Re: PolySpace?

From: Michal Zalewski (lcamtuf@coredump.cx)
Date: 12/13/01 

Date: Thu, 13 Dec 2001 11:47:25 -0500 (EST)
From: Michal Zalewski <lcamtuf@coredump.cx>
To: John Zachary <jmz11@psu.edu>

On Thu, 13 Dec 2001, John Zachary wrote:

> After reading through this announcement, I came across the term
> "abstract interpretation". Is this the same as "static analysis"? The
> company cites work done by P. Cousot in the 1970's on this subject.

Generally speaking, "abstract interpretation" is about building a specific
(abstract) model of program behavior without running it. Because of
computability restrains, actual implementations have to be either limited
or based on certain serious shortcomings and approximations.

   http://www.cs.utah.edu/~ritwik/papers/COUSOT-ACM.pdf

"Abstract interpretation" is not a new technique, and wasn't invented by
PolySpace. In fact, it is used in many applications, including optimized
compilers (to perform dead code ellimination, optimizations and much
more). I guess it is also used by many source code analyzers.

Mentions of this methodology seem not to support their claims about no
need for any development process changes (since abstract models have to be
examined and compared with something - usually a very detailed
functionality model that has to be created). Same applies to "100%
detection", which is not possible because of using finite, simplified
models and making certain assertions. 

-- 
_____________________________________________________
Michal Zalewski [lcamtuf@bos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/