Design And Implementation Of PHP Program Statistic Analysis System

The rapid development of Internet makes the network applications'quantity maintained a rapid growth in recent years. At the same time, the number and influence of these network applications" security vulnerabilities are increased. The manual code review is time-consuming, error-prone and high cost, the urgent need for automated testing techniques have emerged. Therefore, this paper base on the popular scripting language PHP to study the static analysis, including the compiler front-end, the control flow graph, data flow analysis and defects function design.The author build an efficient complier module base on the PHP language's actual situation and existing open source software, and add the consideration of the PHP language class to provide a strong data base for the subsequent handling.In the process of building the control flow graph, the paper defines the data structure, completes the conversion from abstract syntax tree to the control flow graph, and introduces the path analysis algorithm ideas. Above work provide a reliable technical guarantee for the efficient running of the static analysis system.This paper has a detailed study about the data flow analysis part. PHP is a weakly typed language, this feature would bring the complex analysis process to the static analysis system. The author adopt the optimized lattice structure and conversion function in the text analysis, alias analysis and taint analysis to enhance the accuracy of the static analysis system.In the design of the defects function, the common vulnerabilities are classified firstly, then the major solution has been given, and finally author provides more details about every vulnerability, covering the common vulnerability scenarios of current online applications.The above analysis techniques have been implemented, the author present an analysis method to consider the class in PHP for static analysis creatively, this system is in a leading position of the static analysis based on PHP field of the country, the future work will focus on studying better defects functions for the vulnerabilities to enhance the analysis accuracy.