Dynamic programming languages, such as PHP, JavaScript, and Python, provide
built-in data structures including associative arrays and objects with similar
semantics-object properties can be created at run-time and accessed via
arbitrary expressions. While a high level of security and safety of
applications written in these languages can be of a particular importance
(consider a web application storing sensitive data and providing its
functionality worldwide), dynamic data structures pose significant challenges
for data-flow analysis making traditional static verification methods both
unsound and imprecise. In this paper, we propose a sound and precise approach
for value and points-to analysis of programs with associative arrays-like data
structures, upon which data-flow analyses can be built. We implemented our
approach in a web-application domain-in an analyzer of PHP code.
Description
Data-flow Analysis of Programs with Associative Arrays
%0 Generic
%1 hauzar2014dataflow
%A Hauzar, David
%A Kofroň, Jan
%A Baštecký, Pavel
%D 2014
%K php
%R 10.4204/EPTCS.150.6
%T Data-flow Analysis of Programs with Associative Arrays
%U http://arxiv.org/abs/1405.1116
%X Dynamic programming languages, such as PHP, JavaScript, and Python, provide
built-in data structures including associative arrays and objects with similar
semantics-object properties can be created at run-time and accessed via
arbitrary expressions. While a high level of security and safety of
applications written in these languages can be of a particular importance
(consider a web application storing sensitive data and providing its
functionality worldwide), dynamic data structures pose significant challenges
for data-flow analysis making traditional static verification methods both
unsound and imprecise. In this paper, we propose a sound and precise approach
for value and points-to analysis of programs with associative arrays-like data
structures, upon which data-flow analyses can be built. We implemented our
approach in a web-application domain-in an analyzer of PHP code.
@misc{hauzar2014dataflow,
abstract = {Dynamic programming languages, such as PHP, JavaScript, and Python, provide
built-in data structures including associative arrays and objects with similar
semantics-object properties can be created at run-time and accessed via
arbitrary expressions. While a high level of security and safety of
applications written in these languages can be of a particular importance
(consider a web application storing sensitive data and providing its
functionality worldwide), dynamic data structures pose significant challenges
for data-flow analysis making traditional static verification methods both
unsound and imprecise. In this paper, we propose a sound and precise approach
for value and points-to analysis of programs with associative arrays-like data
structures, upon which data-flow analyses can be built. We implemented our
approach in a web-application domain-in an analyzer of PHP code.},
added-at = {2017-12-30T11:19:53.000+0100},
author = {Hauzar, David and Kofroň, Jan and Baštecký, Pavel},
biburl = {https://www.bibsonomy.org/bibtex/2e032b9d5d89302de39624068390a39e6/s_bergmann},
description = {Data-flow Analysis of Programs with Associative Arrays},
doi = {10.4204/EPTCS.150.6},
interhash = {7f4497d4d35ca025a41472b113c3b557},
intrahash = {e032b9d5d89302de39624068390a39e6},
keywords = {php},
note = {cite arxiv:1405.1116Comment: In Proceedings ESSS 2014, arXiv:1405.0554},
timestamp = {2017-12-30T11:19:53.000+0100},
title = {Data-flow Analysis of Programs with Associative Arrays},
url = {http://arxiv.org/abs/1405.1116},
year = 2014
}