DOCSLIB.ORG

A Framework for Static Analysis of Dynamic Code Via Emulation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Framework for Static Analysis of Dynamic Code Via Emulation Submission Version Emulization: a Framework for Static Analysis of Dynamic Code via Emulation Abbas Naderi-Afooshteh, Anh Nguyen-Tuong, Jason D. Hiser, Jack W. Davidson Department of Computer Science, University of Virginia [email protected], [email protected], [email protected], [email protected] Abstract Categories and Subject Descriptors F.3.2 [Logics and Static analysis of dynamic scripting code is a very chal- Meanings of Programs]: Semantics of Programming Languages— lenging problem due to the extensive use of dynamic features Program Analysis; D.3.4 [Programming Languages]: Processors— such as run-time code generation, dynamic aliasing, dynamic Interpreters; D.3.1 [Programming Languages]: Formal Defi- weak typing, and implicit object creation, to name a few. nitions and Theory With increasing popularity of dynamic languages, prior General Terms Design, Security research has focused on theoretical, or practical but ad- hoc solutions to handle many of these dynamic features. Keywords Dynamic Analysis, Static Analysis, Emulation Unfortunately, a comprehensive static analysis method that scales to popular real-world applications is lacking. 1. Introduction This work tackles the problem from a new perspective. Our Static analysis of dynamic applications, such as those writ- approach enables us to have an accurate, scalable method for ten in PHP, Javascript, Python or Bash Script, is an open analysis of dynamic applications. research problem. Several challenging problems plague anal- Our method, emulization, is based on a novel dynamic ysis of dynamic code. Constructing a sound or complete analysis powered by emulation, combined with static analysis. control flow graph (CFG), reasoning about dynamic evalua- The combination provides a framework for context and flow tions (i.e., calls to eval), type inference, error handling and sensitive dynamic and static analysis of dynamic applications. alias inference are some of these issues. To demonstrate its scalability and accuracy, emulization Most existing solutions try to extrapolate static analysis was applied to large and very popular dynamic applications methods developed for strongly typed, static (or less dynamic) such as Wordpress and Joomla (262k and 472k lines of code languages such as C or Java to dynamic languages, while respectively, with more than 40 different dynamic features). providing novel solutions for some of the problems specific Our analysis of these applications resulted in the discovery to dynamic languages (such as dynamic includes). None of of at least 7 bugs in PHP, at least 2 of which are confirmed these approaches has demonstrated analysis of dynamic real- security vulnerabilities. We also applied emulization to a world applications scaling above 100k lines of code. benchmark group of applications commonly evaluated by Another sizable category of solutions uses a combination prior work. of static and dynamic analysis, while employing a wide Finally, we demonstrate the simplicity of implementing range of ad-hoc approaches to tackle challenges of statically a practical analysis on top of our framework by creating a analyzing dynamic code. These solutions either use dynamic taint tracker in less than 3 hours consisting of 300 lines of analysis on small basic blocks, or obtain a trace of the code. The taint tracker confirmed several reported vulnerabil- application to help in the static analysis phase. ities from the benchmark and discovered two new security We believe neither of these approaches is satisfactory for vulnerabilities in Wordpress and Joomla. analysis of dynamic code, especially when the code base is large (as is the case with most popular applications today). This belief is strengthened by the fact that none of the prior work could reason about such applications. In fact, many projects note that it is not possible to precisely analyze dynamic code via their approach [1, 3, 9, 10, 15, 22, 30, 36]. With respect to the implementation of analysis techniques, many solutions modify the interpreter [1, 28, 33]. Others instrument the code, either lightly or heavily, to extract the [Copyright notice will appear here once ’preprint’ option is removed.] data and perform post processing analysis [27, 29]. The 1 2016/11/12 remaining solutions use formal methods to parse and model The paper is organized as follows. Section 2 provides the dynamic code and then reason about it [14–16, 22]. technical background and discusses why dynamic features We believe that these implementation approaches are not present challenges for static analysis. Section 3 describes well suited for the analysis of dynamic applications. Modi- our method which is based on emulation. Section 4 covers fying the interpreter is very hard, error prone, and requires challenges of emulating dynamic code and our experience modeling all functionality. Formal reasoning also requires with addressing these challenges. Section 5 presents our modeling of all language features, which can take thousands analysis framework and its capabilities. The evaluation of of hours of work to provide reasonable completeness. That our framework is contained in Section 6. It includes analysis is why the majority of prior work notes that they are not coverage and performance measurements as well as case complete, due to lack of modeling or implementation of var- studies. Section 7 discusses the related work and contrasts it ious challenging dynamic features. Finally, instrumenting with our work, while Section 8 provides a summary. the code breaks metaprogramming and reflection, and incurs significant performance overhead. 