HOME

TheInfoList



OR:

Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual
processor Processor may refer to: Computing Hardware * Processor (computing) **Central processing unit (CPU), the hardware within a computer that executes a program *** Microprocessor, a central processing unit contained on a single integrated circuit (I ...
. For dynamic program analysis to be effective, the target program must be executed with sufficient test inputs to cover almost all possible outputs. Use of
software testing Software testing is the act of examining the artifacts and the behavior of the software under test by validation and verification. Software testing can also provide an objective, independent view of the software to allow the business to apprecia ...
measures such as
code coverage In computer science, test coverage is a percentage measure of the degree to which the source code of a program is executed when a particular test suite is run. A program with high test coverage has more of its source code executed during testing, ...
helps increase the chance that an adequate slice of the program's set of possible behaviors has been observed. Also, care must be taken to minimize the effect that
instrumentation Instrumentation a collective term for measuring instruments that are used for indicating, measuring and recording physical quantities. The term has its origins in the art and science of scientific instrument-making. Instrumentation can refer to ...
has on the execution (including temporal properties) of the target program. Dynamic analysis is in contrast to
static program analysis In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution. The term ...
. Unit tests, integration tests, system tests and acceptance tests use dynamic testing.


Types of dynamic analysis


Code coverage

Computing the
code coverage In computer science, test coverage is a percentage measure of the degree to which the source code of a program is executed when a particular test suite is run. A program with high test coverage has more of its source code executed during testing, ...
according to a test suite or a workload is a standard dynamic analysis technique. *
Gcov Gcov is a source code coverage analysis and statement-by-statement profiling tool. Gcov generates exact counts of the number of times each statement in a program is executed and annotates source code to add instrumentation. Gcov comes as a stand ...
is the
GNU GNU () is an extensive collection of free software (383 packages as of January 2022), which can be used as an operating system or can be used in parts with other operating systems. The use of the completed GNU tools led to the family of operat ...
source code coverage program. * VB Watch injects dynamic analysis code into Visual Basic programs to monitor
code coverage In computer science, test coverage is a percentage measure of the degree to which the source code of a program is executed when a particular test suite is run. A program with high test coverage has more of its source code executed during testing, ...
, call stack, execution trace, instantiated objects and variables.


Memory error detection

*
Intel Inspector Intel Inspector (previously known as Intel Thread Checker) is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications. * Reliability: Find deadlocks and memory errors th ...
: Dynamic memory error debugger for C, C++, and Fortran applications that run on
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...
and
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
. *
AddressSanitizer AddressSanitizer (or ASan) is an open source programming tool that detects memory corruption bugs such as buffer overflows or accesses to a dangling pointer (use-after-free). AddressSanitizer is based on compiler instrumentation and directly ma ...
: Memory error detection for Linux,
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
, Windows, and more. Part of
LLVM LLVM is a set of compiler and toolchain technologies that can be used to develop a front end for any programming language and a back end for any instruction set architecture. LLVM is designed around a language-independent intermediate repre ...
. *
BoundsChecker BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part o ...
: Memory error detection for Windows based applications. Part of
Micro Focus Micro Focus International plc is a British multinational software and information technology business based in Newbury, Berkshire, England. The firm provides software and consultancy. The company is listed on the London Stock Exchange and is ...
DevPartner DevPartner is a set of software development and testing tools developed by NuMega, acquired by Compuware in 1997, which on June 1, 2009 sold it to Micro Focus. There are two versions: one for native and .NET Windows applications, and another for ...
. *
Dmalloc Dmalloc is a C memory debugger library written by Gray Watson to assist programmers in finding a variety of dynamic memory allocation mistakes. It replaces parts (such as malloc) of the C standard library provided by the operating system or co ...
: Library for checking memory allocation and leaks. Software must be recompiled, and all files must include the special C header file dmalloc.h. * Purify: Mainly memory corruption detection and memory leak detection. *
Valgrind Valgrind () is a programming tool for memory debugging, memory leak detection, and profiling. Valgrind was originally designed to be a free memory debugging tool for Linux on x86, but has since evolved to become a generic framework for crea ...
: Runs programs on a virtual processor and can detect memory errors (e.g., misuse of
malloc C dynamic memory allocation refers to performing manual memory management for dynamic memory allocation in the C programming language via a group of functions in the C standard library, namely , , , and . The C++ programming language includes t ...
and free) and
race conditions A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of ...
in multithread programs.


Fault localization

Fault localization refers to locating the buggy code (for example the buggy statement) according to failing and passing test cases. For example, Tarantula is a well-known fault localization approach based on the covered code. Fault localization illustrates an important property of dynamic analysis: the results on the analysis depend on the considered workload, inputs or test cases. For fault localization, it has been shown that one can refactor the test cases in order to get better results.


