Programming Languages
- 命令式编程语言(C++,Java)
- 函数式编程语言(Js,Pascal,Python)
- 逻辑式编程语言/声明式编程语言()
Why We Need Static Analysis
- Program Reliability
- Null pointer dereference
- memory leak
- etc…
- Program Security
- Private information leak
- injection attack
- etc…
- Compiler Optimization
- Dead code elimination 死代码清除
- code motion
- etc…
- Program Understanding
- IDE call hierarchy
- type indication
- etc…
Unfortunately, by Rice’s Theorem, there is no such approach to determine whether P satisfies such non-trivial properties, i.e., giving exact answer: Yes or No
- Compromise soundness (false negatives) 漏报
- Compromise completeness (false positives) 误报
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EdNh9Ccq-1666225318054)(…/…/…/…/…/…/AppData/Roaming/Typora/typora-user-images/image-20220722224103692.png)]
Static Analysis — Bird‘ s Eye View
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-II0mm2tY-1666225318054)(D:/tengxun/709034836/FileRecv/E316C0F1C7AAF56C9096CA3026FCD6FA.png)]
Static Analysis: ensure (or get close to) soundness, while making good trade-offs between analysis precision and analysis speed
Two Words to Conclude Static Analysis
- Abstraction
- Over-approximation
- Transfer functions
- Control flows
抽象 + 近似
Abstraction
Over-approximation
Transfer Functions
- In static anaysis , transfer functions define how to evaluate different program statements on abstract values.
- Transfer functions are defined according to “analysis problem” and the “semantics” of different program statements.
Control flows
控制流