2. Background emulation In contrast, our solution is based on , i.e., creat- 2.1 Dynamic Code Definition ing an interpreter of the dynamic language in itself. There are several benefits. Emulation supports proxying, allowing the Throughout this paper dynamic code is defined to be any implementation of necessary features with the desired granu- code that does not have a clear separation between data larity, while proxying all undesired features of the language and executable code, relying on the interpreter regularly to to the underlying interpreter to preserve accuracy. execute data (e.g., variable contents) as code. Since emulation is done in the dynamic language itself, Based on this definition, we use dynamic programming low-level details of its semantics are abstracted away (e.g., languages to refer to languages which pervasively use dy- memory management, optimizations and implicit type casts), namic features, such as PHP, Ruby, Python, Perl, Javascript, significantly reducing the complexity of implementation Lua, Bash Script and several other scripting languages, in while minimizing the risks associated with incorrect modeling contrast with languages such as C# and Java, which have an or erroneous implementation of semantics [10, 17, 28]. interpreter ready and provide dynamic coding features such as Finally, emulation in the high-level language supports Reflection and CodeDOM, but are not typically used to create rapid development. Our prototype implementation of the PHP dynamic code. Dynamic languages are also frequently used emulator consists of 4000 total lines of code, whereas the for metaprogramming, i.e., programs that modify themselves analyzer by Dahse et. al. [10] is roughly 65,000 lines of code. during runtime and execute data as code. The implementation of Weverca [15] is about 200,000 lines The goal of this research is to provide a platform for anal- of code, while supporting much less of the PHP language ysis of dynamic applications developed using dynamic pro- than our tool. As far as we are aware, our work is the first to gramming languages (which is the majority of applications fully model its target language, including 44 dynamic features developed using such languages). necessary for accurate analysis. 2.2 Dynamic Features The primary drawback of emulation is that it adds another layer on top of the interpreter, which impacts performance. In this section, we discuss some of the dynamic features However, our evaluations show that the performance is com- common in dynamic code, making their analysis challenging: petitive with other analysis methods. 2.2.1 Dynamic Include Contributions. The main contributions of this research are Dynamic languages, just like any other programming lan- as follows: guage, benefit from structuring code into several files, orga- nized into several directories. Many applications developed • A discussion of difficult to analyze dynamic features in using these languages have one or few entry points into the dynamic programming languages, and potential solutions. application, even though all their files can be executed individ- • A novel method for analysis of dynamic code, accompa- ually. This design allows such applications to load libraries nied by a dynamic code analysis framework based on the and code required to perform desired functionality, then inter- method and powered by emulation. nally dispatch the request to the respective individual script, • An open source, well-documented and extensible emulator enabling easier control over flow of the application while for PHP supporting all features of the target language. reducing complexity of individual scripts. One of the most problematic features in analyzing dy- • An open source, extensible flow and context-sensitive namic languages are dynamic includes. Includes in dynamic analysis framework for PHP. languages, in contrast with static languages, are not prepro- • An evaluation of the framework and its
Load more

Recommended publications
  • Report on Biodiversity and Tropical Forests in Indonesia
