Static program analysis: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 10:26, 29 November 2024 edit 96.55.138.35 (talk) →Formal methods: nuil reference analysis ← Previous edit		Latest revision as of 22:14, 29 May 2025 edit undo GreenC bot (talk \| contribs) Bots 3,051,498 edits Move 1 url. Wayback Medic 2.5 per WP:URLREQ#fda.gov
(One intermediate revision by one other user not shown)
Line 1: {{Short description\|Analysis of computer programs without executing them}} {{Software development process}} In [[computer science]], '''static program analysis''' (also known as '''static analysis''' or '''static simulation''') is the [[program analysis\|analysis]] of computer programs performed without executing them, in contrast with [[dynamic program analysis]], which is performed on programs during their execution in the integrated environment.<ref>{{cite journal \|archive-url=https://web.archive.org/web/20110927010304/http://www.ida.liu.se/~TDDC90/papers/industrial95.pdf \|archive-date=2011-09-27 \| title=Industrial Perspective on Static Analysis. \|journal=Software Engineering Journal \|date=Mar 1995 \|pages=69–75 \|last1=Wichmann \|first1=B. A. \|first2=A. A. \|last2=Canning \|first3=D. L. \|last3=Clutterbuck \|first4=L. A. \|last4=Winsbarrow \|first5=N. J. \|last5=Ward \|first6=D. W. R. \|last6=Marsh \|volume=10 \|issue=2 \|doi=10.1049/sej.1995.0010 \|url=http://www.ida.liu.se/~TDDC90/papers/industrial95.pdf}}</ref><ref>{{Cite journal\|last1=Egele\|first1=Manuel\|last2=Scholte\|first2=Theodoor\|last3=Kirda\|first3=Engin\|last4=Kruegel\|first4=Christopher\|date=2008-03-05\|title=A survey on automated dynamic malware-analysis techniques and tools\|url=https://doi.org/10.1145/2089125.2089126\|journal=ACM Computing Surveys\|volume=44\|issue=2\|pages=6:1–6:42\|doi=10.1145/2089125.2089126\| s2cid=1863333 \|issn=0360-0300\|url-access=subscription}}</ref> The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding", [[program comprehension]], or [[code review]]. In the last of these, [[software inspection]] and [[software walkthrough]]s are also used. In most cases the analysis is performed on some version of a program's [[source code]], and, in other cases, on some form of its [[object code]]. == Rationale == The sophistication of the analysis performed by tools varies from those that only consider the behaviour of individual statements and declarations,<ref>{{Cite journal\|last1=Khatiwada\|first1=Saket\|last2=Tushev\|first2=Miroslav\|last3=Mahmoud\|first3=Anas\|date=2018-01-01\|title=Just enough semantics: An information theoretic approach for IR-based software bug localization\|url=https://linkinghub.elsevier.com/retrieve/pii/S0950584916302269\|journal=Information and Software Technology\|language=en\|volume=93\|pages=45–57\|doi=10.1016/j.infsof.2017.08.012\|url-access=subscription}}</ref> to those that include the complete [[source code]] of a program in their analysis. The uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the [[lint programming tool\|lint]] tool) to [[formal methods]] that mathematically prove properties about a given program (e.g., its behaviour matches that of its specification). [[Software metric]]s and [[reverse engineering]] can be described as forms of static analysis. Deriving software metrics and static analysis are increasingly deployed together, especially in creation of embedded systems, by defining so-called ''software quality objectives''.<ref>[http://web1.see.asso.fr/erts2010/Site/0ANDGY78/Fichier/PAPIERS%20ERTS%202010/ERTS2010_0035_final.pdf "Software Quality Objectives for Source Code"] {{webarchive\|url=https://web.archive.org/web/20150604203133/http://web1.see.asso.fr/erts2010/Site/0ANDGY78/Fichier/PAPIERS%20ERTS%202010/ERTS2010_0035_final.pdf \|date=2015-06-04 }} (PDF). ''Proceedings: Embedded Real Time Software and Systems 2010 Conference'', ERTS2010.org, Toulouse, France: Patrick Briand, Martin Brochet, Thierry Cambois, Emmanuel Coutenceau, Olivier Guetta, Daniel Mainberte, Frederic Mondot, Patrick Munier, Loic Noury, Philippe Spozio, Frederic Retailleau.</ref> Line 13: locating potentially [[Vulnerability (computing)\|vulnerable]] code.<ref>[http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/thesis.pdf ''Improving Software Security with Precise Static and Runtime Analysis''] {{webarchive\|url=https://web.archive.org/web/20110605125310/http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/thesis.pdf \|date=2011-06-05 }} (PDF), Benjamin Livshits, section 7.3 "Static Techniques for Security". Stanford doctoral thesis, 2006.</ref> For example, the following industries have identified the use of static code analysis as a means of improving the quality of increasingly sophisticated and complex software: # [[Medical software]]: The US [[Food and Drug Administration]] (FDA) has identified the use of static analysis for medical devices.<ref>{{cite web \|title = Infusion Pump Software Safety Research at FDA \|author = FDA \|publisher = Food and Drug Administration \|date = 2010-09-08 \|url = https://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/InfusionPumps/ucm202511.htm \|access-date = 2010-09-09 \|url-status = ~~live~~dead \|archive-url = https://web.archive.org/web/20100901084658/https://www.fda.gov/MedicalDevices/ProductsandMedicalProcedures/GeneralHospitalDevicesandSupplies/InfusionPumps/ucm202511.htm \|archive-date = 2010-09-01 }}</ref> # Nuclear software: In the UK the Office for Nuclear Regulation (ONR) recommends the use of static analysis on [[reactor protection system]]s.<ref>Computer based safety systems - technical guidance for assessing software aspects of digital computer based protection systems, {{cite web \| title = Computer based safety systems \| url=http://www.hse.gov.uk/nuclear/operational/tech_asst_guides/tast046.pdf \| archive-url=http://webarchive.nationalarchives.gov.uk/20130104193206/http://www.hse.gov.uk/nuclear/operational/tech_asst_guides/tast046.pdf \| url-status=dead \| archive-date=January 4, 2013 \|access-date=May 15, 2013 }}</ref> # Aviation software (in combination with [[Dynamic program analysis\|dynamic analysis]]).<ref>[http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/cast/cast_papers/media/cast-9.pdf Position Paper CAST-9. Considerations for Evaluating Safety Engineering Approaches to Software Assurance] {{webarchive\|url=https://web.archive.org/web/20131006134233/http://www.faa.gov/aircraft/air_cert/design_approvals/air_software/cast/cast_papers/media/cast-9.pdf \|date=2013-10-06 }} // FAA, Certification Authorities Software Team (CAST), January, 2002: "Verification. A combination of both static and dynamic analyses should be specified by the applicant/developer and applied to the software."</ref> Line 57: == Remediation == Static analyzers produce warnings. For certain types of warnings, it is possible to design and implement [[Automatic bug fixing\|automated remediation]] techniques. For example, Logozzo and Ball have proposed automated remediations for C# ''cccheck''.<ref>{{Cite journal \|last1=Logozzo \|first1=Francesco \|last2=Ball \|first2=Thomas \|date=2012-11-15 \|title=Modular and verified automatic program repair \|url=http://dx.doi.org/10.1145/2398857.2384626 \|journal=ACM SIGPLAN Notices \|volume=47 \|issue=10 \|pages=133–146 \|doi=10.1145/2398857.2384626 \|issn=0362-1340\|url-access=subscription }}</ref> == See also ==