Invariant inference

Daikon Daikon or mooli, ''Raphanus sativus'' var. ''longipinnatus,'' is a mild-flavored winter radish usually characterized by fast-growing leaves and a long, white, root. Originally native to continental East Asia, daikon is harvested and consumed ...
is an implementation of dynamic invariant detection. Daikon runs a program, observes the values that the program computes, and then reports properties that were true over the observed executions, and thus likely true over all executions.


Security analysis

Dynamic analysis can be used to detect security problems. * IBM Rational AppScan is a suite of application security solutions targeted for different stages of the development lifecycle. The suite includes two main dynamic analysis products: IBM Rational AppScan Standard Edition, and IBM Rational AppScan Enterprise Edition. In addition, the suite includes IBM Rational AppScan Source Edition—a static analysis tool.


Concurrency errors

*
Parasoft Parasoft (officially Parasoft Corporation) is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the Californ ...
Jtest uses runtime error detection to expose defects such as
race conditions A race condition or race hazard is the condition of an electronics, software, or other system where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. It becomes a bug when one or more of ...
, exceptions, resource and memory leaks, and security attack vulnerabilities. *
Intel Inspector Intel Inspector (previously known as Intel Thread Checker) is a memory and thread checking and debugging tool to increase the reliability, security, and accuracy of C/C++ and Fortran applications. * Reliability: Find deadlocks and memory errors th ...
performs run-time threading and memory error analysis in Windows. *
Parasoft Parasoft (officially Parasoft Corporation) is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the Californ ...
Insure++ Insure++ is a memory debugger computer program, used by software developers to detect various errors in programs written in C and C++. It is made by Parasoft, and is functionally similar to other memory debuggers, such as Purify, Valgrind an ...
is a runtime memory analysis and error detection tool. Its Inuse component provides a graphical view of memory allocations over time, with specific visibility of overall heap usage, block allocations, possible outstanding leaks, etc. * Google's Thread Sanitizer is a data race detection tool. It instruments
LLVM LLVM is a set of compiler and toolchain technologies that can be used to develop a front end for any programming language and a back end for any instruction set architecture. LLVM is designed around a language-independent intermediate repre ...
IR to capture racy memory accesses.


Program slicing

For a given subset of a program’s behavior, program slicing consists of reducing the program to the minimum form that still produces the selected behavior. The reduced program is called a “slice” and is a faithful representation of the original program within the domain of the specified behavior subset. Generally, finding a slice is an unsolvable problem, but by specifying the target behavior subset by the values of a set of variables, it is possible to obtain approximate slices using a data-flow algorithm. These slices are usually used by developers during debugging to locate the source of errors.


Performance analysis

Most performance analysis tools use dynamic program analysis techniques. * Prism from
CriticalBlue Lucio Lanza , industry = IT, Cybersecurity , products = SECaaS Dynamic Analysis Tools Profiling Tools Verification Tools , production = , services = API SecurityApplication Security Software Optimization ...
is a tool that dynamically traces software applications at runtime and captures data that can be used to analyze and identify the causes of poor performance.


Techniques

Most dynamic analysis techniques are based on some kind of code instrumentation or transformation. * DynInst is a runtime code-patching library that is useful in developing dynamic program analysis probes and applying them to compiled executables. Dyninst does not require
source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the w ...
or recompilation in general, however, non-stripped executables and executables with debugging symbols are easier to instrument.
Iroh.js
is a runtime code analysis library for
JavaScript JavaScript (), often abbreviated as JS, is a programming language that is one of the core technologies of the World Wide Web, alongside HTML and CSS. As of 2022, 98% of websites use JavaScript on the client side for webpage behavior, of ...
. It keeps track of the code execution path, provides runtime listeners to listen for specific executed code patterns and allows the interception and manipulatation of the program's execution behavior.


See also

* Abstract interpretation *
Daikon Daikon or mooli, ''Raphanus sativus'' var. ''longipinnatus,'' is a mild-flavored winter radish usually characterized by fast-growing leaves and a long, white, root. Originally native to continental East Asia, daikon is harvested and consumed ...
* Dynamic load testing *
Profiling (computer programming) In software engineering, profiling ("program profiling", "software profiling") is a form of dynamic program analysis that measures, for example, the space (memory) or time complexity of a program, the usage of particular instructions, or the fr ...
* Runtime verification *
Program analysis (computer science) In computer science, program analysis is the process of automatically analyzing the behavior of computer programs regarding a property such as correctness, robustness, safety and liveness. Program analysis focuses on two major areas: program op ...
*
Static code analysis In computer science, static program analysis (or static analysis) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution. The term ...
* Time Partition Testing


References

{{Software testing Program analysis Software testing