The Model-View-Controller (MVC) design architecture is a computer software application design architecture in which those elements of a computer software application that present data to an application user or receive input from the user (i.e., the “user interface” or “presentation layer”), referred to as the application “view”, are separated from those elements of the application that access stored data and process and transform data (i.e., the “business logic layer” or “domain layer”), referred to as the application “model”. In the MVC architecture, a “controller” determines when control of the application during its execution is passed to a view element or a model element.
Static analysis is often performed on computer software application source code to identify issues such as logic errors and security vulnerabilities. However, traditional static analysis techniques do not provide sufficiently precise results for MVC-based applications where the controller logic is external to the application source code, as the controller logic is either approximated in an overly-conservative manner, thereby creating invalid control-flow paths between the model and the view layers, or an under-approximation is used, in which case certain valid flows are simply ignored.