Object Sensitive Type Analysis for PHP

Abstract

In dynamically typed languages type checking is performed at run-time. Statically typed languages on the other hand perform type checking at compile time, allowing type errors to be caught at the earliest possible stage. In this thesis we describe an object sensitive type analysis for PHP, allowing types to be inferred at compile time.

The presence of dynamic method dispatching in PHP implies that control flow and data flow information are mutually dependent: propagation of points-to information may make additional methods reachable, which may in turn increase the propagated points-to information. To this end we extended the notion of a Monotone Framework [1]. Our Extended Monotone Framework intuitively captures the notion of a dynamically discovered call graph and enables us to add control flow edges on the fly. In addition, we presented a novel method to capture the coercion rules of PHP by means of the coerce and reject functions. The transfer functions rely on work by Smaragdakis et al.[2] by employing the context manipulation functions record and merge to capture the essence of object sensitivity. Multiple variations of an object sensitive analysis are obtained by choosing different implementations for these context manipulation functions. Finally, our experimental evaluation compare these analysis variations.

[1] Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of Program Analysis.

[2] Yannis Smaragdakis and Martin Bravenboer. Pick your contexts well: Understanding object-sensitivity.