In Java programs SQL statements are usually embedded in string literals. As they are just strings for compiler, SQL mistakes pop up only at runtime. Furthermore, if you have used conditionals for constructing the query, it's possible that a buggy branch is executed first time at your client's site.

Alvor is an Eclipse JDT plug-in that checks embedded SQL statements at compile-time. It can be invoked explicitly for whole-program analysis or it can be configured to run incrementally as you write code (each time file is saved). Alvor's work process has 3 main steps:

1) Find expressions in Java code that should evaluate to correct SQL statements. For this, the user configures set of method names and argument positions (eg. java.sql.Connection#prepareStatement, argument 1) and Alvor locates respective method calls and argument expressions.

2) Perform string analysis on those argument expressions to find their possible values. Besides simple string literals, it can handle conditional assignments to variables and cases where parts of string come from method parameters or from methods returning strings. Possible values for each expression are represented as a regular expression.

3) Validate found strings either by testing all possible cases against actual test database (using Connection.prepareStatement) or by performing abstract parsing directly on the regular expressions constructed in previous step. Any errors found are presented via Eclipse error markers.

Although Alvor is currently in beta, it has proven itself by finding 8 real SQL bugs in selected parts of Compiere ERP system (300 KLOC). For medium-sized projects the whole-program analysis takes 5-20 seconds. Incremental analysis usually completes in less than 0.5 seconds.

Alvor is an open-source project. For more information and installation instructions see