All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Framework for Static Analysis of PHP Applications

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216208%3A11320%2F15%3A10312278" target="_blank" >RIV/00216208:11320/15:10312278 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.4230/LIPIcs.ECOOP.2015.689" target="_blank" >http://dx.doi.org/10.4230/LIPIcs.ECOOP.2015.689</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.4230/LIPIcs.ECOOP.2015.689" target="_blank" >10.4230/LIPIcs.ECOOP.2015.689</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Framework for Static Analysis of PHP Applications

  • Original language description

    Dynamic languages, such as PHP and JavaScript, are widespread and heavily used. They provide dynamic features such as dynamic type system, virtual and dynamic method calls, dynamic includes, and built-in dynamic data structures. This makes it hard to create static analyses, e.g., for automatic error discovery. Yet exploiting errors in such programs, especially in web applications, can have significant impacts. In this paper, we present static analysis framework for PHP, automatically resolving featurescommon to dynamic languages and thus reducing the complexity of defining new static analyses. In particular, the framework enables defining value and heap analyses for dynamic languages independently and composing them automatically and soundly. We usedthe framework to implement static taint analysis for finding security vulnerabilities. The analysis has revealed previously unknown security problems in real application. Comparing to existing state-of-the-art analysis tools for PHP, it h

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/GA14-11384S" target="_blank" >GA14-11384S: Automatic Formal Analysis and Verification of Programs with Complex Unbounded Data and Control Structures</a><br>

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2015

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of 29th European Conference on Object-Oriented Programming (ECOOP'15)

  • ISBN

    978-3-939897-86-6

  • ISSN

  • e-ISSN

  • Number of pages

    23

  • Pages from-to

    689-711

  • Publisher name

    Schloss Dagstuhl - Leibniz-Zentrum für Informatik, Dagstuhl Publishing

  • Place of publication

    Dagstuhl, Německo

  • Event location

    Praha

  • Event date

    Jul 5, 2015

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

WeVerca: Web Applications Verification for PHPFramework for Static Analysis of PHP Applications (Artifact)Phalanger Improvements