Our analysis has been implemented in OCaml, using the OCamlgraph library for certain transversals of summary dependency grahps (SDGs). The integration of the analysis into the tool is somewhat peculiar, but the chosen way makes the integration very simple. The analysis is applied to a workflow defined at compile time in the source file RAInput.ml of the analyzer. Hence the analyzed workflow is expressed as an OCaml expression belonging to a variant type.

In order to execute the analyzer on different workflows, the analysis tool performs the following steps:

• It translates the SQL workflow into our query language, and replaces the file RAInput.ml in the

source of our analyzer.

• It recompiles our analyzer. We have structured our code so, that only the code in the (very short)

topmost source file depends on RAInput.ml. Hence the object code has to be re-generated only for RAInput.ml (and the topmost source file), and not for the parts of the analyzer that generate and simplify the SDG or read the result out of it. This takes very little time.

• It executes our analyzer. The outputs of the analyzer are placed in certain files, where the name of

the folder is given as a command-line parameter.

• It reads the files and displays them to the user.

The analysis tool can be used through SQL-privacy analyser by including necessary SQL querirs to task and data object elements and by clicking on “LeaksWhen Report” button after selecting output data object by clicking on it.

Leaks-when analyser is accesbile through Actions menu under each model in own and shared models/folders lists of frontend - link “SQL-privacy editor”.

The source code of the analysis tool is available at pleak-leaks-when-analysis repository. The user interface of the analysis tool consists of pleak-leaks-when-ast-transformation and pleak-sql-editor.