research-article

An empirical study of PHP feature usage: a static analysis perspective

Authors:

Jurgen VinjuAuthors Info & Claims

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

Pages 325 - 335

https://doi.org/10.1145/2483760.2483786

Published: 15 July 2013 Publication History

Abstract

PHP is one of the most popular languages for server-side application development. The language is highly dynamic, providing programmers with a large amount of flexibility. However, these dynamic features also have a cost, making it difficult to apply traditional static analysis techniques used in standard code analysis and transformation tools. As part of our work on creating analysis tools for PHP, we have conducted a study over a significant corpus of open-source PHP systems, looking at the sizes of actual PHP programs, which features of PHP are actually used, how often dynamic features appear, and how distributed these features are across the files that make up a PHP website. We have also looked at whether uses of these dynamic features are truly dynamic or are, in some cases, statically understandable, allowing us to identify specific patterns of use which can then be taken into account to build more precise tools. We believe this work will be of interest to creators of analysis tools for PHP, and that the methodology we present can be leveraged for other dynamic languages with similar features.

References

[1]

Count Lines of Code Tool. http://cloc.sourceforge.net.

[2]

PHP Language Homepage. http://www.php.net.

[3]

PHP Usage on GitHub. https://github.com/languages/PHP.

[4]

PHP Usage Statistics. http://w3techs.com/ technologies/details/pl-php/all/all.

[5]

TIOBE Programming Community Index. http://www.tiobe.com/index.php/content/ paperinfo/tpci/index.html.

[6]

G. Baxter, M. R. Frean, J. Noble, M. Rickerby, H. Smith, M. Visser, H. Melton, and E. D. Tempero. Understanding the Shape of Java Software. In Proceedings of OOPSLA’06, pages 397–412. ACM, 2006.

Digital Library

[7]

C. S. Collberg, G. Myles, and M. Stepp. An empirical study of Java bytecode programs. Software: Practice and Experience, 37(6):581–641, 2007.

Digital Library

[8]

M. D. Ernst, G. J. Badros, and D. Notkin. An Empirical Analysis of C Preprocessor Use. IEEE Transactions on Software Engineering, 28(12):1146–1170, 2002.

Digital Library

[9]

M. Furr, J. hoon (David) An, and J. S. Foster. Profile-Guided Static Typing for Dynamic Scripting Languages. In Proceedings of OOPSLA’09, pages 283–300. ACM, 2009.

Digital Library

[10]

M. Furr, J. hoon (David) An, J. S. Foster, and M. W. Hicks. Static Type Inference for Ruby. In Proceedings of SAC’09, pages 1859–1866. ACM, 2009.

Digital Library

[11]

A. Garrido. Program Refactoring in the Presence of Preprocessor Directives. PhD thesis, University of Illinois at Urbana-Champaign, 2005.

Digital Library

[12]

B. Hackett and A. Aiken. How is Aliasing Used in Systems Software? In Proceedings of FSE’06, pages 69–80. ACM, 2006.

Digital Library

[13]

S. H. Jensen, P. A. Jonsson, and A. Møller. Remedying the eval that men do. In Proceedings of ISSTA’12, pages 34–44. ACM, 2012.

Digital Library

[14]

P. Klint, T. van der Storm, and J. J. Vinju. RASCAL: A Domain Specific Language for Source Code Analysis and Manipulation. In Proceedings of SCAM’09, pages 168–177. IEEE, 2009.

Digital Library

[15]

D. E. Knuth. An Empirical Study of FORTRAN Programs. Software: Practice and Experience, 1(2):105–133, 1971.

[16]

J. Liebig, S. Apel, C. Lengauer, C. Kästner, and M. Schulze. An Analysis of the Variability in Forty Preprocessor-Based Software Product Lines. In Proceedings of ICSE’10, pages 105–114. ACM, 2010.

Digital Library

[17]

F. Meawad, G. Richards, F. Morandat, and J. Vitek. Eval Begone!: Semi-Automated Removal of Eval from JavaScript Programs. In Proceedings of OOPSLA’12, pages 607–620. ACM, 2012.

Digital Library

[18]

F. Morandat, B. Hill, L. Osvald, and J. Vitek. Evaluating the Design of the R Language - Objects and Functions for Data Analysis. In Proceedings of ECOOP’12, volume 7313 of LNCS, pages 104–131. Springer, 2012.

Digital Library

[19]

G. Richards, C. Hammer, B. Burg, and J. Vitek. The Eval That Men Do - A Large-Scale Study of the Use of Eval in JavaScript Applications. In Proceedings of ECOOP’11, volume 6813 of LNCS, pages 52–78. Springer, 2011.

Digital Library

[20]

G. Richards, S. Lebresne, B. Burg, and J. Vitek. An Analysis of the Dynamic Behavior of JavaScript Programs. In Proceedings of PLDI’10, pages 1–12. ACM, 2010.

