Software Security - PREfast project

Overall learning objectives of this PREfast exercise

Some generic feedback on the PREfast exercise


Disadvantages of dynamic analysis include: Advantages of dynamic analysis include Pros & cons of static analysis are exactly reversed. Advantages of static analysis include: Disadvantages of static analysis include:

Not requiring running code means that static analysis can catch problems earlier, at or before compile-time. Some people think that is that static analysis is not possible if it involves inputs whose values are unknown at compile time, but that is not true: compile-time analysis is possible even when dealing with unknown inputs, but it is harder, and it may ultimately be too complex, resulting in false positives or negatives.

Of course, in general static analysis will is harder as it involves reasoning over arbitrary values, whereas checking properties at runtime is easier because you know specific values. For example, at runtime you can simply check if a pointer is NULL or not, but a compile-time static analysis will have to consider both possibilities. Also, a static analysis may require more annotations: to express assumptions on input values, to allow modular analysis of interactions between functions, and then keep the amount of false positives and negatives in check.

Note that one could argue that the reason for PREfast not complaining about unannotated code is not so much preventing too many false positives, but more generally preventing too many warnings at all, be they false or true positives. Programmers will be turned off if a tool spews out too many complaints, even if many of these complaints are true positives...