Static Analysis: Sound vs. Unreasonable
I started working with static analysis. After reading several papers, one thing remains unclear to me. What are the correct definitions of sound and fake static analysis?
The problem is that I find conflicting definitions in different places: "... sound analysis simulates the entire behavior of a program." http://blog.errstr.com/2013/01/17/on-static-analysis/
"Unsound tools / Formal tools: These tools report all checked defects and do not produce false negatives." http://techvolve.blogspot.de/2014/03/static-analysis-overview.html
source to share
The definitions at http://techvolve.blogspot.de/2014/03/static-analysis-overview.html have been revoked. It should be:
- Unsound tools: These tools sacrifice maximizing error detection to minimize false positives at a reasonable level. As such, these tools are deliberately imprecise and insoluble - which means possible false positives and false negatives.
- Sound Instruments / Official Instruments: These instruments report all tested defects and do not create false negatives. They are relatively slower. but, it creates a large number of false positives.
This page isn't particularly well written, even if you leave out the confusion. The word "unsolvable" is still used in an unconventional sense in the first paragraph. (The problem is solvable or insoluble. The tool is neither the one nor the other.)
You'd better omit this article from your bibliographic search.
source to share