Reputation: 31
What is the difference between source code analysis and object file analysis?
I'm interested in vulnerability detection. But not much is known about the beginning.
I'm currently studying static analysis. Static analysis can be done through source code or object files.
I'd like to know difference between source code analysis and object file analysis. I want to explain each pros and cons. You can also provide a link to paper or blog.
Thank you!
Upvotes: 0
Views: 151
Answers (1)
Reputation: 1689
For introductions to static source code analysis, I’ll immodestly suggest the references in my Dr Dobbs article: http://www.drdobbs.com/testing/deploying-static-analysis/240003801. For an example of why binary analysis, though much harder, is also necessary see https://threatpost.com/new-linux-flaw-enables-null-pointer-exploits-071709/72889/, where a technically correct but unfriendly compiler optimization led to a vulnerability not in the source. (Some of the debate on Slashdot may actually be worth reading: https://it.slashdot.org/story/09/07/18/0136224/new-linux-kernel-flaw-allows-null-pointer-exploits.)
Upvotes: 0
Related Questions
- What is the difference between static analysis and dynamic analysis?
- Integrating static analysis tools with each other?
- static and dynamic code analysis
- Benefits of static code analysis
- What is the difference between static analysis and semantic analysis?
- Open Source Static Code Analysis Models
- Can code audits be considered static analysis?
- Static / Dynamic source code analysis
- What are the tradeoffs of performing static analysis on source code, byte code, machine code, etc?
- Static code analysis / Code annotations