2 research outputs found
Data-flow Analysis of Programs with Associative Arrays
Dynamic programming languages, such as PHP, JavaScript, and Python, provide
built-in data structures including associative arrays and objects with similar
semantics-object properties can be created at run-time and accessed via
arbitrary expressions. While a high level of security and safety of
applications written in these languages can be of a particular importance
(consider a web application storing sensitive data and providing its
functionality worldwide), dynamic data structures pose significant challenges
for data-flow analysis making traditional static verification methods both
unsound and imprecise. In this paper, we propose a sound and precise approach
for value and points-to analysis of programs with associative arrays-like data
structures, upon which data-flow analyses can be built. We implemented our
approach in a web-application domain-in an analyzer of PHP code.Comment: In Proceedings ESSS 2014, arXiv:1405.055
Génération automatique de tests unitaires avec Praspel, un langage de spécification pour PHP
The works presented in this memoir are about the validation of PHPprograms through a new specification language, along with its tools. These works follow three axes: specification language, automatic test data generation and automatic unit test generation. The first contribution is Praspel, a new specification language for PHP, based on the Design by Contract. Praspel specifies data with realistic domains, which are new structures allowing to validate and generate data. Based on a contract, we are able to perform Contract-based Testing, i.e.using contracts to automatically generate unit tests. The second contribution isabout test data generation. For booleans, integers and floating point numbers, auniform random generation is used. For arrays, a dedicated constraint solver has been implemented and used. For strings, a grammar description language along with an LL(â) compiler compiler and several algorithms for data generation are used. Finally, the object generation is supported. The third contribution defines contract coverage criteria. These latters provide test objectives. All these contributions are implemented and experimented into tools distributed to the PHP community.Les travaux prĂ©sentĂ©s dans ce mĂ©moire portent sur la validation de programmes PHP Ă travers un nouveau langage de spĂ©cification, accompagnĂ© de ses outils. Ces travaux sâarticulent selon trois axes : langage de spĂ©cification, gĂ©nĂ©ration automatique de donnĂ©es de test et gĂ©nĂ©ration automatique de tests unitaires.La premiĂšre contribution est Praspel, un nouveau langage de spĂ©cification pour PHP, basĂ© sur la programmation par contrat. Praspel spĂ©cifie les donnĂ©es avec des domaines rĂ©alistes, qui sont des nouvelles structures permettant de valider etgĂ©nĂ©rer des donnĂ©es. Ă partir dâun contrat Ă©crit en Praspel, nous pouvons faire du Contract-based Testing, câest Ă dire exploiter les contrats pour gĂ©nĂ©rer automatiquement des tests unitaires. La deuxiĂšme contribution concerne la gĂ©nĂ©ration de donnĂ©es de test. Pour les boolĂ©ens, les entiers et les rĂ©els, une gĂ©nĂ©ration alĂ©atoire uniforme est employĂ©e. Pour les tableaux, un solveur de contraintes a Ă©tĂ© implĂ©mentĂ© et utilisĂ©. Pour les chaĂźnes de caractĂšres, un langage de description de grammaires avec un compilateur de compilateurs LL(â) et plusieurs algorithmes de gĂ©nĂ©ration de donnĂ©es sont employĂ©s. Enfin, la gĂ©nĂ©ration dâobjets est traitĂ©e.La troisiĂšme contribution dĂ©finit des critĂšres de couverture sur les contrats.Ces derniers fournissent des objectifs de test. Toutes ces contributions ont Ă©tĂ© implĂ©mentĂ©es et expĂ©rimentĂ©es dans des outils distribuĂ©s Ă la communautĂ© PHP