Introduction to Static Analysis

1
Chapter 2

• Introduction to Static Analysis

2
Chapter Outline

• Capabilities and Limitations of Static Analysis
• Type checking
• Style checking
• Program understanding tools
• Program verification
• Bug finding
• Some theory and implications

3
Capabilities and Limitations of SA

• SA tools are thorough and consistent.
• Examine the code itself, not the symptoms.
• Find errors early in development, thereby cutting
  costs.
• Easy to retool for new vulnerabilities.
• Not perfect

4
Solving Problems with Static Analysis

• Type Checking
• Style Checking (lint, PMD)?
• Programming Understanding tools (fujaba)?
• Program Verification and Property Checking
• Temporal safety properties counterexamples
• sound with respect to the specifiication
• Bug finding (bug idioms)?
• Security Review

5
A little theory, a little reality

• Reduction to halting problem
• Itself undecidable
• Practical Considerations
• Making sense of the program
• Tradeoffs (depth vs precision and depth
• Right set of rules
• Ease of use
• Analyzing source vs analyzing compiled code (next
  slide)?

6
Analyzing Source vs analyzing object code

• Mainly disadavnatgeous
• Making sense of object code may be difficult if
  not impossible, specially with variable length
  instructions.
• No type information
• Difficult to produce reports in terms of source
  code.