June 2007
Intermediate to advanced
624 pages
16h 18m
English
The refinement of techniques for the prompt discovery of error serves as well as any other as a hallmark of what we mean by science.
–J. ROBERT OPPENHEIMER
This chapter is about static analysis tools: what they are, what they’re good for, and what their limitations are. Any tool that analyzes code without executing it is performing static analysis. For the purpose of detecting security problems, the variety of static analysis tools we are most interested in are the ones that behave a bit like a spell checker; they prevent well-understood varieties of mistakes from going unnoticed. Even good spellers use a spell checker because, invariably, spelling mistakes creep in no matter how good a speller you are. A ...
Read now
Unlock full access