软件动态分析喝静态分析_进行静态分析时，动态分析有什么用？

软件动态分析喝静态分析

Our team writes a lot about the usefulness of static analysis and the benefits it brings to your projects. We like to run our tool on various open-source projects to find possible bugs, which is our way to popularize the static code analysis method. In its turn, static analysis helps to make programs more high-quality and reliable and reduce the number of potential vulnerabilities. Perhaps everyone who is directly involved in work on source code has that feeling of satisfaction at having bugs fixed. But even if the process of successfully spotting (and fixing) bugs doesn't trigger your endorphins, you surely enjoy the thought of having development expenses reduced thanks to the static analyzer, which has helped your programmers use their time more effectively and efficiently. To find out more about how you can benefit from the use of static analysis in terms of money, see this article. It gives an approximate estimate for PVS-Studio, but those results can be extrapolated to other static analysis tools available on market.

我们的团队撰写了大量有关静态分析的有用性及其为您的项目带来的好处的文章。 我们喜欢在各种开源项目上运行我们的工具，以发现可能的错误，这是我们推广静态代码分析方法的方式。 反过来，静态分析有助于使程序更优质，更可靠，并减少潜在漏洞的数量。 也许每个直接从事源代码工作的人都对修复错误感到满意。 但是，即使成功发现(和修复)错误的过程没有触发您的内啡肽，您也一定会喜欢使用静态分析器来减少开发费用的想法，这有助于您的程序员更有效地利用他们的时间。 要了解更多有关如何从金钱上使用静态分析的好处，请参阅本文 。 它提供了PVS-Studio的近似估算值，但这些结果可以推断到市场上可用的其他静态分析工具中。

All said above seems to suggest that the purpose of static analysis is to find bugs in the source code as early as possible, thus reducing the expenses on bug fixing. But why do we need dynamic analysis then, and why sticking only to one of the two techniques may be insufficient? Let's give more formal and clear definitions of static and dynamic analyses and try to answer these questions.

以上所述似乎暗示了静态分析的目的是尽早发现源代码中的错误，从而减少了错误修复的费用。 但是，为什么我们需要动态分析，为什么仅坚持两种技术之一可能不够用呢？ 让我们给出静态和动态分析的更正式，更清晰的定义，并尝试回答这些问题。

Static code analysis is the process of detecting errors and code smells in software's source code. To analyze a program, you don't need to execute it; the analysis will be performed on the available code base. The closest analogy to static analysis is the so called code review except that static analysis is an automated version of code review (i.e. performed by a bot program).

静态代码分析是检测软件源代码中的错误和代码味道的过程。 要分析程序，您无需执行它。 分析将在可用代码库上进行。 与静态分析最接近的类比是所谓的代码审查，除了静态分析是代码审查的自动版本(即由bot程序执行)。

The main pros of static analysis:

静态分析的主要优点：

1. Bug detection at the early development stages. This helps to make bug fixing much cheaper because the earlier a defect is detected, the easier — and, therefore, the cheaper — it is to fix.
   在早期开发阶段进行错误检测。 这有助于使错误修复便宜得多，因为发现缺陷的时间越早，修复起来就越容易-因此也就便宜了。
2. It allows you to precisely locate the potential bug in the source code.
   它使您可以在源代码中精确定位潜在的错误。
3. Full code coverage. No matter how often one block of code