Introduction
By chance, I found a course called Static Analysis taught by Nanjing University professors. There are a lot of recommendations on how to learn this course and most of them coming down to this - watching the relative videos - Static Analysis is being a major trend.
I searched for Monash University’s static analysis courses online and found they offer some of these courses. Sadly, they are graduate courses or research projects, so I do not have the opportunity to apply.
Static analysis techniques have been used to assess the security of applications as well as to verify a program’s properties. For easy understanding, my notes are being written in English, and I hope to cover the most important concepts of the entire Static analysis learning process.
S1 Introduction
Sound & Truth
TP True Positive: found a real error
FP False Positive: false alarm
TN True Negative: no error, no alarm—OK
FN False Negative: missed error
Sound: no false negatives - no missed error
Complete: no false positive - no false alarm
Mostly compromising completeness: We prefer sound but not fully-precise static analysis.
Abstraction & over-approximation
Abstraction is used for representing results using an abstract value.
Transfer functions define how to evaluate different program statements on abstract values.
Transfer functions are defined according to “analysis problem” and the “semantics” of different program statements.
An example
Over-approximation may produce false positives.
Self-checking
- What are the differences between static analysis and (dynamic) testing?
- Understand soundness, completeness, false negatives and false positives.
- Why soundness is required by static analysis?
- How to understand abstraction and over-approximation?
S2 Intermediate Representation
Intermediate Representation = IR