An Executable Formal Semantics of PHP
نویسندگان
چکیده
C o n si st en t * lete * W ll D o c u m e n t e d * E a s y t o R e u s e * * E v a l u a t e d * E C O O P * Ar tifact * A E C PHP is among the most used languages for server-side scripting. Although substantial effort has been spent on the problem of automatically analysing PHP code, vulnerabilities remain pervasive in web applications, and analysis tools do not provide any formal guarantees of soundness or coverage. This is partly due to the lack of a precise specification of the language, which is highly dynamic and often exhibits subtle behaviour. We present the first formal semantics for a substantial core of PHP, based on the official documentation and experiments with the Zend reference implementation. Our semantics is executable, and is validated by testing it against the Zend test suite. We define the semantics of PHP in a termrewriting framework which supports LTL model checking and symbolic execution. As a demonstration, we extend LTL with predicates for the verification of PHP programs, and analyse two common PHP functions.
منابع مشابه
From Executable Formal Speciication to Java Property Veriication
To be sure of the meaning of a programming language, we need to have its formal semantics. But semantic speciications are hard to write, and it is diicult to be convinced that they are correct. Having an executable semantics helps, since this allows the semantics to be tested on real programs which tends to expose many mistakes. But ultimately the correctness of the semantics has to be proved a...
متن کاملAn Executable Formal Semantics of C with Applications: Technical Report
This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 770 of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker “for free”. The semantics i...
متن کاملA Formal Semantics of C with Applications
This paper describes an executable formal semantics of C expressed using a formalism based on term rewriting. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes over 96% of 715 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, and state spa...
متن کاملA Formal Executable Semantics for Java
Some of the main features of the Java language are that it is object-oriented and multi-threaded. This article presents a formal semantics of a large subset of Java, including inheritance, dynamic linking and multi-threading. To describe the object-oriented features, we use a big-step semantics. The semantics of the concurrency is deened in a small-step semantics, using a structural operational...
متن کاملFormal Semantics of Heterogeneous CUDA-C: A Modular Approach with Applications
We extend an off-the-shelf, executable formal semantics of C (Ellison and Ros,u’s K Framework semantics) with the core features of CUDA-C. The hybrid CPU/GPU computation model of CUDA-C presents challenges not just for programmers, but also for practitioners of formal methods. Our formal semantics helps expose and clarify these issues. We demonstrate the usefulness of our semantics by generatin...
متن کامل