Konferenzen und Rahmenprogramm
Combining Static and Dynamic Analysis
Static analysis tools are useful for finding serious programming defects and security vulnerabilities in source and binary code. These tools inevitably report some false positives, or bugs that are highly unlikely to manifest as real problems in deployed code. Consequently, results must be inspected by a human to determine whether they warrant action, and most tools provide program understanding features to make this easier. This inspection process, known as warning triage, can be much more effective if it is guided by information from dynamic analyses such as code coverage, crash analysis, and performance profiling. For example, a static analysis report of a resource leak that occurs on a path that has not been tested is more likely to be a real undiscovered bug than one that occurs in code that has been tested much more comprehensively. Furthermore, the results of static analysis tools can be used to guide testing too. For example, a developer can save a great deal of effort if the static analysis can prove that it is fundamentally impossible to achieve full condition coverage. This talk describes how the results of static analyses and dynamic analyses can be fused to allow developers to get more value from both processes, and produce higher quality software more efficiently.
--- Datum: 28.02.2018 Uhrzeit: 11:00 Uhr - 11:30 Uhr Ort: Conference Counter NCC Ost