本文探讨了程序分析的基本概念,强调了其在确保软件正确性和安全性方面的重要性。文章指出,通过保守的近似方法,可以保证分析结果的准确性,并讨论了在不同应用场景下,如验证工具和自动化测试中,如何理解健全性的概念。
Regarding correctness, programmers routinely use testing to gain confidence that their programs works as intended, but as famously stated by Dijkstra: “Program testing can be used to show the presence of bugs, but never to show their absence.” Ideally we want guarantees about what our programs may do for all possible inputs, and we want these guarantees to be provided automatically, that is, by programs. A program analyzer is such a program that takes other programs as input and decides whether or not they have a given property.
Ideally, the approximations we use are conservative (or safe), meaning that all errors lean to the same side, which is determined by our intended application.
We say that a program analyzer is sound if it never gives incorrect results (but it may answer maybe). Thus, the notion of soundness depends on the intended application of the analysis output, which may cause some confusion.
For example, a verification tool is typically called sound if it never misses any errors of the kinds it has been designed to detect, but it is allowed to produce spurious warnings (also called false positives), whereas an automated testing tool is called sound if all reported errors are genuine, but it may miss errors.
扫一扫
302
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
