What is the difference between source code analysis and object file analysis?
Question
I'm interested in vulnerability detection. But not much is known about the beginning.
I'm currently studying static analysis. Static analysis can be done through source code or object files.
I'd like to know difference between source code analysis and object file analysis. I want to explain each pros and cons. You can also provide a link to paper or blog.
Thank you!
1 answers
solution1
0 2019-08-31 12:00:37
For introductions to static source code analysis, I'll immodestly suggest the references in my Dr Dobbs article: http://www.drdobbs.com/testing/deploying-static-analysis/240003801 . For an example of why binary analysis, though much harder, is also necessary see https://threatpost.com/new-linux-flaw-enables-null-pointer-exploits-071709/72889/ , where a technically correct but unfriendly compiler optimization led to a vulnerability not in the source. (Some of the debate on Slashdot may actually be worth reading: https://it.slashdot.org/story/09/07/18/0136224/new-linux-kernel-flaw-allows-null-pointer-exploits .)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.