Static Transformation : Derivation trees before and after transformation

TAPS dumps .dot files for derivation trees after symbolic evaluation (shown in the left pane) and after introducing placeholder (?) nodes in them (shown in the right pane). The images shown below are generated from the .dot files, using the dot command.

The derivation tree of test1 after symbolic evaluation and after introducing placeholders is shown below. The line numbers correspond to the file webExample.php generated from the web supplied source code to be transformed. The code of test1 is given below for quick reference.

line26: $a = $_GET['user'];
line27: $query = "delete from test1 where u = '".$a."'";
line28: @mysql_query($query);

LEGEND:
  • rectangular boxes - variables containing queries at sinks ($query at line27).
  • inner nodes are marked as NONT and leafs as TERM.
  • yellow - placeholder nodes that isolate data subtrees (below it) from the parent node.
  • turquoise - leafs contributing part of the data token (1st and 3rd leaf contribute single quote.).
  • green - nodes containing only data.
  • query arguments are enclosed by parantheses ({ }).

1 test1_beforeT test1_afterT
2 test2_flow1_beforeT test2_flow1_afterT
test2_flow2_beforeT test2_flow2_afterT
3 test3_beforeT test3_afterT
4 no derivation tree generated loop violates TAPS constraints
5 test5_flow1_beforeT test5_flow1_afterT
test5_flow2_beforeT test5_flow2_afterT
6 test6_flow1_beforeT test6_flow1_afterT
test6_flow2_beforeT infeasible flow
test6_flow3_beforeT infeasible flow
test6_flow4_beforeT test6_flow4_afterT
7 test7_beforeT test7_afterT
8 test8_flow1_beforeT test8_flow1_afterT
test8_flow2_beforeT test8_flow2_afterT
9 test9_beforeT symbolic query malformed
10 test10_1_beforeT test10_1_afterT
test10_2_beforeT test10_2_afterT
test10_3_beforeT test10_3_afterT
11 test11_beforeT test11_afterT
12 test12_beforeT test12_afterT
test12_flow2_beforeT test12_flow2_afterT
13 test13_conflict_flow1_beforeT test13_conflict_flow1_afterT
test13_conflict_flow2_beforeT test13_conflict_flow2_afterT
test13_conresolve_flow1_beforeT test13_conresolve_flow1_afterT
test13_conresolve_flow2_beforeT test13_conresolve_flow2_afterT
14 test14_beforeT test14_afterT
15 test15_beforeT test15_afterT
16 test16_beforeT test16_afterT
17 test17_beforeT test17_afterT
18 test18_beforeT test18_afterT
19 test19_beforeT test19_afterT