Demand interprocedural dataflow analysis
SIGSOFT '95 Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering
A practical framework for demand-driven interprocedural data flow analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Data flow analysis of applicative programs using minimal function graphs
POPL '86 Proceedings of the 13th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
ACM Transactions on Internet Technology (TOIT)
Principles of Program Analysis
Principles of Program Analysis
Simultaneous Demand-Driven Data-Flow and Call Graph Analysis
ICSM '99 Proceedings of the IEEE International Conference on Software Maintenance
Extending Java for high-level Web service construction
ACM Transactions on Programming Languages and Systems (TOPLAS)
Grammar-based analysis of string expressions
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
Regular expression types for XML
ACM Transactions on Programming Languages and Systems (TOPLAS)
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Principles of Compiler Design (Addison-Wesley series in computer science and information processing)
Principles of Compiler Design (Addison-Wesley series in computer science and information processing)
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Static checking of dynamically generated queries in database applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Translation from the HTML DTD into a Regular Hedge Grammar
CIAA '08 Proceedings of the 13th international conference on Implementation and Applications of Automata
Static analysis for java servlets and JSP
SAS'06 Proceedings of the 13th international conference on Static Analysis
XML validation for context-free grammars
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
A practical string analyzer by the widening approach
APLAS'06 Proceedings of the 4th Asian conference on Programming Languages and Systems
Static analysis of multi-staged programs via unstaging translation
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flexible in-lined reference monitor certification: challenges and future directions
Proceedings of the 5th ACM workshop on Programming languages meets program verification
String analysis as an abstract interpretation
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
An interactive tool for analyzing embedded SQL queries
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Static extraction of program configuration options
Proceedings of the 33rd International Conference on Software Engineering
HTML Validation of context-free languages
FOSSACS'11/ETAPS'11 Proceedings of the 14th international conference on Foundations of software science and computational structures: part of the joint European conferences on theory and practice of software
Formal modeling
Static analysis of string values
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Embeddable framework for syntax-safe source code generation
Proceedings of the 2012 Joint International Conference on Human-Centered Computer Environments
Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia
| Hi-index | 0.00 |
We combine LR(k)-parsing technology and data-flow analysis to analyze, in advance of execution, the documents generated dynamically by a program. Based on the document language's context-free reference grammar and the program's control structure, the analysis predicts how the documents will be generated and parses the predicted documents. Our strategy remembers context-free structure by computing abstract LR-parse stacks . The technique is implemented in Objective Caml and has statically validated a suite of PHP programs that dynamically generate HTML documents.