Junjie Zhang, Ph.D. (Advisor); Meilin Liu, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member)
Master of Science (MS)
This thesis presents the design, the implementation, and the evaluation of a database-oriented static program analysis engine for the PHP programming language. This engine analyzes PHP programs by representing their semantics using a graph-based data structure, which will be subsequently stored into a graph database. Such scheme will fundamentally facilitate various program analysis tasks such as static taint analysis, visualization, and data mining. Specifically, these complex program analysis tasks can now be translated into built-in declarative graph database operations with rich features. Our engine fundamentally differs from other existing static program analysis systems that mainly leverage intermediate representation (IRs) to perform analysis. Specifically, our engine leverages the graph-based output of the “Uchecker” system; it translates the output into graph files with the form of CSV and then directly inserts them into a graph database. Our engine offers several unique advantages. First, static program analysis tasks could now be implemented using database queries. Second, our engine supports interactive program analysis through the graph database. Third, through our designed query templates, our engine can perform fine-grained program analysis such as data flow analysis on selected variables. We have applied our engine to analyze PHP programs collected from public program repositories such as GitHub and WordPress, where the experimental results have demonstrated the great effectiveness and efficiency of our system.
Year Degree Awarded
Copyright 2020, some rights reserved. My ETD may be copied and distributed only for non-commercial purposes and may not be modified. All use must give me credit as the original author.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.