Static analysis teaser
Consider the following code.
x = 0;
y = read_even_value();
x = y+1;
y = 2*x;
x = y-2;
y = x/2;
Assume all values are integers, there is no overflow, etc.
What do you know about the variable values at the end of execution?
For example, are they even? Do you know other facts?
The most accurate result is that
y has same value as its initial value that was read from input, and
x is twice that.
We can determine this by doing symbolic execution:
for each variable value, determine an algebraic formula that represents its value.
It's also a fact that x and y are both even.
However, suppose that we used symbolic execution with a simpler abstraction
(a simpler abstract domain), where each value is "even", "odd", or "unknown".
This abstraction is simpler and faster to compute, but it loses information
and the final value for y is "unknown" instead of "even".
The field of static analysis is primarily about choosing an appropriate abstraction: one that is simple enough for efficient computation, but expressive enough to retain precision.