    Report on Biodiversity and Tropical Forests in Indonesia Submitted in accordance with Foreign Assistance Act Sections 118/119 February 20, 2004 Prepared for USAID/Indonesia Jl. Medan Merdeka Selatan No. 3-5 Jakarta 10110 Indonesia Prepared by Steve Rhee, M.E.Sc. Darrell Kitchener, Ph.D. Tim Brown, Ph.D. Reed Merrill, M.Sc. Russ Dilts, Ph.D. Stacey Tighe, Ph.D. Table of Contents Table of Contents............................................................................................................................. i List of Tables .................................................................................................................................. v List of Figures............................................................................................................................... vii Acronyms....................................................................................................................................... ix Executive Summary.................................................................................................................... xvii 1. Introduction............................................................................................................................1- 1 2. Legislative and Institutional Structure Affecting Biological Resources...............................2 - 1 2.1 Government of Indonesia................................................................................................2 - 2 2.1.1 Legislative Basis for Protection and Management of Biodiversity and
    [Show full text]
  • Pfc6168.Pdf (438.8Kb)
    ESCUELA TÉCNICA SUPERIOR DE INGENIERÍA DE TELECOMUNICACIÓN UNIVERSIDAD POLITÉCNICA DE CARTAGENA Proyecto Fin de Carrera TÍTULO: Iphone Bookshelf AUTOR: David Zamora Gutiérrez DIRECTOR: Francesc Burrull i Mestres Febrero / 2015 INDEX IPhone application………………………………………………………………... o Tools……………………………………………………………………… . Iphone…………………………………………………………….. Objective-C……………………………………………………….. o Code………………………………………………………………………. Web site…………………………………………………………………………... o Tools……………………………………………………………………… . Codeigniter……………………………………………………….. Php………………………………………………………………... Http……………………………………………………………….. Html………………………………………………………………. Mysql……………………………………………………………... Apache……………………………………………………………. CSS……………………………………………………………….. E-books…………………………………………………………… o Code………………………………………………………………………. References……………………………………………………………………....... IPHONE APPLICATION TOOLS IPHONE The iPhone is a line of Internet- and multimedia-enabled smartphones designed and marketed by Apple Inc. The first iPhone was unveiled by Apple CEO Steve Jobs on January 9, 2007, and released on June 29, 2007. An iPhone can function as a video camera (video recording was not a standard feature until the iPhone 3GS was released), a camera phone, can send texts and receive visual voicemail, a portable media player, and an Internet client with email and web browsing capabilities, and both Wi-Fi and 3G connectivity. The user interface is built around the device's multi-touch screen, including a virtual keyboard rather than a physical one. Third-party as well as Apple application software is available from the App Store, which launched in mid-2008 and now has over 350,000 "apps" approved by Apple. These apps have diverse functionalities, including games, reference, GPS navigation, social networking, e-books... To create applications for this device it’s use the APPLE SDK. APPLE SDK The SDK basically consists of a set of tools that Apple provides to build, debug and test our developments. It contains the following programs: - XCODE: Xcode is a suite of tools, developed by Apple, for developing software for Mac OS X and iOS.
    [Show full text]
  • Phalanger Compiling PHP for .NET and Silverlight
    Phalanger Compiling PHP for .NET and Silverlight http://php-compiler.net Tomáš Petříček, C# MVP ([email protected]) Formerly by: Tomáš Matoušek, Ladislav Prošek, et al. Agenda Phalanger Introduction What is Phalanger? And what is it good for? Phalanger for Silverlight How (and why) to write Silverlight client apps in PHP .NET and PHP interoperability Calling C# code from PHP Calling PHP code from C# Interesting Compilation Problems Conditional type binding Calling overloaded methods DEMO Let’s look at some cool demo first :-)! http://tomasp.net/files/copter/default.html Introduction . Phalanger: PHP Language Compiler for .NET . Initially targeting .NET Framework 1.1 . Now using .NET 2.0, Mono and Silverlight 2.0 . We’re planning to use (parts of) DLR in the future . What can you do with Phalanger? . Compile various open-source PHP applications for .NET . Use PHP functions & objects from (other) .NET languages . Use .NET classes from PHP programs . Write Silverlight applications in PHP Agenda Phalanger Introduction What is Phalanger? And what is it good for? Phalanger for Silverlight How (and why) to write Silverlight client apps in PHP .NET and PHP interoperability Calling C# code from PHP Calling PHP code from C# Interesting Compilation Problems Conditional type binding Calling overloaded methods Phalanger: PHP for Silverlight . Similar as other Silverlight dynamic languages . XAML file is loaded by Silverlight plugin in the browser . PHP source code referenced using XAML element: <php:PhalangerLoader Source="script.phpx" /> . Downloaded, compiled and executed on the client . “Loader” element, compiler and runtime in one DLL file <Canvas xmlns="http://schemas.microsoft.com/client/2007" xmlns:php="clr-namespace:PHP.Silverlight; assembly=Bin/PhpNetCore.dll" Width="800" Height="600" Background="White"> <php:PhalangerLoader Source="simpledemo_php.phpx" /> </Canvas> Phalanger: PHP for Silverlight .
