[PRL] [1405.1116] Data-flow Analysis of Programs with Associative Arrays

[Mitchell Wand]

Not read, but...

Data-flow Analysis of Programs with Associative Arrays
David Hauzar <http://arxiv.org/find/cs/1/au:+Hauzar_D/0/1/0/all/0/1>
(Department
of Distributed and Dependable Systems, Faculty of Mathematics and Physics,
Charles University in Prague, Czech Republic),Jan
Kofroň<http://arxiv.org/find/cs/1/au:+Kofron_J/0/1/0/all/0/1>
(Department
of Distributed and Dependable Systems, Faculty of Mathematics and Physics,
Charles University in Prague, Czech Republic),Pavel
Baštecký<http://arxiv.org/find/cs/1/au:+Bastecky_P/0/1/0/all/0/1>
(Department
of Distributed and Dependable Systems, Faculty of Mathematics and Physics,
Charles University in Prague, Czech Republic)
(Submitted on 6 May 2014)

Dynamic programming languages, such as PHP, JavaScript, and Python, provide
built-in data structures including associative arrays and objects with
similar semantics-object properties can be created at run-time and accessed
via arbitrary expressions. While a high level of security and safety of
applications written in these languages can be of a particular importance
(consider a web application storing sensitive data and providing its
functionality worldwide), dynamic data structures pose significant
challenges for data-flow analysis making traditional static verification
methods both unsound and imprecise. In this paper, we propose a sound and
precise approach for value and points-to analysis of programs with
associative arrays-like data structures, upon which data-flow analyses can
be built. We implemented our approach in a web-application domain-in an
analyzer of PHP code.







http://arxiv.org/abs/1405.1116
-------------- next part --------------
HTML attachment scrubbed and removed