{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《error detection in static analysis and symbolic ex》','https://www.manongdao.com/q-905795.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
what kind of errors static analysis (e.g. compiler) can detect and symbolic execution can not detect? and what kind of errors that symbolic execution can detect and static analysis can not detect? for example can symbolic execution detect syntax errors?
相关问题
- How to handle “App is temporarily blocked from log
- Get access to Angular service instance from JavaSc
- Port of the Rails app when running Cucumber tests
- Selenium View Mouse/Pointer
- What is a correct approach to manage test data usi
相关文章
- Web Test recorder does not allow me to record a te
- Factory_girl has_one relation with validates_prese
- What is the difference between `assert_frame_equal
- How to check entire rails project for compilation
- How do I send cookies with request when testing Fl
- Unit test Angular 2 service subject
- Unit/Integration testing FTP access
- How to set a test for multiple fetches with Promis
In short, static analysis is capable of spotting coding issues, such as bad practices. For example, if you declare (unnecessarily) a class field as public, a static analysis tool may warn you that such field should be declared as private. However, the "cleanest" code is not necessarily bug free. Although, no malpractices can be found in some code, an incorrect reasoning on behalf of the coder may lead (later) to a crash in runtime.
For example, if we develop clean code to implement a calculator, then a static analysis tool does not output any warning, however if we forget to verify the input to prevent the user from attempting a division by zero, then the our calculator would eventually crash in runtime.
On the other hand, Symbolic (or Concolic) execution executes the target program, hence they have the potential to achieve any possible runtime execution state of the program, such as inducing a runtime error caused by a bug. In the above-described calculator example, symbolic execution would find the runtime failure and would also tell us which inputs induce such failure. To answer your last question, symbolic execution is not meant to inspect the quality of the code.
Ideally, we should use both before releasing the software.