described.
1
Introduction
Many organizations, like banks and ministries, run mission critical data processing applications that must be highly reliable. Unfortunately, however, in practice there are only few organizations that seriously verify and test their code in order to assure a certain level of quality. Moreover, programmers and managers do not consider verification and testing to be as important as coding, and most of the time they consider it as something you do if there is some time and budget left. Programming languages also contribute to the fact that data processing applications are not always as reliable as they should be. Modern database applications are built with high-level languages like PL/SQL, that, while providing good abstraction, also offer lower level programming constructs for optimization. Although, this means that performance can be improved, the resulting code degrades in reliability and readability, and the cost of debugging and maintenance ?
Supported by the Menristek-RUTI II grant 2003-2005.
2
Azurat, et al.
can increase. In addition, most languages do not treat verification and validation (V&V) as an integral part of programming, which translates into the current attitude of engineers and managers towards testing. This paper discusses our ideas for a database transaction scripting language. We consider a simple but still quite expressive database transaction scripting language, which we will refer to as Lingu . Lingu is a light weight high level language to program data transformations on databases. Optimization features, usually present in other languages, are absent for example, Lingu does not have arrays. This forces the programmers to keep their code abstract. Even when compared to the abstract part of other languages, Lingu is small. In Lingu we will not be able to write all kind of database constraints and operations like those available in PL/SQL. For example, Lingu does not have a String[32] type and the sort by modifier. However, Lingu should provide enough expressibility to program a large class of useful data transformations. Keeping the language small simplifies Lingu s internal logic and the verification of Lingu programs. The Lingu language and logic has been externally[1] embedded in the HOL theorem prover[2]. This allows us to reason about a Lingu programs in the HOL environment as well as the availability of an ML implementation of a Lingu verification condition generator. For illustration purposes, we have conducted a case study with a Student Entrance Test (SET) application. Based on the positive results of this case study, we believe that the Lingu , in the future, could contribute to more reliable database applications. The article is organized as follows. Section 2 and 3 summarize the Lingu scripting and specification language, Section 4 summarizes the logic, Section 5 describes the semantics. We will briefly discuss the soundness and decidability of the logic in Section 6. A very brief possible optimization for the verification condition generator is mentioned in Section 7. The case study is explained in Section 8 . Section 9 briefly describes how the language is used on the case study as HOL embedding. Section 10, finally, contains some discussions on related and future work.
2
The Scripting Language
An example of a script is shown below: Example 1. Lingu Code of Safe Module safe ( HealthyAFormTab : AnswerFormTable, SolutionsTab : SolutionTable, MasterTab : RegistrationTable, PassTab : RegistrationTable, ): Bool var r : Bool;
Towards Automated Verification of Database Scripts
3
{ r := forall (0
