2. Introduction to Static Analysis
The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.
–J. ROBERT OPPENHEIMER
This chapter is about static analysis tools: what they are, what they’re good for, and what their limitations are. Any tool that analyzes code without executing it is performing static analysis. For the purpose of detecting security problems, the variety of static analysis tools we are most interested in are the ones that behave a bit like a spell checker; they prevent well-understood varieties of mistakes from going unnoticed. Even good spellers use a spell checker because, invariably, spelling mistakes creep in no matter how good a speller you are. A ...
Get Secure Programming with Static Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
