Enabling Static Program Analysis Using A Graph Database

Author

Jialun Liu, Wright State University

Publication Date

2020

Document Type

Thesis

Committee Members

Junjie Zhang, Ph.D. (Advisor); Meilin Liu, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member)

Degree Name

Master of Science (MS)

Abstract

This thesis presents the design, the implementation, and the evaluation of a database-oriented static program analysis engine for the PHP programming language. This engine analyzes PHP programs by representing their semantics using a graph-based data structure, which will be subsequently stored into a graph database. Such scheme will fundamentally facilitate various program analysis tasks such as static taint analysis, visualization, and data mining. Specifically, these complex program analysis tasks can now be translated into built-in declarative graph database operations with rich features. Our engine fundamentally differs from other existing static program analysis systems that mainly leverage intermediate representation (IRs) to perform analysis. Specifically, our engine leverages the graph-based output of the “Uchecker” system; it translates the output into graph files with the form of CSV and then directly inserts them into a graph database. Our engine offers several unique advantages. First, static program analysis tasks could now be implemented using database queries. Second, our engine supports interactive program analysis through the graph database. Third, through our designed query templates, our engine can perform fine-grained program analysis such as data flow analysis on selected variables. We have applied our engine to analyze PHP programs collected from public program repositories such as GitHub and WordPress, where the experimental results have demonstrated the great effectiveness and efficiency of our system.

Page Count

60

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2020

Copyright

Copyright 2020, some rights reserved. My ETD may be copied and distributed only for non-commercial purposes and may not be modified. All use must give me credit as the original author.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

ORCID ID

0000-0002-1169-5333