A comprehensive understanding of static code analysis

​​

Security in development 、 Reliability and compliance of software , Comprehensive static code analysis is an effective method . ad locum , We will talk about static analysis , Discuss the differences between comprehensive static code analysis , Explain the importance of comprehensive static code analysis , And how to conduct a comprehensive static code analysis .

What is comprehensive static code analysis

Comprehensive static code analysis , Or just a comprehensive analysis , It refers to the integrity of the analysis results or “ sanity ”. Static code analysis tools are said to provide reliable analysis results , This means that if there are specific defects or vulnerabilities in a software , The analysis tool will report the above problems .

If not, is there a problem , Provide some form of warning , So it won't be “ Missing ” Any question .

（ notes ： These questions are Helix QAC Tools are classified as possible problems , If not necessary , Then a comprehensive analysis can not be carried out .）

Comprehensive static code analysis is different from other forms of static analysis , Other forms of static analysis results may be based on what may happen within a certain time or resource range .

Given the runtime behavior of the program, modeling requires some approximation （ for example , Lack of understanding of program input or operating system status ）, Comprehensive static code analysis requires Over-approximations（ Over approximate ）.

Over-approximations（ Over approximate ） To ensure that there is no missing report （ For a given vulnerability type ）, and under-approximations（ Lower approximation ） The first thing to ensure is that there are no false positives, but there may be false positives .

Other forms of static analysis do not show this strictness , May include both Over-approximations（ Over approximate ） Contain, under-approximations（ Lower approximation ）.

Comprehensive static code analysis tools and non comprehensive static code analysis tools may provide a health report for specific parts of the program , The comprehensive static code analysis tool engine provides additional assurance , That is, while providing this health certificate , All possibilities and all paths have been verified .

How a comprehensive static code analysis tool works

When it comes to comprehensive analysis , We usually consider more complex forms of interprocess and intraprocess control and data flow analysis , It works the same as today's most advanced static analysis tools .

Compared with simpler code syntax and semantic analysis , The difference is that static analysis of control and data flow is usually related to detecting more complex problems , Include ：

• Null pointer error reference
• Array or buffer underflow and overflow
• Use uninitialized objects
• Exception allocating memory and freeing memory
• Number overflow 、 Underflow and surround
• Divide by zero
• Dead code
• Data competition 、 Deadlocks and other concurrency conflicts

Control and data flow analysis is a high computational load task , Because all possible inputs to the system and all possible control flow paths through the system must be considered . in fact , Due to the brute force of control flow and data flow analysis, the exhaustive algorithm will lead to the sharp rise of analysis time index , Therefore, this scheme is rarely used . Symbolic execution and abstract interpretation algorithms will be a better choice .

according to Roberto Amadini、Graeme Gange、Peter Schachte、Harald Søndergaard and Peter J. Stuckey Of 《 Abstract interpretation 、 Symbolic execution and constraints 》,“ Abstract interpretation is a static code analysis framework , It is applicable to all possible running states of the program .”

and “ Symbolic execution is the framework of reachability analysis , It tries to explore all possible execution paths of the program .” Both abstract interpretation and symbolic execution maintain constraints in the form of invariants or path conditions during execution , These path constraints determine what possible paths can be executed and what values can be saved in various data sources .

But one thing to note is , Although the abstract explanation is more comprehensive , But symbolic execution is not fully implemented .

Why comprehensive static code analysis is important ？

Comprehensiveness is an important factor in safety critical software systems , In particular, it can ensure that the software does not have any coding defects being checked . in other words , Comprehensive analysis can be used to ensure that there are no errors in the software .

Based on this , In the automotive system ISO 26262 Functional safety （FuSa） In the standard , Abstract interpretation analysis is explicitly cited as a software unit verification method （ surface 7, Method 1i）.

How to use Helix QAC Tools perform comprehensive static code analysis

Because it can provide in-depth and highly accurate analysis results ,30 Over the years ,Helix QAC Has always been a trusted static code analysis tool .Helix QAC Be able to conduct comprehensive static analysis , It has always been the preferred tool for strict regulatory compliance and safety critical industries .

But in order to be able to Helix QAC Enable comprehensive analysis in the tool , The following steps are required ：

The data flow needs to be deep （Dataflow Settings） Set to maximum （5）, This will add multiple -prodoption, As shown in the screenshot above .（ see also QAC or QAC++ In the component manual " Analysis timeout " section , Understand why this class " Overtime " Settings are necessary for a comprehensive analysis .)

Besides ,“df::inter=5” and “inter-TU Analysis” Although not necessary for a comprehensive analysis , But it can be enabled at an additional computational cost , To reduce the number of issues that may need to be reported . These settings can be used to enable inter program and intra program analysis .

Why use Helix QAC Tool for comprehensive static analysis

Experience for yourself Helix QAC The impact of comprehensive static analysis of tools on code quality and comprehensiveness .

Contact now Long Zhi Experience , Open your Helix QAC Free trial tour .

Author's brief introduction ：

Steve · Howard （Steve Howard）

Static code scanning tool （SAST）Perforce System product advocate , Steve has more than in the field of software verification and validation 15 Years of experience , Especially in static code analysis .

Steve has a first-class degree in computer science from the University of Wales and a number of graduate degrees in software testing and security certification .