Data-flow Analysis of Programs with Associative Arrays

David Hauzar
(Department of Distributed and Dependable Systems, Faculty of Mathematics and Physics, Charles University in Prague, Czech Republic)
Jan Kofroň
(Department of Distributed and Dependable Systems, Faculty of Mathematics and Physics, Charles University in Prague, Czech Republic)
Pavel Baštecký
(Department of Distributed and Dependable Systems, Faculty of Mathematics and Physics, Charles University in Prague, Czech Republic)

Dynamic programming languages, such as PHP, JavaScript, and Python, provide built-in data structures including associative arrays and objects with similar semantics—object properties can be created at run-time and accessed via arbitrary expressions. While a high level of security and safety of applications written in these languages can be of a particular importance (consider a web application storing sensitive data and providing its functionality worldwide), dynamic data structures pose significant challenges for data-flow analysis making traditional static verification methods both unsound and imprecise. In this paper, we propose a sound and precise approach for value and points-to analysis of programs with associative arrays-like data structures, upon which data-flow analyses can be built. We implemented our approach in a web-application domain—in an analyzer of PHP code.

In Jun Pang and Yang Liu: Proceedings Third International Workshop on Engineering Safety and Security Systems (ESSS 2014), Singapore, Singapore, 13 May 2014, Electronic Proceedings in Theoretical Computer Science 150, pp. 56–70.
Published: 3rd May 2014.

ArXived at: http://dx.doi.org/10.4204/EPTCS.150.6 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org