troels knak-nielsen:
> If taint-mode is intended for testing only, it would never be
> something, which was turned on per default. Then maybe a tool such as
> php-sat ( http://www.program-transformation.org/PHP/PhpSat ) is a
> better solution? It seems to me like there is a rather big overlap
> between the projects.
php-sat does static analysis. With static analysis one looks at
source code without executing it. This is a fundamentally different
approach than run-time taint analysis (which executes PHP code).
Each approach has its strong and weak points.
Static analysis can examine code paths that rarely execute, but
its understanding of those code paths is necessarily limited.
Run-time analysis is limited to code paths that actually execute.
It proves more of its value when it can be left turned on, and this
is why I am paying attention to performance.
Wietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