    [Show full text]
  • Les Possibilités De Dispersion Et Éléments D'habitat-Refuge Dans Un
    Les possibilités de dispersion et éléments d’habitat-refuge dans un paysage d’agriculture intensive fragmenté par un réseau routier dense : le cas de la petite faune dans la plaine du Bas-Rhin Jonathan Jumeau To cite this version: Jonathan Jumeau. Les possibilités de dispersion et éléments d’habitat-refuge dans un paysage d’agriculture intensive fragmenté par un réseau routier dense : le cas de la petite faune dans la plaine du Bas-Rhin. Ecosystèmes. Université de Strasbourg, 2017. Français. NNT : 2017STRAJ120. tel-01768001 HAL Id: tel-01768001 https://tel.archives-ouvertes.fr/tel-01768001 Submitted on 16 Apr 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UNIVERSITÉ DE STRASBOURG ÉCOLE DOCTORALE 414 UMR7178 – UMR6553 THÈSE présentée par : Jonathan JUMEAU soutenue le : 16 octobre 2017 pour obtenir le grade de : Docteur de l’université de Strasbourg Discipline/ Spécialité : Biologie de la conservation Les possibilités de dispersion et éléments d’habitat-refuge dans un paysage d'agriculture intensive fragmenté par un réseau routier dense : le cas de la petite faune dans la plaine du Bas-Rhin THÈSE dirigée par : Dr. HANDRICH Yves Chargé de recherches, Université de Strasbourg Dr.
    [Show full text]
  • Towards Left Duff S Mdbg Holt Winters Gai Incl Tax Drupal Fapi Icici
    jimportneoneo_clienterrorentitynotfoundrelatedtonoeneo_j_sdn neo_j_traversalcyperneo_jclientpy_neo_neo_jneo_jphpgraphesrelsjshelltraverserwritebatchtransactioneventhandlerbatchinsertereverymangraphenedbgraphdatabaseserviceneo_j_communityjconfigurationjserverstartnodenotintransactionexceptionrest_graphdbneographytransactionfailureexceptionrelationshipentityneo_j_ogmsdnwrappingneoserverbootstrappergraphrepositoryneo_j_graphdbnodeentityembeddedgraphdatabaseneo_jtemplate neo_j_spatialcypher_neo_jneo_j_cyphercypher_querynoe_jcypherneo_jrestclientpy_neoallshortestpathscypher_querieslinkuriousneoclipseexecutionresultbatch_importerwebadmingraphdatabasetimetreegraphawarerelatedtoviacypherqueryrecorelationshiptypespringrestgraphdatabaseflockdbneomodelneo_j_rbshortpathpersistable withindistancegraphdbneo_jneo_j_webadminmiddle_ground_betweenanormcypher materialised handaling hinted finds_nothingbulbsbulbflowrexprorexster cayleygremlintitandborient_dbaurelius tinkerpoptitan_cassandratitan_graph_dbtitan_graphorientdbtitan rexter enough_ram arangotinkerpop_gremlinpyorientlinkset arangodb_graphfoxxodocumentarangodborientjssails_orientdborientgraphexectedbaasbox spark_javarddrddsunpersist asigned aql fetchplanoriento bsonobjectpyspark_rddrddmatrixfactorizationmodelresultiterablemlibpushdownlineage transforamtionspark_rddpairrddreducebykeymappartitionstakeorderedrowmatrixpair_rddblockmanagerlinearregressionwithsgddstreamsencouter fieldtypes spark_dataframejavarddgroupbykeyorg_apache_spark_rddlabeledpointdatabricksaggregatebykeyjavasparkcontextsaveastextfilejavapairdstreamcombinebykeysparkcontext_textfilejavadstreammappartitionswithindexupdatestatebykeyreducebykeyandwindowrepartitioning
    [Show full text]
  • Call C# Dll from Php
    Call c# dll from php click here to download PHP has a built-in Windows-only extension called DOTNET that allows you to www.doorway.ru libraries in a PHP application. Note that you'll need to make sure your assemblies are declared as COM visible: [assembly: ComVisible(true)]. Here are two examples. php $stack = new DOTNET("mscorlib", "System. Build it as dll library output type www.doorway.ru framework ver as target. 