使用动态代码分析工具进行静态代码分析?

发布于 2024-11-05 02:02:51 字数 1536 浏览 4 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

策马西风 2024-11-12 02:02:51

将两者结合起来确实有意义:您显然希望静态分析来检测真实问题(而不仅仅是看似合理的问题)并报告它们。对于那些静态分析器确定没有问题的地方,不需要做或说任何事情。对于那些静态分析器无法弄清楚的地方......您需要动态分析来监视运行时的不良事件。

基本答案是,进行静态分析的工具通常没有很好地配置仪器应用程序代码,并且那些仪器对静态分析没有太多支持。

我们的DMS 软件重组工具包是一套基础设施,既具有功能,又可以用于构建此类工具。 DMS 的核心是一个程序分析和转换系统。分析端解析代码并构建模型(AST、符号表、控制/数据流图等)作为分析器的基础。转换方可以修改 AST(使用分析器来确定要更改的内容)并吐出具有任意更改的修改后的源代码;出于本次讨论的目的,我们对代码进行了检测。

本文清晰概述了如何使用 DMS 来检测代码(动态分析):轻松覆盖任意语言的分支

结合静态和动态分析的一个更复杂的示例是我们的 CheckPointer 工具,它可以检测以下位置的指针错误:造成(而不是下游损坏)。 CheckPointer(在其生命的早期阶段)结合了主要的动态分析来实现这种效果,再加上一些(并计划进一步的)静态分析来消除尽可能多的动态检查。

It does make sense to combine both: you clearly want static analysis to detect real problems (not just plausible problems) and report them. For those places where the static analyzer is sure there is NOT a problem, nothing needs to be done or said. For those places where the static analyzer can't figure it out... you want dynamic analysis to watch for bad events at runtime.

The basic answer is that tools that do static analysis are generally not well provisioned to instrument application codes, and those that instrument don't have lot of support for static analysis.

Our DMS Software Reengineering Toolkit is a set of infrastructure that has both capabilites and can be used to build such tools. At its core, DMS is a program analysis and transformation system. The analysis side parses code and builds models (ASTs, symbol tables, control/data flow graphs, etc.) on which to base analyzers. The transformation side can modify the ASTs (using the analyzers to determine what to change) and spit out modified source code with arbitrary changes; for the purpose of this discussion, instrumented code.

A clear overview of how DMS can be used to instrument code (dynamic analysis) is provided in this paper: Branch Coverage for Arbitrary Languages Made Easy.

A more sophisticated example that combines both static and dynamic analyis is our CheckPointer tool, which detects pointer errors where made (as opposed to downstream damage). CheckPointer combines (at this early time of its life) primarly dynamic analysis to achieve this effect coupled with some (and planned further) static analysis to eliminate as many of the dynamic checks as possible.

喜你已久 2024-11-12 02:02:51

尽管我不知道有哪个工具可以同时进行静态和动态分析,但工具供应商已经合作提供了这种功能。 MathWorks 的 Polyspace 静态分析工具和 Vector Software 的 VectorCAST 动态分析工具就是一个很好的例子。

这些工具一起使用的示例:

  1. 使用静态分析帮助获得更好的代码覆盖率。例如,静态分析工具可以识别死代码或无法访问的代码,这些代码将无法获得测试覆盖率。
  2. 使用静态分析工具中的范围分析来开发可在动态分析工具中使用的测试用例。
  3. 使用静态分析工具(例如 MISRA 或 JSF++)中的代码规则检查功能来开发更好的代码,从而使软件具有更好的覆盖率分析。

为了进一步阅读,这里有一篇描述如何一起使用这些工具的文章的链接:http://www.vectorcast.com/blog/2011/04/25/combining-dynamic-testing-static-verification-part-1/

Although I am not aware of a one tool that does both static and dynamic analysis, tool vendors have partnered together to offer this capability. A good example of this is the Polyspace static analysis tools from MathWorks and the VectorCAST dynamic analysis tool from Vector Software.

Example use of these tools together:

  1. Using static analysis to help get better code coverage. E.g. the static analysis tool can identify dead or unreachable code which will be impossible to get test coverage.
  2. Using range analysis from the static analysis tool to develop test-cases that can then be used in the dynamic analysis tool.
  3. Use code rule checking features in the static analysis tool (e.g. MISRA or JSF++) to develop better code that results in software that has better coverage analysis.

For further reading, here is a link to an article describing how these tools can be used together: http://www.vectorcast.com/blog/2011/04/25/combining-dynamic-testing-static-verification-part-1/

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文