简体繁体 English

静态分析和语义分析有什么区别？

[英]What is the difference between static analysis and semantic analysis?

原文 2013-12-10 15:34:40 7 3 semantics/ static-analysis

Looking at Table 9 in ISO 26262-6 (2011) Road Vehicle Functional Safety Part 6 Product Development, static code analysis (1g) and semantic code analysis (1h) are listed separately as methods for verifications. 查看ISO 26262-6（2011）道路车辆功能安全第6部分产品开发中的表9，静态代码分析（1g）和语义代码分析（1h）作为验证方法单独列出。

I searched for an explanation of the differences, but I did not come across anything satisfying. 我搜索了差异的解释，但我没有遇到任何令人满意的事情。

Is it an over simplification to state that static analysis can use semantic analysis, but not necessarily vice versa? 静态分析是否可以使用语义分析，而不一定反之亦然？

In general, what is the difference between static analysis and semantic analysis? 一般来说，静态分析和语义分析有什么区别？

Most descriptions of static analysis that I've seen seem to involve discussion of semantic analysis. 我见过的大多数静态分析描述似乎都涉及语义分析的讨论。 What is static code analysis? 什么是静态代码分析？

Thanks for your time and any possible insights and feedback. 感谢您的时间和任何可能的见解和反馈。

3 个解决方案

Static analysis means that the analysis runs only for a source code, does not need to run a code or provide testing inputs. 静态分析意味着分析仅针对源代码运行，不需要运行代码或提供测试输入。 Another kind in this category is dynamic analysis which actually runs a code to test given inputs. 此类别中的另一种类型是动态分析，它实际上运行代码来测试给定的输入。

Semantic analysis states that the analysis estimates (or computes) a meaning of a source code. 语义分析表明分析估计（或计算）源代码的含义。 Another kind in this category is syntactic analysis which only checks a shape of a source code. 此类别中的另一种类型是语法分析，它仅检查源代码的形状。

In most cases, just saying semantic or syntactic analysis implies that it is also static analysis. 在大多数情况下，只是说语义或句法分析意味着它也是静态分析。

For example, assuming a C compiler issues two errors "missing semicolon" and "unused variables", the former is the result from (static) syntactic analysis and the latter is the result from (static) semantic analysis performed by the compiler. 例如，假设C编译器发出两个错误“缺少分号”和“未使用的变量”，前者是（静态）句法分析的结果，后者是编译器执行的（静态）语义分析的结果。

If you look at table 9 more carefully you will see: 1h | 如果你仔细看一下表9，你会看到：1h | Semantic code analysis^d 语义代码分析^ d

Below the table you can read what the '^d' means: Method 1h is used for mathematical analysis of source code by use of an abstract representation of possible values for the variables... 在表格下方，您可以阅读'^ d'的含义：方法1h用于通过使用变量的可能值的抽象表示来对源代码进行数学分析...

There are software tools which provide such analysis, fe Polyspace Proover. 有一些软件工具提供这样的分析，fe Polyspace Proover。

Semantic analysis is made at compile time in most compilers, and it's purpose is to check, wheter or not your code satisfy programming language specification. 语义分析是在大多数编译器的编译时进行的，其目的是检查代码是否满足编程语言规范。 It usually checks type correctness, method existence and so on. 它通常检查类型的正确性，方法的存在等。

Static analisis is a more complicated process, to find some warnings, bugs, etc, without running program. 静态分析是一个更复杂的过程，在没有运行程序的情况下找到一些警告，错误等。 It's go deeper than semantics analysis and produce more detailed results. 它比语义分析更深入，并产生更详细的结果。

For example there are many tools for statical analisys like PVS-Studio , Intellij Idea inspections, and so on. 例如，有许多用于静态分析的工具，如PVS-Studio ，Intellij Idea检查等。

Sometimes, they produce a lot of noise, but can save you from some errors. 有时，它们会产生很多噪音，但可以避免一些错误。