Data-flow Analysis of Programs with Associative Arrays

Title:

Data-flow Analysis of Programs with Associative Arrays

Authors:

D. Hauzar, J. Kofroň, P. Baštecký

Publication:

Proceedings of ESSS 2014

DOI:

Year:

2014

Link:

Abstract:

Dynamic programming languages, such as PHP, JavaScript, and Python, provide built-in data structures including associative arrays and objects with similar semantics-object properties can be created at run-time and accessed via arbitrary expressions. While a high level of security and safety of applications written in these languages can be of a particular importance (consider a web application storing sensitive data and providing its functionality worldwide), dynamic data structures pose significant challenges for data-flow analysis making traditional static verification methods both unsound and imprecise. In this paper, we propose a sound and precise approach for value and points-to analysis of programs with associative arrays-like data structures, upon which data-flow analyses can be built. We implemented our approach in a web-application domain-in an analyzer of PHP code.

BibTeX:

@inproceedings{hauzar_dataflow_2014,
    title = {{Data-flow Analysis of Programs with Associative Arrays}},
    author = {Hauzar, David and Kofroň , Jan and Baštecký, Pavel},
    year = {2014},
    booktitle = {{Proceedings of ESSS 2014}},
    publisher = {EPTCS},
    doi = {10.4204/EPTCS.150.6},
    url = {https://arxiv.org/abs/1405.1116},
}