Static Analysis

Static analysis is a broad term covering all activities that are based on assessing the software without actually executing it. While testing can only demonstrate the correct behaviour of the system for some possible paths, static analysis attempts to demonstrate program properties for all possible program executions.

There are several techniques of program analysis that can be described as static analysis, ranging from code quality assessment (where one looks at the syntactic structure of the code) to compliance of the code to a formal specification, and includes other such as flow and pointer analysis or semantic analyses.

Adelard has experience in a wide range of the different static analysis techniques and methods. For example, control flow was part of the software criticality analysis, formal methods are described below.

We coined the term integrity static analysis to describe static analysis that focuses on unsafe language constructs, and "covert" flows where one concurrent thread can affect the data or control flow of another thread. Integrity static analysis was developed to support the justification of the use of a Commercial-Off-The-Shelf (COTS) industrial product was written primarily in C with some assembler. It focuses on unsafe language constructs and "covert" flows, where one thread can affect the data or control flow of another thread.

The assessment of unsafe language constructs identifies potential vulnerabilities in the C code by looking for deviations from published recommendations for C programming in safety-related applications and use of features of C identified in the ISO and ANSI standards as ill-defined or dangerous. It also includes checks for a variety of specific issues, such as the use of commonly misused constructs in C (such as "=" in conditional expressions).

Covert flow analysis examines the potential interference between different code functions. The most obvious covert mechanism in C or assembler code is the use of pointers (including their implicit use in array indexing). An incorrectly calculated pointer to a variable can give a procedure access to anywhere in the program's address space. Similarly, incorrect pointers to functions allow transfer of control to anywhere in the address space. The sharing of resources on a single processor and sharing of the stack give rise to other covert mechanisms. Static analysis was used to support an argument of the absence of these covert channels.

Integrity static analysis is performed supported by a variety of tools and techniques (which depend on the type of software being analysed), requires engineering and skill to combine such techniques, and follows an analysis procedure that includes at the final stage domain experts to agree the sentencing of findings Integrity static analysis has become a common technique used for the assessment of COTS products in the nuclear industry and it is also been used to assess smart sensor software.

The original work is described in a Safecomp paper.