Abstract
PHP is a popular language for building websites, but also notoriously lax in that almost every value can be coerced into a value of any imaginable type. Therefore it often happens that PHP code does not behave as expected.
We have devised a flexible system that can assist a programmer
in discovering suspicious pieces of PHP code, accompanied by a
measure of suspicion.
The analysis we employ is constraint-based, uses a limited
amount of context to improve precision for non-global variables,
and applies widening to ensure termination.
We have applied the system to a number of implementations
made by programmers of various degrees of proficiency, showing
that even with these technically rather simple means it is quite
possible to obtain good results.
We have devised a flexible system that can assist a programmer
in discovering suspicious pieces of PHP code, accompanied by a
measure of suspicion.
The analysis we employ is constraint-based, uses a limited
amount of context to improve precision for non-global variables,
and applies widening to ensure termination.
We have applied the system to a number of implementations
made by programmers of various degrees of proficiency, showing
that even with these technically rather simple means it is quite
possible to obtain good results.
| Original language | English |
|---|---|
| Publisher | Department of Information and Computing Sciences, Utrecht University |
| Number of pages | 13 |
| Publication status | Published - Feb 2009 |
Publication series
| Name | Technical Report Series |
|---|---|
| No. | UU-CS-2009-004 |
| ISSN (Print) | 0924-3275 |