Scribe Notes
CS 235A
08 October 2007

Static Analysis - Static code analysis is the analysis of computer software that is performed without actually executing programs built from that software

+ Advantages of using Static Analysis +
  - No runtime overhead
  - May have better coverage
  - May provide guarantee
  - Proactive

- Disadvantages of using Static Analysis -
  - False positives / False Negatives
    (Soundness: will not miss bugs)
    (Completeness: will not report false bugs)
    (Rice's Theorem: Any nontrivial property about the language
     recognized by a Turing machine is undecidable. Which means, 
     we cannot have a algorithm that is both sound and complete, 
      for all interesting properties)
  - May be expensive

Spectrum of Static Analysis - the range of tools available
 - Lexical tools
 - Type checker
 - Lightweight analysis
 - Full program verifier 

Static Analysis Tool (Splint)
   Designed choices made to make it a lightweight analysis program
   - Neither sound, nor complete
   - Compromise between precision and scalability
   - Flow Sensitive (analysis takes into account the order of statements in a program) 
   - Path insensitive
   - Uses heuristics for loop invariants
   - Avoids undecidable, expensive properties
   
  Vulnerabilities that splint can check for
   - Insecure functions
   - Format string bugs
   - Null pointer 
  
  Weaknesses
   - Lots of false positives
   - Annotation