Home/ Questions/Q 383523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T15:17:28+00:00

By ‘situation specific’ I mean it uses some data that it would have access

  • 0

By ‘situation specific’ I mean it uses some data that it would have access to such as your current database setup, version of some OS, etc.

Imagine if the compiler would check the database you were currently using in your app and call you out a warning saying ‘just so you know, the current data in your database will never trigger the statement you just wrote‘ or things like ‘you know, if this becomes a null value you are really going to be screwed‘… It could probably take a while, but if it had something to go by (such as a current database) it could have something to check against rather than just ‘every possibility’.

Do you think this is feasible/valuable? Does this exist anywhere?

It would be cool to have a quantum compiler that would figure out every possibility and automatically come up with exception handling, etc.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It’s theoretically possible, but not likely. In essence what you’re doing is asking a static analysis to use some auxiliary data to verify some claim. This is generally possible, but static analyses in general suffer from a degree of imprecision. For example if I have the code block:

    If(getResultFromDB() == someResult) {
do this;
} else {
do that;
}

    You essentially would like the analysis to complain at you if you write code in the first block of the if, because the database can never return someResult. This is possible in the theoretical sense, I mean it just needs to examine all possible return values for the function getResultFromDB() for a given database then conclude on an answer.

    The problem is this number can be absolutely massive. And this is a problem in general with static analyses, to get precise results, we need to consider ALL possible execution paths, inputs, contexts, etc. In practice that is simply not doable, so a static analysis will usually make concessions where it reduces the size of it’s current set of possibilities.

    Edit: If you’re interested in advanced static analysis in general, here’s a fun analysis I read about done the other day. It tries to find possible XSS attacks in PHP source code. To find XSS attacks involving databases it actually simulates the effects of database queries in a sort of abstract database. http://www.cs.washington.edu/homes/mernst/pubs/create-attacks-tr054.pdf

    • 0