Static, lightweight includes resolution for PHP

Hills, Mark; Klint, Paul; Vinju, Jurgen

doi:10.1145/2642937.2643017

Cited by 11 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have already started to do so based on our earlier results, creating an analysis for resolving dynamic file inclusion expressions that is effective in many cases [18]. Similarly, we plan to investigate patterns of use for variable properties that can be leveraged to increase the precision of the type analysis we are currently building for PHP, and we are investigating dynamic techniques for better dealing with variable features and dynamic function invocations, especially those related to plugins.…”

Section: Discussionmentioning

confidence: 99%

Evolution of dynamic feature usage in PHP

Hills

2015

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

Self Cite

View full text Add to dashboard Cite

PHP includes a number of dynamic features that, if used, make it challenging for both programmers and tools to reason about programs. In this paper we examine how usage of these features has changed over time, looking at usage trends for three categories of dynamic features across the release histories of two popular open-source PHP systems, WordPress and MediaWiki. Our initial results suggest that, while features such as eval are being removed over time, more constrained dynamic features such as variable properties are becoming more common. We believe the results of this analysis provide useful insights for researchers and tool developers into the evolving use of dynamic features in real PHP programs.

show abstract

Section: Discussionmentioning

confidence: 99%

Evolution of dynamic feature usage in PHP

Hills

2015

2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The three file inclusion expressions show examples of dynamic behavior, such as calls to the dirname function, string concatenation, magic constants (e.g., __FILE__), and string splicing (where a variable is used directly inside a string, with or without curly braces). We created two analysis algorithms to statically compute which files could be included by each file inclusion expression [15]. One algorithm, FLRES, is used to quickly compute possible includes for a specific expression, while the other, PGRES, is a more precise algorithm that works given a script as an entry point into the site (i.e., a script that a user would navigate to on the web, instead of a script that is only ever included by other scripts) instead of looking at the script in isolation as is done by FLRES.…”

Section: Program Analysismentioning

confidence: 99%

“…The program analysis algorithms are tuned for specific usage scenarios, so the FLRES dynamic file inclusion resolution algorithm [15], which is intended to be used in an IDE, generally runs in under 50 milliseconds (with some outliers taking longer), while PGRES, which is intended to resolve dynamic includes as part of a more powerful analysis [15], takes, on average, 21 seconds.…”

Section: Implementation Challengesmentioning

confidence: 99%

“…Built using the Rascal meta-programming language [10], a successor to Asf+Sdf [11] and RScript [12], PHP AiR has been, and is currently being, used in multiple research projects, including: empirical surveys of PHP language feature usage [13] and of the evolution of language feature usage over time [14]; a program analysis for resolving dynamic file includes [15]; a program analysis for resolving names used in reflective contexts in PHP code [16]; a refactoring from hand-coded SQL calls to uses of database libraries [17]; and multiple student projects to extract various metrics from PHP source code.…”

Section: Introductionmentioning

confidence: 99%

“…That paper focused mainly on uses of PHP AiR, spending very little time on the implementation, while this paper instead focuses on the implementation choices made and what can be learned from them. Several other papers [13][14][15][16] describe specific uses of PHP AiR, including empirical studies of how PHP is used and program analysis algorithms focused on specific dynamic language features. This paper is a longer version of an unpublished paper presented at the 4th International Workshop on Academic Software Development Tools and Techniques in 2013.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Enabling PHP software engineering research in Rascal

Hills

Klint

Vinju

2017

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

Today, PHP is one of the most popular programming languages, and is commonly used in the open source community and in industry to build large application frameworks and web applications. In this paper, we discuss our ongoing work on PHP AiR, a framework for PHP Analysis in Rascal. PHP AiR is focused especially on program analysis and empirical software engineering, and is being used actively and effectively in work on evaluating PHP feature usage and system evolution, on program analysis for refactoring and security validation, and on source code metrics. We describe the requirements and design decisions for PHP AiR, summarize current research using PHP AiR, discuss lessons learned, and briefly sketch future work.

show abstract