Feeds

JavaCC: Don't talk back

Implementing a parser-analyser

SANS - Survey on application security programs

In many cases, with the advent of XML, if data must be exchanged, or information read, a simple solution is to mark that document up using XML and then parse it using an XML parser.

However, in some situations the documents to be processed may not be in XML format. This could be because of legacy systems, external constraints or because they adhere to other standards. In such situations you still need to parse the documents to ensure that they conform to whatever standard is expected, to analyse the contents of such documents to determine the information they provide and to take some action based on that information. To do this you may implement your own parser-analyser or you could choose to look at an existing parser generator tool. Probably the best stabled parser generator tool is JavaCC (Java Compiler Compiler).

Java CC is a parser generator in the best tradition of tools such as YACC (Yet Another Compiler Compiler). JavaCC started out life as Jack and was developed by Sun Microsystems. It was then passed to a company called Metamata and renamed JavaCC. It is now an open source project and is very widely used.

JavaCC offers the Java developer a tool that processes a grammar specification and produces a set of Java classes that can read and analyse input that matches that grammar. JavaCC also provides additional tools that can be used with the main JavaCC tool such as the JJTree tree building tool for displaying grammars. The grammar to be analysed is defined in a BNF-like notation that is quick to learn and allows Java to be embedded within it (to allow callbacks to your own Java code).

Obtaining JavaCC

You can download JavaCC from the official JavaCC website. From here you can download the latest version of the JavaCC classes (or indeed the source if you so wish). What you get when you download JavaCC Binary distribution is:

  • The javacc.jar
  • Some command line tools (such as JJTree)
  • Javadoc Documentation
  • And, a number of examples

You can also find sample JavaCC Grammars here.

A useful textbook is Aho, R. Sethi, and J.D. Ullman, Compilers: Principles, Techniques and Tools, Prentice Hall, 1986. You can buy it at Cash 'n' Carrion.

A Sample Grammar

A JavaCC grammar file can be divided into a number of parts. These parts are:

  • An optional list of options
  • Java compilation unit
  • The lexical specification
  • A list of grammar productions

Each of these is described in a little more detail below:

A List of Options

The developer can influence the way in which the grammar is processed using these options (which may also be specified from the command line if the JavaCC command is being used). In the following example, we declare the LOOKAHEAD option that specifies number of tokens to look ahead before making a decision at a choice point during parsing:

options {
   LOOKAHEAD=2;
}

Other options include STATIC (which indicates whether a static only set of methods should be produced), DEBUG_PARSER (which can be used to include debugging information in the generated parser and IGNORE_CASE (which indicates whether the grammar should be case sensitive or not).

Java Compilation Unit

The Java compilation unit is enclosed between PARSER_BEGIN(name) and PARSER_END(name) . The name that follows PARSER_BEGIN and PARSER_END must be the same and this identifies the name of the generated parser. This allows you to provide definitions to be used with the generated Java parser class. For example, in the following code snippet we import the java.io package and define a main method. This allows the resulting SimpleCalculator parser class to be used stand alone. The main method reads a data file called “test.dat” which is then parsed by the generated SimpleCalculator parser class.

PARSER_BEGIN(SimpleCalculator)
import java.io.*;

public class SimpleCalculator {
   public static void main(String [] args) throws Exception {
      File file = new File("test.dat");
      System.out.println("Reading: " + file.getAbsolutePath());
      FileReader reader = new FileReader("test.dat") ;
      SimpleCalculator sc = new SimpleCalculator(reader);
      while (true) {
         sc.calc();
      }
   }
}

PARSER_END(SimpleCalculator)

The Lexical Specification

Next we have our lexical specification. This defines the tokens to be recognised when parsing data input. For example:

SKIP:
{
   " "
|   "\r"
}

TOKEN:
{
   <NUMBER:(<DIGIT>)>
|  <DIGIT:["0"-"9"]>
|  <EOL: "\n" >

}

This specifies that white space and carriage returns should be skipped. It then defines the set of tokens to be understood by the parser. In this case it means that NUMBERs are defined as being digits in the range 0 to 9. Finally the EOL (or End Of Line) is defined to be a Newline (“/n”).

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.