PQL: Program Query Language
What is PQL?
PQL is a language for expressing patterns of events on objects. It provides a frontend to static and dynamic program analyses to go find those sequences on the program as it runs.
What can I download?
There is a complete 0.2 release available for download. This includes:
- A point-and-shoot executable JAR for the dynamic system
- Scripts for invoking the JAR, and instrumented programs
- Demonstration queries and applications, showing a defense against injection-style attacks
- Scripts for performing the static optimization analysis, and the necessary native libraries. At the moment, these libraries are only available for x86 Linux. Ancillary source code is available for building on other platforms with other platforms.
Also available from the project download page:
- A snapshot of the source code
- Source code for the ancillary projects that the static analysis depends on
If you're feeling adventurous, the dynamic system and the PQL-specific parts of the static analysis can be downloaded from the project page's SVN Repository. Note that the CVS repository is no longer being updated.
Full documentation is not yet available, but a research paper outlining the system was published in OOPSLA 2005.