Automated Repair of HTML Generation Errors in PHP Applications Using String Constraint Solving
34th International Conference on Software Engineering (ICSE 2012), Zurich, Switzerland, June 2-9, 2012.
Hesam Samimi, Max Schäfer, Shay Artzi, Todd Millstein, Frank Tip, Laurie Hendren
PHP web applications routinely generate invalid
HTML. Modern browsers silently correct HTML errors, but
sometimes malformed pages render inconsistently, cause browser
crashes, or expose security vulnerabilities. Fixing errors in
generated pages is usually straightforward, but repairing the
generating PHP program can be much harder. We observe that
malformed HTML is often produced by incorrect constant prints,
i.e., statements that print string literals, and present two
tools for automatically repairing such HTML generation
errors. PHPQuickFix repairs simple bugs by statically analyzing
individual prints. PHPRepair handles more general repairs using
a dynamic approach. Based on a test suite, the property that all
tests should produce their expected output is encoded as a
string constraint over variables representing constant
prints. Solving this constraint describes how constant prints
must be modified to make all tests pass. Both tools were
implemented as an Eclipse plugin and evaluated on PHP programs
containing hundreds of HTML generation errors, most of which our
tools were able to repair automatically.
[PDF | Project Page]