Digital Library

[21]

M. Sridharan, J. Dolby, S. Chandra, M. Schäfer, and F. Tip. Correlation Tracking for Points-To Analysis of JavaScript. In Proceedings of ECOOP’12, LNCS, pages 435–458. Springer, 2012.

Digital Library

Cited By

Al Kassar FCompagna LBalzarotti DCalandrino JTroncoso C(2023)WHIPProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620577(6079-6096)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620577
Dong YLi ZTian YSun CGodfrey MNagappan M(2023)Bash in the Wild: Language Usage, Code Smells, and BugsACM Transactions on Software Engineering and Methodology10.1145/351719332:1(1-22)Online publication date: 13-Feb-2023
https://dl.acm.org/doi/10.1145/3517193
Marashdih AZaaba ZSuwais K(2023)An Enhanced Static Taint Analysis Approach to Detect Input Validation VulnerabilityJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.01.00935:2(682-701)Online publication date: Feb-2023
https://doi.org/10.1016/j.jksuci.2023.01.009
Show More Cited By

Index Terms

An empirical study of PHP feature usage: a static analysis perspective
1. General and reference
  1. Cross-computing tools and techniques
    1. Metrics
2. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language features

Recommendations

Static, lightweight includes resolution for PHP
ASE '14: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering

Dynamic languages include a number of features that are challenging to model properly in static analysis tools. In PHP, one of these features is the include expression, where an arbitrary expression provides the path of the file to include at runtime. ...
Supporting PHP dynamic analysis in PHP AiR
WODA 2015: Proceedings of the 13th International Workshop on Dynamic Analysis

The PHP AiR framework is currently being developed to support software metrics, empirical software engineering, and program analysis for real-world PHP systems. While most of the work on program analysis has focused on static analysis, to help address ...
AJAX and PHP: Building Modern Web Applications 2nd Edition

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

July 2013

381 pages

ISBN:9781450321594

DOI:10.1145/2483760

General Chair:
Mauro Pezzè,
Program Chair:
Mark Harman

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 July 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '13

Sponsor:

SIGSOFT

ISSTA '13: Iitsnternational Symposium on Software Testing and Analysis

July 15 - 20, 2013

Lugano, Switzerland

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
672
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)3

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al Kassar FCompagna LBalzarotti DCalandrino JTroncoso C(2023)WHIPProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620577(6079-6096)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620577
Dong YLi ZTian YSun CGodfrey MNagappan M(2023)Bash in the Wild: Language Usage, Code Smells, and BugsACM Transactions on Software Engineering and Methodology10.1145/351719332:1(1-22)Online publication date: 13-Feb-2023
https://dl.acm.org/doi/10.1145/3517193
Marashdih AZaaba ZSuwais K(2023)An Enhanced Static Taint Analysis Approach to Detect Input Validation VulnerabilityJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2023.01.00935:2(682-701)Online publication date: Feb-2023
https://doi.org/10.1016/j.jksuci.2023.01.009
Tiwari AGoel S(2022)E-Commerce Web Portal Using Full-Stack Open-Source TechnologiesIOT with Smart Systems10.1007/978-981-19-3575-6_2(11-17)Online publication date: 6-Oct-2022
https://doi.org/10.1007/978-981-19-3575-6_2
Ali KLai XLuo ZLhotak ODolby JTip F(2021)A Study of Call Graph Construction for JVM-Hosted LanguagesIEEE Transactions on Software Engineering10.1109/TSE.2019.295692547:12(2644-2666)Online publication date: 1-Dec-2021
https://doi.org/10.1109/TSE.2019.2956925
Saundariya KAbirami MSenthil KPrabakaran DSrimathi BNagarajan G(2021)Webapp Service for Booking Handyman Using Mongodb, Express JS, React JS, Node JS2021 3rd International Conference on Signal Processing and Communication (ICPSC)10.1109/ICSPC51351.2021.9451783(180-183)Online publication date: 13-May-2021
https://doi.org/10.1109/ICSPC51351.2021.9451783
Mastrangelo LHauswirth MNystrom N(2019)Casting about in the dark: an empirical study of cast operations in Java programsProceedings of the ACM on Programming Languages10.1145/33605843:OOPSLA(1-31)Online publication date: 10-Oct-2019
https://dl.acm.org/doi/10.1145/3360584
Amorim LSteindorfer MVisser ECombemale BMernik MRumpe B(2017)Deep priority conflicts in the wild: a pilot studyProceedings of the 10th ACM SIGPLAN International Conference on Software Language Engineering10.1145/3136014.3136020(55-66)Online publication date: 23-Oct-2017
https://dl.acm.org/doi/10.1145/3136014.3136020
Sun KRyu S(2017)Analysis of JavaScript ProgramsACM Computing Surveys10.1145/310674150:4(1-34)Online publication date: 25-Aug-2017
https://dl.acm.org/doi/10.1145/3106741
Anderson DHills M(2017)Query Construction Patterns in PHP2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER.2017.7884652(452-456)Online publication date: Feb-2017
https://doi.org/10.1109/SANER.2017.7884652
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents