Data Flow Analysis

Data flow analysis is a static analysis technique that tracks how data values move through a program. It follows variables from the point where they are defined or assigned to the points where they are used.

Common data flow problems include:

  • Reaching definitions: which assignments of a variable can reach a given use

  • Live variables: which variables hold values that may still be used later

  • Taint analysis: whether user-supplied data can reach a sensitive sink without sanitisation

  • Type inference: propagating known type information across the program

  • Null propagation: detecting paths where a null value is used without a check

Data flow analysis requires a control flow graph. It is foundational for security tools that detect injection vulnerabilities and for compilers that optimise code.

<?php

function process(string $input): string {
    $sanitized = htmlspecialchars($input, ENT_QUOTES, 'UTF-8');
    // Data flow analysis confirms $sanitized is safe to echo
    return $sanitized;
}

function unsafe(string $input): void {
    // Data flow analysis flags $input as tainted at this sink
    echo $input;
}

?>

Documentation

See also Data-flow analysis — Wikipedia.

Related : Control Flow Analysis, Control Flow Graph, Taint Analysis, Analysis, Static Application Security Testing (SAST), SQL Injection, Cross Site Scripting (XSS), Lexical Analysis, Semantic Analysis, Symbolic Analysis, Pattern-Based Analysis