Proceedings paper

Title:
Data-flow Analysis of Programs with Associative Arrays
Authors:
David Hauzar, Jan Kofroň, Pavel Baštecký
Publication:
Proceedings of ESSS 2014
DOI:
Year:
2014
Link:

Abstract:
Dynamic programming languages, such as PHP, JavaScript, and Python, provide built-in data structures including associative arrays and objects with similar semantics-object properties can be created at run-time and accessed via arbitrary expressions. While a high level of security and safety of applications written in these languages can be of a particular importance (consider a web application storing sensitive data and providing its functionality worldwide), dynamic data structures pose significant challenges for data-flow analysis making traditional static verification methods both unsound and imprecise. In this paper, we propose a sound and precise approach for value and points-to analysis of programs with associative arrays-like data structures, upon which data-flow analyses can be built. We implemented our approach in a web-application domain-in an analyzer of PHP code.

BibTeX:
@inproceedings{hauzar_dataflow_2014,
    title = {{Data-flow Analysis of Programs with Associative Arrays}},
    author = {Hauzar, David and Kofroň, Jan and Baštecký, Pavel},
    year = {2014},
    booktitle = {{Proceedings of ESSS 2014}},
    publisher = {EPTCS},
    doi = {10.4204/EPTCS.150.6},
    url = {https://arxiv.org/abs/1405.1116},
}