The PHP AiR framework is currently being developed to support software metrics, empirical software engineering, and program analysis for real-world PHP systems. While most of the work on program analysis has focused on static analysis, to help address the dynamic nature of the language we have also started to extend PHP AiR with support for dynamic program analysis. This extended abstract highlights two parts of this support: integration with xdebug for trace analysis, and instrumentation of an open-source PHP interpreter with a focus on supporting string origins, allowing us to explore how strings are created in security-sensitive areas such as database calls and HTML generation.

Mark graduated from the University of Illinois at Urbana-Champaign in 2009. His thesis focused on using rewriting logic semantics, a form of programming language semantics, to create language prototypes and to define program analysis and verification tools.

From 2009 to 2013 Mark was a postdoc at CWI, the Dutch National Math and Computer Science research center. As part of the Software Analysis and Transformation group he developed tools and analysis techniques for dynamic programming languages and automated refactoring. He was (and remains) an active participant in the Rascal project (rascal-mpl.org), which is focused on developing a meta-programming language for software analysis, software transformation, and DSL development.

Mark joined East Carolina University in 2013 as an Assistant Professor in the Department of Computer Science, where he teaches courses in programming languages and software engineering. He is working with students on a number of topics related to analysis of dynamic languages, empirical software engineering, and domain-specific languages for big data applications and for mobile application development.