fbpx
Wikipedia

Static program analysis

April 26, 2024

In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.[1][2]

The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding", program comprehension, or code review. In the last of these, software inspection and software walkthroughs are also used. In most cases the analysis is performed on some version of a program's source code, and, in other cases, on some form of its object code.

Rationale edit

The sophistication of the analysis performed by tools varies from those that only consider the behaviour of individual statements and declarations,[3] to those that include the complete source code of a program in their analysis. The uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the lint tool) to formal methods that mathematically prove properties about a given program (e.g., its behaviour matches that of its specification).

Software metrics and reverse engineering can be described as forms of static analysis. Deriving software metrics and static analysis are increasingly deployed together, especially in creation of embedded systems, by defining so-called software quality objectives.[4]

A growing commercial use of static analysis is in the verification of properties of software used in safety-critical computer systems and locating potentially vulnerable code.[5] For example, the following industries have identified the use of static code analysis as a means of improving the quality of increasingly sophisticated and complex software:

  1. Medical software: The US Food and Drug Administration (FDA) has identified the use of static analysis for medical devices.[6]
  2. Nuclear software: In the UK the Office for Nuclear Regulation (ONR) recommends the use of static analysis on reactor protection systems.[7]
  3. Aviation software (in combination with dynamic analysis).[8]
  4. Automotive & Machines (functional safety features form an integral part of each automotive product development phase, ISO 26262, section 8).

A study in 2012 by VDC Research reported that 28.7% of the embedded software engineers surveyed use static analysis tools and 39.7% expect to use them within 2 years.[9] A study from 2010 found that 60% of the interviewed developers in European research projects made at least use of their basic IDE built-in static analyzers. However, only about 10% employed an additional other (and perhaps more advanced) analysis tool.[10]

In the application security industry the name static application security testing (SAST) is also used. SAST is an important part of Security Development Lifecycles (SDLs) such as the SDL defined by Microsoft[11] and a common practice in software companies.[12]

Tool types edit

The OMG (Object Management Group) published a study regarding the types of software analysis required for software quality measurement and assessment. This document on "How to Deliver Resilient, Secure, Efficient, and Easily Changed IT Systems in Line with CISQ Recommendations" describes three levels of software analysis.[13]

Unit Level
Analysis that takes place within a specific program or subroutine, without connecting to the context of that program.
Technology Level
Analysis that takes into account interactions between unit programs to get a more holistic and semantic view of the overall program in order to find issues and avoid obvious false positives.
System Level
Analysis that takes into account the interactions between unit programs, but without being limited to one specific technology or programming language.

A further level of software analysis can be defined.

Mission/Business Level
Analysis that takes into account the business/mission layer terms, rules and processes that are implemented within the software system for its operation as part of enterprise or program/mission layer activities. These elements are implemented without being limited to one specific technology or programming language and in many cases are distributed across multiple languages, but are statically extracted and analyzed for system understanding for mission assurance.

Formal methods edit

Main article: Formal methods

Formal methods is the term applied to the analysis of software (and computer hardware) whose results are obtained purely through the use of rigorous mathematical methods. The mathematical techniques used include denotational semantics, axiomatic semantics, operational semantics, and abstract interpretation.

By a straightforward reduction to the halting problem, it is possible to prove that (for any Turing complete language), finding all possible run-time errors in an arbitrary program (or more generally any kind of violation of a specification on the final result of a program) is undecidable: there is no mechanical method that can always answer truthfully whether an arbitrary program may or may not exhibit runtime errors. This result dates from the works of Church, Gödel and Turing in the 1930s (see: Halting problem and Rice's theorem). As with many undecidable questions, one can still attempt to give useful approximate solutions.

Some of the implementation techniques of formal static analysis include:[14]

  • Abstract interpretation, to model the effect that every statement has on the state of an abstract machine (i.e., it 'executes' the software based on the mathematical properties of each statement and declaration). This abstract machine over-approximates the behaviours of the system: the abstract system is thus made simpler to analyze, at the expense of incompleteness (not every property true of the original system is true of the abstract system). If properly done, though, abstract interpretation is sound (every property true of the abstract system can be mapped to a true property of the original system).[15]
  • Data-flow analysis, a lattice-based technique for gathering information about the possible set of values;
  • Hoare logic, a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs. There is tool support for some programming languages (e.g., the SPARK programming language (a subset of Ada) and the Java Modeling Language—JML—using ESC/Java and ESC/Java2, Frama-C WP (weakest precondition) plugin for the C language extended with ACSL (ANSI/ISO C Specification Language) ).
  • Model checking, considers systems that have finite state or may be reduced to finite state by abstraction;
  • Symbolic execution, as used to derive mathematical expressions representing the value of mutated variables at particular points in the code.

Data-driven static analysis edit

Data-driven static analysis uses large amounts of code to infer coding rules.[16][better source needed] For instance, one can use all Java open-source packages on GitHub to learn a good analysis strategy. The rule inference can use machine learning techniques.[17] It is also possible to learn from a large amount of past fixes and warnings.[16][better source needed]

Remediation edit

Static analyzers produce warnings. For certain types of warnings, it is possible to design and implement automated remediation techniques. For example, Logozzo and Ball have proposed automated remediations for C# cccheck.[18]

See also edit

References edit

  1. ^ Wichmann, B. A.; Canning, A. A.; Clutterbuck, D. L.; Winsbarrow, L. A.; Ward, N. J.; Marsh, D. W. R. (Mar 1995). (PDF). Software Engineering Journal. 10 (2): 69–75. doi:10.1049/sej.1995.0010. Archived from the original (PDF) on 2011-09-27.
  2. ^ Egele, Manuel; Scholte, Theodoor; Kirda, Engin; Kruegel, Christopher (2008-03-05). "A survey on automated dynamic malware-analysis techniques and tools". ACM Computing Surveys. 44 (2): 6:1–6:42. doi:10.1145/2089125.2089126. ISSN 0360-0300. S2CID 1863333.
  3. ^ Khatiwada, Saket; Tushev, Miroslav; Mahmoud, Anas (2018-01-01). "Just enough semantics: An information theoretic approach for IR-based software bug localization". Information and Software Technology. 93: 45–57. doi:10.1016/j.infsof.2017.08.012.
  4. ^ "Software Quality Objectives for Source Code" 2015-06-04 at the Wayback Machine (PDF). Proceedings: Embedded Real Time Software and Systems 2010 Conference, ERTS2010.org, Toulouse, France: Patrick Briand, Martin Brochet, Thierry Cambois, Emmanuel Coutenceau, Olivier Guetta, Daniel Mainberte, Frederic Mondot, Patrick Munier, Loic Noury, Philippe Spozio, Frederic Retailleau.
  5. ^ Improving Software Security with Precise Static and Runtime Analysis 2011-06-05 at the Wayback Machine (PDF), Benjamin Livshits, section 7.3 "Static Techniques for Security". Stanford doctoral thesis, 2006.
  6. ^ FDA (2010-09-08). "Infusion Pump Software Safety Research at FDA". Food and Drug Administration. from the original on 2010-09-01. Retrieved 2010-09-09.
  7. ^ Computer based safety systems - technical guidance for assessing software aspects of digital computer based protection systems, "Computer based safety systems" (PDF). Archived from the original (PDF) on January 4, 2013. Retrieved May 15, 2013.
  8. ^ Position Paper CAST-9. Considerations for Evaluating Safety Engineering Approaches to Software Assurance 2013-10-06 at the Wayback Machine // FAA, Certification Authorities Software Team (CAST), January, 2002: "Verification. A combination of both static and dynamic analyses should be specified by the applicant/developer and applied to the software."
  9. ^ VDC Research (2012-02-01). "Automated Defect Prevention for Embedded Software Quality". VDC Research. from the original on 2012-04-11. Retrieved 2012-04-10.
  10. ^ Prause, Christian R., René Reiners, and Silviya Dencheva. "Empirical study of tool support in highly distributed research projects." Global Software Engineering (ICGSE), 2010 5th IEEE International Conference on. IEEE, 2010 http://ieeexplore.ieee.org/ielx5/5581168/5581493/05581551.pdf
  11. ^ M. Howard and S. Lipner. The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, 2006. ISBN 978-0735622142
  12. ^ Achim D. Brucker and Uwe Sodan. Deploying Static Application Security Testing on a Large Scale 2014-10-21 at the Wayback Machine. In GI Sicherheit 2014. Lecture Notes in Informatics, 228, pages 91-101, GI, 2014.
  13. ^ "OMG Whitepaper | CISQ - Consortium for Information & Software Quality" (PDF). (PDF) from the original on 2013-12-28. Retrieved 2013-10-18.
  14. ^ Vijay D’Silva; et al. (2008). "A Survey of Automated Techniques for Formal Software Verification" (PDF). Transactions On CAD. (PDF) from the original on 2016-03-04. Retrieved 2015-05-11.
  15. ^ Jones, Paul (2010-02-09). . Embedded Systems Design. Archived from the original on July 10, 2011. Retrieved 2010-09-09.
  16. ^ a b "Learning from other's mistakes: Data-driven code analysis". www.slideshare.net. 13 April 2015.
  17. ^ Oh, Hakjoo; Yang, Hongseok; Yi, Kwangkeun (2015). "Learning a strategy for adapting a program analysis via bayesian optimisation". Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications - OOPSLA 2015. pp. 572–588. doi:10.1145/2814270.2814309. ISBN 9781450336895. S2CID 13940725.
  18. ^ Logozzo, Francesco; Ball, Thomas (2012-11-15). "Modular and verified automatic program repair". ACM SIGPLAN Notices. 47 (10): 133–146. doi:10.1145/2398857.2384626. ISSN 0362-1340.

Further reading edit

  • Ayewah, Nathaniel; Hovemeyer, David; Morgenthaler, J. David; Penix, John; Pugh, William (2008). "Using Static Analysis to Find Bugs". IEEE Software. 25 (5): 22–29. CiteSeerX 10.1.1.187.8985. doi:10.1109/MS.2008.130. S2CID 20646690.
  • Brian Chess, Jacob West (Fortify Software) (2007). Secure Programming with Static Analysis. Addison-Wesley. ISBN 978-0-321-42477-8.
  • Flemming Nielson; Hanne R. Nielson; Chris Hankin (2004-12-10). Principles of Program Analysis (1999 (corrected 2004) ed.). Springer. ISBN 978-3-540-65410-0.
  • "Abstract interpretation and static analysis," International Winter School on Semantics and Applications 2003, by David A. Schmidt

April 26, 2024
static, program, analysis, computer, science, static, program, analysis, also, known, static, analysis, static, simulation, analysis, computer, programs, performed, without, executing, them, contrast, with, dynamic, program, analysis, which, performed, program. In computer science static program analysis also known as static analysis or static simulation is the analysis of computer programs performed without executing them in contrast with dynamic program analysis which is performed on programs during their execution in the integrated environment 1 2 The term is usually applied to analysis performed by an automated tool with human analysis typically being called program understanding program comprehension or code review In the last of these software inspection and software walkthroughs are also used In most cases the analysis is performed on some version of a program s source code and in other cases on some form of its object code Contents 1 Rationale 2 Tool types 3 Formal methods 4 Data driven static analysis 5 Remediation 6 See also 7 References 8 Further readingRationale editThe sophistication of the analysis performed by tools varies from those that only consider the behaviour of individual statements and declarations 3 to those that include the complete source code of a program in their analysis The uses of the information obtained from the analysis vary from highlighting possible coding errors e g the lint tool to formal methods that mathematically prove properties about a given program e g its behaviour matches that of its specification Software metrics and reverse engineering can be described as forms of static analysis Deriving software metrics and static analysis are increasingly deployed together especially in creation of embedded systems by defining so called software quality objectives 4 A growing commercial use of static analysis is in the verification of properties of software used in safety critical computer systems and locating potentially vulnerable code 5 For example the following industries have identified the use of static code analysis as a means of improving the quality of increasingly sophisticated and complex software Medical software The US Food and Drug Administration FDA has identified the use of static analysis for medical devices 6 Nuclear software In the UK the Office for Nuclear Regulation ONR recommends the use of static analysis on reactor protection systems 7 Aviation software in combination with dynamic analysis 8 Automotive amp Machines functional safety features form an integral part of each automotive product development phase ISO 26262 section 8 A study in 2012 by VDC Research reported that 28 7 of the embedded software engineers surveyed use static analysis tools and 39 7 expect to use them within 2 years 9 A study from 2010 found that 60 of the interviewed developers in European research projects made at least use of their basic IDE built in static analyzers However only about 10 employed an additional other and perhaps more advanced analysis tool 10 In the application security industry the name static application security testing SAST is also used SAST is an important part of Security Development Lifecycles SDLs such as the SDL defined by Microsoft 11 and a common practice in software companies 12 Tool types editThe OMG Object Management Group published a study regarding the types of software analysis required for software quality measurement and assessment This document on How to Deliver Resilient Secure Efficient and Easily Changed IT Systems in Line with CISQ Recommendations describes three levels of software analysis 13 Unit Level Analysis that takes place within a specific program or subroutine without connecting to the context of that program Technology Level Analysis that takes into account interactions between unit programs to get a more holistic and semantic view of the overall program in order to find issues and avoid obvious false positives System Level Analysis that takes into account the interactions between unit programs but without being limited to one specific technology or programming language A further level of software analysis can be defined Mission Business Level Analysis that takes into account the business mission layer terms rules and processes that are implemented within the software system for its operation as part of enterprise or program mission layer activities These elements are implemented without being limited to one specific technology or programming language and in many cases are distributed across multiple languages but are statically extracted and analyzed for system understanding for mission assurance Formal methods editMain article Formal methods Formal methods is the term applied to the analysis of software and computer hardware whose results are obtained purely through the use of rigorous mathematical methods The mathematical techniques used include denotational semantics axiomatic semantics operational semantics and abstract interpretation By a straightforward reduction to the halting problem it is possible to prove that for any Turing complete language finding all possible run time errors in an arbitrary program or more generally any kind of violation of a specification on the final result of a program is undecidable there is no mechanical method that can always answer truthfully whether an arbitrary program may or may not exhibit runtime errors This result dates from the works of Church Godel and Turing in the 1930s see Halting problem and Rice s theorem As with many undecidable questions one can still attempt to give useful approximate solutions Some of the implementation techniques of formal static analysis include 14 Abstract interpretation to model the effect that every statement has on the state of an abstract machine i e it executes the software based on the mathematical properties of each statement and declaration This abstract machine over approximates the behaviours of the system the abstract system is thus made simpler to analyze at the expense of incompleteness not every property true of the original system is true of the abstract system If properly done though abstract interpretation is sound every property true of the abstract system can be mapped to a true property of the original system 15 Data flow analysis a lattice based technique for gathering information about the possible set of values Hoare logic a formal system with a set of logical rules for reasoning rigorously about the correctness of computer programs There is tool support for some programming languages e g the SPARK programming language a subset of Ada and the Java Modeling Language JML using ESC Java and ESC Java2 Frama C WP weakest precondition plugin for the C language extended with ACSL ANSI ISO C Specification Language Model checking considers systems that have finite state or may be reduced to finite state by abstraction Symbolic execution as used to derive mathematical expressions representing the value of mutated variables at particular points in the code Data driven static analysis editData driven static analysis uses large amounts of code to infer coding rules 16 better source needed For instance one can use all Java open source packages on GitHub to learn a good analysis strategy The rule inference can use machine learning techniques 17 It is also possible to learn from a large amount of past fixes and warnings 16 better source needed Remediation editStatic analyzers produce warnings For certain types of warnings it is possible to design and implement automated remediation techniques For example Logozzo and Ball have proposed automated remediations for C cccheck 18 See also editCode audit Documentation generator Formal semantics of programming languages Formal verification FX 87 ISO 26262 ISO 9126 now ISO 25000 series Lint software List of tools for static code analysis Shape analysis Software quality Software quality assuranceReferences edit Wichmann B A Canning A A Clutterbuck D L Winsbarrow L A Ward N J Marsh D W R Mar 1995 Industrial Perspective on Static Analysis PDF Software Engineering Journal 10 2 69 75 doi 10 1049 sej 1995 0010 Archived from