Exploring Static Analysis Advantages and Challenges

1. Introduction to Static Analysis Chapter 2

2. Chapter Outline • Capabilities and Limitations of Static Analysis • Type checking • Style checking • Program understanding tools • Program verification • Bug finding • Some theory and implications

3. Capabilities and Limitations of SA • SA tools are thorough and consistent. • Examine the code itself, not the symptoms. • Find errors early in development, thereby cutting costs. • Easy to retool for new vulnerabilities. • Not perfect

4. Solving Problems with Static Analysis • Type Checking • Style Checking (lint, PMD)‏ • Programming Understanding tools (fujaba)‏ • Program Verification and Property Checking • Temporal safety properties – counterexamples • “sound with respect to the specifiication” • Bug finding (“bug idioms”)‏ • Security Review

5. A little theory, a little reality • Reduction to halting problem • Itself undecidable • Practical Considerations • Making sense of the program • Tradeoffs (depth vs precision and depth • Right set of rules • Ease of use • Analyzing source vs analyzing compiled code (next slide)‏

6. Analyzing Source vs analyzing object code • Mainly disadavnatgeous: • Making sense of object code may be difficult if not impossible, specially with variable length instructions. • No type information • Difficult to produce reports in terms of source code.