4. load it to GAC vA. 5. Get public token from assembly list. 6. Put the token, and the class into php code and let Apache run: php $phpdotnet = new DOTNET("ClassLibraryTestPHP, Version=, Culture=neutral. Net assembly and call its methods and access its properties. $obj = new . exercise to try different type of method signature and calling them in php. www.doorway.ru Code . IMPORTANT NOTE: PHP "caches" the dll library, so every time that the dll library is compiled, the php service should be restarted (restart the apache service). A project of mine requires that I call a dll using php via a COM object call: $obj = new COM("www.doorway.ruObj") or die ("Unable to instantiate the COM!"); This call seems to work ok but the moment I try to call a function from the object using: $result = $obj->put_Name("A") ; none of the code after this. I currently have a classic ASP Web Application, it calls www.doorway.ru dll, setting it up as not easy but its possible. This year we will start moving all the ASP code and MS SQL to MySQL and PHP.
    [Show full text]
  • PHP Programming Language
    PHP Programming Language PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Thu, 17 Jun 2010 01:34:21 UTC Contents Articles Active Agenda 1 Active Calendar 2 Adminer 8 Aigaion 10 Aiki Framework 12 Asido 13 Associate- O- Matic 16 AutoTheme 18 Avactis 19 BakeSale 22 Beehive Forum 23 bitcart 25 BlueErp 29 BuddyPress 30 ccHost 32 Claroline 34 Comparison of knowledge base management software 36 concrete5 42 Coppermine Photo Gallery 44 Croogo 46 DBG 47 Delphi for PHP 47 Doctrine (PHP) 49 Dokeos 52 dotProject 55 User:Drietsch/ pimcore 57 DynPG 58 eAccelerator 59 Elgg (software) 60 EpesiBIM 62 Flash Gallery 64 Flash MP3 Player 66 FluxBB 68 Frog CMS 71 Gallery Project 73 Gamboo Web Suite 75 Gateway Anti- Virus 77 GoogleTap 78 Group- Office 79 Habari 81 Horde (software) 85 HuMo- gen 86 IPBWI 89 Icy Phoenix 91 Ingo (software) 94 Injader 95 Intelestream 96 Internet Messaging Program 98 Invision Power Board 99 ionCube 101 Joomla 103 Joomsef 106 KnowledgeBase Manager Pro 108 List of PHP accelerators 109 List of PHP libraries 112 Magic quotes 113 Mambo (software) 115 Merlintalk 120 MetaBB 122 MiaCMS 123 Midgard (software) 125 Midgard Lite 129 MindTouch Deki 130 Monkey Boards 134 Moodle 135 Moxietype 140 MyBB 141 NETSOFTWARE 144 net2ftp 146 User:Nichescript/ Affiliate Niche Sript 147 Ning (website) 148 NolaPro 152 ORMer 154 ocPortal 155 Open Realty 158 OpenBiblio 159 Opus (content management system) 161 osCommerce 163 PEAR 166 PHP accelerator 167 PHP syntax and semantics 168 PHP/
    [Show full text]
  • The Hiphop Virtual Machine
    The HipHop Virtual Machine Keith Adams Jason Evans Bertrand Maher Guilherme Ottoni Andrew Paroski Brett Simmers Edwin Smith Owen Yamauchi Facebook #"5/+ 4 # 3 '($ # % #$ % # #$ {kma,je,bertrand,ottoni,andrewparoski,bsimmers,smith,oyamauchi}@fb.com "! ) $ ! # $ % ( ( " * ! % + , $ ! . , $ $ 2 1 # $ - # / 0 % ! . / ( , - / $ # Abstract The most popular PHP implementation is a straightfor- The HipHop Virtual Machine (HHVM) is a JIT compiler ward interpreter [25]. While interpreters have the benefits of and runtime for PHP. While PHP values are dynamically simplicity and portability, they incur high CPU overheads. typed, real programs often have latent types that are use- As shown in Section 5, these overheads limit the perfor- ful for optimization once discovered. Some types can be mance of some of the most important and common PHP ap- proven through static analysis, but limitations in the ahead- plications. In this paper, we present the HipHop Virtual Machine of-time approach leave some types to be discovered at run 1 time. And even though many values have latent types, PHP (HHVM), a JIT and runtime for PHP designed with the programs can also contain polymorphic variables and ex- following goals: pressions, which must be handled without catastrophic slow- 1. Compatibility. Run large and complex PHP programs, down. whose development history was unrelated to that of HHVM discovers latent types by structuring its JIT HHVM, without modification. around the concept of a tracelet. A tracelet is approximately 2. High performance. Efficiently map PHP programs to a basic block specialized for a particular set of run-time the hardware, weakening PHP’s flexible primitives to types for its input values.
