Supporting PHP Dynamic Analysis in PHP AiR

Abstract

The PHP AiR framework is currently being developed to support software metrics, empirical software engineering, and program analysis for real-world PHP systems. While most of the work on program analysis has focused on static analysis, to help address the dynamic nature of the language we have also started to extend PHP AiR with support for dynamic program analysis. This extended abstract highlights two parts of this support: integration with xdebug for trace analysis, and instrumentation of an open-source PHP interpreter with a focus on supporting string origins, allowing us to explore how strings are created in security-sensitive areas such as database calls and HTML generation.

Publication
Proceedings of the 13th International Workshop on Dynamic Analysis (WODA 2015)
Mark Hills
Mark Hills
Associate Professor

My research interests include programming languages, program analysis, and software engineering.