Program Analysis with PREfast & SAL Slides (3_StaticAnalysisPREfast) 计算机科学

Software SecurityProgram Analysis with PREfast & SALErik PollDigital Security groupRadboud University Nijmegen1static analysis aka source code analysis aka ...Automated analysis at compile time to find potential bugsBroad range of techniques, from light- to heavyweight:1. simple syntactic checks such as grep or CTRL-Feg. grep " gets(" *.cpp2. type checking3. more advanced analyses take into account program semantics– using: dataflow analysis, control flow analysis, abstract interpretation,sym