静态和动态代码分析 [英] static and dynamic code analysis
问题描述
我发现了有关该主题的几个问题,所有这些问题都有大量参考文献,但是我仍然对此没有一个清晰的主意,因为大多数参考文献都是关于具体工具的,而不是关于一般工具的概念的。分析。因此,我有一些问题:
I found several questions about this topic, and all of them with lot of references, but still I don't have a clear idea about that, because most of the references speak about concrete tools and not about the concept in general of the analysis. Thus I have some questions:
关于静态分析:
1.我想参考一下,或者总结一下哪些技术成功并且有更多的技术当今的相关性。
2.他们真正可以发现错误,我们可以做一个总结还是取决于工具吗?
About Static analysis: 1. I would like to have a reference, or a summary of which techniques are successful and have more relevance nowadays. 2. What really can they do about discovering bugs, can we make a summary or it is depending of the tool?
关于符号执行:
1.在哪里可以包含符号执行?我想根据方法的不同,我想知道
是动态分析还是静态和动态分析的混合,是否有可能确定。
About symbolic execution: 1. Where could be enclose symbolic execution? I guess depending of the approach, I would like to know if they are dynamic analysis, or mix of static and dynamic analysis if it is possible to determine.
我发现了区分工具中两种不同技术的问题,即使我认为我也知道理论上的差异。
I found problems to differentiated the two different techniques in the tools, even I think I know the theoretical difference.
我实际上正在与C
一起工作
I'm actually working with C Thanks in advance
推荐答案
我想给出一个简短的答案:
I'm trying to give a short answer:
静态分析着眼于代码的语法结构,并得出有关程序行为的结论。这些结论不一定总是正确的。
Static analysis looks at the syntactical structure of code and draws conclusions about the program behavior. These conclusions must not always be correct.
静态分析的一个典型示例是数据流分析,您可以在其中计算使用过的 ,读取,写入。这将有助于找到例如未初始化的值。
A typical example of static analysis is data flow analysis, where you compute sets like used, read, write for every statement. This will help to find e.g. uninitialized values.
您还可以分析有关代码模式的代码。这样,这些工具可用于检查您是否符合特定的编码标准。 MISRA是一个著名的编码标准示例。该编码标准用于安全关键型系统,避免了C语言中的构造问题。通过这种方式,您已经可以说出很多应用程序针对内存泄漏,指针悬垂等的鲁棒性。
You can also analyze the code regarding code-patterns. This way, these tools can be used to check if you are complying to a specific coding standard. A prominent coding standard example is MISRA. This coding standard is used for safety critical systems and avoids problematic constructs in C. This way you can already say a lot about the robustness of your applications against memory leaks, dangling pointers, etc.
动态分析并不仅考虑语法,还考虑了状态信息。在符号执行中,您将对所有变量的可能值添加到语句中。
Dynamic analysis is not looking at the syntax only, but takes state information into account. In symbolic execution, you are adding assumptions about the possible values of all variables to the statements.
动态分析中最昂贵,最强大的方法是模型检查,其中查看系统的所有可能执行状态。您可以将模型检查的系统视为经过100%覆盖率测试的系统-但是当然,存在许多实际问题,无法以这种方式检查实际系统。
The most expensive and powerful method of dynamic analysis is model checking, where you really look at all possible execution states of the system. You can think of a model checked system as a system that is tested with 100% coverage - but there are of course a lot of practical problems that prevent real systems to be checked that way.
这些方法非常强大,您可以从静态代码分析工具中受益匪浅,尤其是与良好的编码标准结合使用时。
These methods are very powerful, and you can gain a lot from the static code analysis tools especially when combined with a good coding standard.
我的软件具有功能团队发现真正令人印象深刻的是例如当带有虚拟方法的类没有虚拟析构函数时,它将在C ++中告诉您。
A feature my software team found really impressive is e.g. that it will tell you in C++ when a class with virtual methods does not have a virtual destructor. Easy to check in fact, but really helpful.
商业工具非常昂贵,但是一旦您学会了如何使用它们,就值得了。一开始的典型问题是,您会收到很多错误警报,并且不知道在哪里查找真正的问题。
The commercial tools are very expensive, but worth the money, once you learned how to use them. A typical problem in the beginning is that you will get a lot of false alarms, and don't know where to look for the real problem.
请注意,当今g ++已
Note that nowadays g++ has some of this stuff already built-in, and that you can use something like pclint which is free.
对不起-这个东西已经很长了...希望它很有趣
Sorry - this is already getting quite long...hope it's interesting.
这篇关于静态和动态代码分析的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