    [Show full text]
  • Framework Pro Strategické Webové Hry
    Univerzita Karlova v Praze Matematicko-fyzikální fakulta BAKALÁŘSKÁ PRÁCE Jan Pešek Framework pro strategické webové hry Katedra softwarového inženýrství Vedoucí bakalářské práce: Mgr. Miroslav Čermák Studijní program: Informatika Studijní obor: Obecná informatika Praha 2013 Rád bych zde poděkoval svému vedoucímu ročníkového projektu a bakalářské práce Mgr. Miroslavu Čermákovi, za jeho podporu, připomínky, odborné rady a vstřícný přístup během zpracování této práce. Dále bych chtěl poděkovat mému příteli Petru Šiškovi za vytvoření ilustrací pro vzorovou hru. Prohlašuji, že jsem tuto bakalářskou práci vypracoval samostatně a výhradně s použitím citovaných pramenů, literatury a dalších odborných zdrojů. Beru na vědomí, že se na moji práci vztahují práva a povinnosti vyplývající ze zákona č. 121/2000 Sb., autorského zákona v platném znění, zejména skutečnost, že Univerzita Karlova v Praze má právo na uzavření licenční smlouvy o užití této práce jako školního díla podle §60 odst. 1 autorského zákona. V Praze dne ............ Jan Pešek Název práce: Framework pro strategické webové hry Autor: Jan Pešek Katedra: Katedra softwarového inženýrství MFF UK Vedoucí bakalářské práce: Mgr. Miroslav Čermák, Katedra softwarového inženýr- ství MFF UK Abstrakt: Tato bakalářská práce popisuje softwarový projekt, který umožňuje tvorbu internetových tahových her v internetovém prohlížeči s důrazem na upra- vitelnost, tzv. framework. Výsledná aplikace umožňuje snadnou tvorbu tahové hry pro dva hráče, a poskytuje mechanismy pro pokročilou konfiguraci prostřed- nictvím modulů naprogramovaných uživatelem. Součástí projektu je vzorová hra s předdefinovanými daty, ukázkovými moduly a grafickou úpravou. V práci jsou zhodnoceny současné technologie použitelné pro vývoj interaktivních interneto- vých aplikací a diskutovány některé klíčové problémy, na které se při vývoji apli- kace naráží.
    [Show full text]
  • Improving Memory Management for HHVM
    Improving Memory Management Within the HipHop Virtual Machine Timothy Sergeant A thesis submitted in partial fulfilment of the degree of Bachelor of Advanced Computing (Honours) The Australian National University October 2014 c Timothy Sergeant 2014 Except where otherwise indicated, this thesis is my own original work. Timothy Sergeant 24 October 2014 To my parents, Evan and Elizabeth Acknowledgments Firstly, an enormous thank you to my supervisor, Steve Blackburn. Steve’s wealth of knowledge in the area has been endlessly valuable for this project. He was always able to provide useful advice for the problems I was facing, and talking with Steve always left me with renewed vigor for the project. Thank you to the members of the HHVM team at Facebook who I have talked to throughout the year, especially Bert Maher, Guilherme Ottoni and Joel Pobar, who have provided useful insight and speedy answers to my questions. A particular thanks to Joel for giving me the opportunity to experience Silicon Valley. To everyone else in the #hhvm IRC channel: Sorry for spamming you with endless failed build notifications. Thank you to Wayne Tsai and Peter Marshall for providing valuable feedback on draft copies of this thesis, as well as to everyone else in the honours cohort who has helped me throughout the year. Thank you to my housemates, Tom and Wayne, who somehow put up with the decreasing quality of my jokes as my stress level increased. Thank you also to the rest of my friends for being there for me throughout the year. Finally, thank you to my family, Evan, Elizabeth and Steph.
    [Show full text]
  • The Hiphop Compiler for PHP
    The HipHop Compiler for PHP Haiping Zhao Iain Proctor Minghui Yang Xin Qi Mark Williams Qi Gao Guilherme Ottoni ∗ Andrew Paroski Scott MacVicar Jason Evans Stephen Tu † Facebook, Inc. Abstract 1. Introduction Scripting languages are widely used to quickly accomplish General-purpose scripting languages like Perl, Python, PHP, a variety of tasks because of the high productivity they en- Ruby, and Lua have been widely used to quickly accom- able. Among other reasons, this increased productivity re- plish a broad variety of tasks. Although there are several sults from a combination of extensive libraries, fast devel- reasons for the widespread adoption of these languages, the opment cycle, dynamic typing, and polymorphism. The dy- key common factor across all of them is the high program- namic features of scripting languages are traditionally asso- mers’ productivity that they enable [14]. This high produc- ciated with interpreters, which is the approach used to imple- tivity is the result of a number of factors. First, these lan- ment most scripting languages. Although easy to implement, guages typically provide a rich set of libraries, which re- interpreters are generally slow, which makes scripting lan- duce the amount of code that programmers need to write, guages prohibitive for implementing large, CPU-intensive test, and debug. Second, the dynamically-typed nature of applications. This efficiency problem is particularly impor- scripting languages provides flexibility and high degrees of tant for PHP given that it is the most commonly used lan- dynamic polymorphism. Last, and most important, dynamic guage for server-side web development. languages are in general purely interpreted, thus providing This paper presents the design, implementation, and an a fast cycle to modify and test source changes.
    [Show full text]
  • PHP Programming Language
    PHP Programming Language PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Thu, 17 Jun 2010 01:34:21 UTC Contents Articles Active Agenda 1 Active Calendar 2 Adminer 8 Aigaion 10 Aiki Framework 12 Asido 13 Associate- O- Matic 16 AutoTheme 18 Avactis 19 BakeSale 22 Beehive Forum 23 bitcart 25 BlueErp 29 BuddyPress 30 ccHost 32 Claroline 34 Comparison of knowledge base management software 36 concrete5 42 Coppermine Photo Gallery 44 Croogo 46 DBG 47 Delphi for PHP 47 Doctrine (PHP) 49 Dokeos 52 dotProject 55 User:Drietsch/ pimcore 57 DynPG 58 eAccelerator 59 Elgg (software) 60 EpesiBIM 62 Flash Gallery 64 Flash MP3 Player 66 FluxBB 68 Frog CMS 71 Gallery Project 73 Gamboo Web Suite 75 Gateway Anti- Virus 77 GoogleTap 78 Group- Office 79 Habari 81 Horde (software) 85 HuMo- gen 86 IPBWI 89 Icy Phoenix 91 Ingo (software) 94 Injader 95 Intelestream 96 Internet Messaging Program 98 Invision Power Board 99 ionCube 101 Joomla 103 Joomsef 106 KnowledgeBase Manager Pro 108 List of PHP accelerators 109 List of PHP libraries 112 Magic quotes 113 Mambo (software) 115 Merlintalk 120 MetaBB 122 MiaCMS 123 Midgard (software) 125 Midgard Lite 129 MindTouch Deki 130 Monkey Boards 134 Moodle 135 Moxietype 140 MyBB 141 NETSOFTWARE 144 net2ftp 146 User:Nichescript/ Affiliate Niche Sript 147 Ning (website) 148 NolaPro 152 ORMer 154 ocPortal 155 Open Realty 158 OpenBiblio 159 Opus (content management system) 161 osCommerce 163 PEAR 166 PHP accelerator 167 PHP syntax and semantics 168 PHP/
    [Show full text]