../
Course Intro
Scribe notes
20260112T171325-software_analysis_scribe
Questions
- Condense Program Analysis into three parts
- We have some program $P$, a specification $S$ and program analysis attempts to derive some information $I$ using $P$ and $S$
- What is static analysis?
- Program analysis that doesn’t require the execution of the program
- What is dynamic analysis?
- Program analysis that requires the execution of the program
- What is specification Mining?
- Deriving specification from the observed behavior during execution
- Draw the Analysis vs Reality Matrix
| ↓Analysis\→Reality | Correct | Fault |
|---|---|---|
| Correct | Pass | Missed Fault |
| Fault | False Alarm | Caught Fault |
- What is soundness?
- If an analysis is sound then all possible faults have been caught
- A trivial analysis tool that always outputs fail is sound
- A sound analysis allows us to guarantee that the program is free of bugs
- What is completeness?
- All the caught faults are actually faults i.e there are no false alarms
- A trivial analysis that always outputs pass is complete
- A complete analysis allows us to show the presence of bugs
- Is static analysis sound?
- Yes
- Is static analysis complete?
- No
- Is dynamic analysis sound?
- No
- Is dynamic analysis complete?
- Yes