Data Modeling for Static Analysis of Web Applications
| Název práce v češtině: | Data Modeling for Static Analysis of Web Applications |
|---|---|
| Název v anglickém jazyce: | Data Modeling for Static Analysis of Web Applications |
| Klíčová slova: | static analysis, dynamic languages, PHP, data modeling |
| Klíčová slova anglicky: | static analysis, dynamic languages, PHP, data modeling |
| Akademický rok vypsání: | 2013/2014 |
| Typ práce: | diplomová práce |
| Jazyk práce: | angličtina |
| Ústav: | Katedra distribuovaných a spolehlivých systémů (32-KDSS) |
| Vedoucí / školitel: | Mgr. David Hauzar, Ph.D. |
| Řešitel: | skrytý - zadáno a potvrzeno stud. odd. |
| Datum přihlášení: | 08.11.2013 |
| Datum zadání: | 11.11.2013 |
| Datum potvrzení stud. oddělením: | 21.11.2013 |
| Datum a čas obhajoby: | 09.09.2015 11:30 |
| Datum odevzdání elektronické podoby: | 30.07.2015 |
| Datum odevzdání tištěné podoby: | 31.07.2015 |
| Datum proběhlé obhajoby: | 09.09.2015 |
| Oponenti: | doc. RNDr. Petr Hnětynka, Ph.D. |
| Zásady pro vypracování |
| Web applications manipulate a lot of data and complex data structures such as objects and multi-level maps are widely used. Even worse, the data which often comes from user input and database and thus are not known at compile time are used to access these data structures. The languages for development of web applications further support additional features such as flow-sensitive aliasing, adding fields to objects at runtime, using variables without declaration, and dynamic typing. Precise data modeling is thus crucial for development of static analysis tools for vulnerability detection, error discovery, code refactoring, and code navigation.
Weverca [3] is a static analyser for PHP. It models PHP objects and associative arrays, as well as accessing these data structures using data unknown at compile time and aliasing. However, the data modeling still poses the limitation for the scalability of the tool. The goal of the thesis is to enhance the scalability of Weverca by improving data modeling. The author of the thesis should evaluate the performance of the analyzer, identify bottlenecks due to data modeling and eliminate the most critical ones. This may include optimizing the data modeling component as such, minimizing number of expensive calls to data modeling component, implementing additional features of data modeling that can enhance the scalability of the analyzer. |
| Seznam odborné literatury |
| [1] Analýza programů a verifikace kódu (NSWI132), lecture notes
[2] F. Nielson, H. R. Nielson, and Chris Hankin. Principles of Program Analysis, Springer, 2005 [3] Weverca, http://d3s.mff.cuni.cz/~kofron/weverca/ |