静态分析和符号执行中的错误检测 [英] error detection in static analysis and symbolic execution
问题描述
静态分析(例如编译器)可以检测到哪些类型的错误而符号执行不能检测到哪些错误?以及符号执行可以检测到静态分析无法检测到的错误类型是什么?例如符号执行可以检测语法错误吗?
what kind of errors static analysis (e.g. compiler) can detect and symbolic execution can not detect? and what kind of errors that symbolic execution can detect and static analysis can not detect? for example can symbolic execution detect syntax errors?
推荐答案
简而言之,静态分析能够发现编码问题,例如不良做法.例如,如果您(不必要地)将类字段声明为公共字段,静态分析工具可能会警告您应该将此类字段声明为私有字段.然而,最干净"的代码不一定没有错误.尽管在某些代码中没有发现任何不当行为,但代表编码器的不正确推理可能会导致(稍后)运行时崩溃.
In short, static analysis is capable of spotting coding issues, such as bad practices. For example, if you declare (unnecessarily) a class field as public, a static analysis tool may warn you that such field should be declared as private. However, the "cleanest" code is not necessarily bug free. Although, no malpractices can be found in some code, an incorrect reasoning on behalf of the coder may lead (later) to a crash in runtime.
例如,如果我们开发干净的代码来实现计算器,那么静态分析工具不会输出任何警告,但是如果我们忘记验证输入以防止用户尝试除以零,那么我们的计算器最终会在运行时崩溃.
For example, if we develop clean code to implement a calculator, then a static analysis tool does not output any warning, however if we forget to verify the input to prevent the user from attempting a division by zero, then the our calculator would eventually crash in runtime.
另一方面,Symbolic(或Concolic)执行执行目标程序,因此它们有可能实现程序的任何可能的运行时执行状态,例如由错误引起的运行时错误.在上述计算器示例中,符号执行会发现运行时故障,还会告诉我们哪些输入会导致此类故障.回答你的最后一个问题,符号执行并不意味着检查代码的质量.
On the other hand, Symbolic (or Concolic) execution executes the target program, hence they have the potential to achieve any possible runtime execution state of the program, such as inducing a runtime error caused by a bug. In the above-described calculator example, symbolic execution would find the runtime failure and would also tell us which inputs induce such failure. To answer your last question, symbolic execution is not meant to inspect the quality of the code.
理想情况下,我们应该在发布软件之前同时使用两者.
Ideally, we should use both before releasing the software.
这篇关于静态分析和符号执行中的错误检测的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!