the original PDF on 2011 09 27 Egele Manuel Scholte Theodoor Kirda Engin Kruegel Christopher 2008 03 05 A survey on automated dynamic malware analysis techniques and tools ACM Computing Surveys 44 2 6 1 6 42 doi 10 1145 2089125 2089126 ISSN 0360 0300 S2CID 1863333 Khatiwada Saket Tushev Miroslav Mahmoud Anas 2018 01 01 Just enough semantics An information theoretic approach for IR based software bug localization Information and Software Technology 93 45 57 doi 10 1016 j infsof 2017 08 012 Software Quality Objectives for Source Code Archived 2015 06 04 at the Wayback Machine PDF Proceedings Embedded Real Time Software and Systems 2010 Conference ERTS2010 org Toulouse France Patrick Briand Martin Brochet Thierry Cambois Emmanuel Coutenceau Olivier Guetta Daniel Mainberte Frederic Mondot Patrick Munier Loic Noury Philippe Spozio Frederic Retailleau Improving Software Security with Precise Static and Runtime Analysis Archived 2011 06 05 at the Wayback Machine PDF Benjamin Livshits section 7 3 Static Techniques for Security Stanford doctoral thesis 2006 FDA 2010 09 08 Infusion Pump Software Safety Research at FDA Food and Drug Administration Archived from the original on 2010 09 01 Retrieved 2010 09 09 Computer based safety systems technical guidance for assessing software aspects of digital computer based protection systems Computer based safety systems PDF Archived from the original PDF on January 4 2013 Retrieved May 15 2013 Position Paper CAST 9 Considerations for Evaluating Safety Engineering Approaches to Software Assurance Archived 2013 10 06 at the Wayback Machine FAA Certification Authorities Software Team CAST January 2002 Verification A combination of both static and dynamic analyses should be specified by the applicant developer and applied to the software VDC Research 2012 02 01 Automated Defect Prevention for Embedded Software Quality VDC Research Archived from the original on 2012 04 11 Retrieved 2012 04 10 Prause Christian R Rene Reiners and Silviya Dencheva Empirical study of tool support in highly distributed research projects Global Software Engineering ICGSE 2010 5th IEEE International Conference on IEEE 2010 http ieeexplore ieee org ielx5 5581168 5581493 05581551 pdf M Howard and S Lipner The Security Development Lifecycle SDL A Process for Developing Demonstrably More Secure Software Microsoft Press 2006 ISBN 978 0735622142 Achim D Brucker and Uwe Sodan Deploying Static Application Security Testing on a Large Scale Archived 2014 10 21 at the Wayback Machine In GI Sicherheit 2014 Lecture Notes in Informatics 228 pages 91 101 GI 2014 OMG Whitepaper CISQ Consortium for Information amp Software Quality PDF Archived PDF from the original on 2013 12 28 Retrieved 2013 10 18 Vijay D Silva et al 2008 A Survey of Automated Techniques for Formal Software Verification PDF Transactions On CAD Archived PDF from the original on 2016 03 04 Retrieved 2015 05 11 Jones Paul 2010 02 09 A Formal Methods based verification approach to medical device software analysis Embedded Systems Design Archived from the original on July 10 2011 Retrieved 2010 09 09 a b Learning from other s mistakes Data driven code analysis www slideshare net 13 April 2015 Oh Hakjoo Yang Hongseok Yi Kwangkeun 2015 Learning a strategy for adapting a program analysis via bayesian optimisation Proceedings of the 2015 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages and Applications OOPSLA 2015 pp 572 588 doi 10 1145 2814270 2814309 ISBN 9781450336895 S2CID 13940725 Logozzo Francesco Ball Thomas 2012 11 15 Modular and verified automatic program repair ACM SIGPLAN Notices 47 10 133 146 doi 10 1145 2398857 2384626 ISSN 0362 1340 Further reading editAyewah Nathaniel Hovemeyer David Morgenthaler J David Penix John Pugh William 2008 Using Static Analysis to Find Bugs IEEE Software 25 5 22 29 CiteSeerX 10 1 1 187 8985 doi 10 1109 MS 2008 130 S2CID 20646690 Brian Chess Jacob West Fortify Software 2007 Secure Programming with Static Analysis Addison Wesley ISBN 978 0 321 42477 8 Flemming Nielson Hanne R Nielson Chris Hankin 2004 12 10 Principles of Program Analysis 1999 corrected 2004 ed Springer ISBN 978 3 540 65410 0 Abstract interpretation and static analysis International Winter School on Semantics and Applications 2003 by David A Schmidt Retrieved from https en wikipedia org w index php title Static program analysis amp oldid 1218663830, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.