Dynamic program analysis
|This article needs additional citations for verification. (February 2009)|
Dynamic program analysis is the analysis of computer software that is performed by executing programs on a real or virtual processor. For dynamic program analysis to be effective, the target program must be executed with sufficient test inputs to produce interesting behavior. Use of software testing techniques such as code coverage helps ensure that an adequate slice of the program's set of possible behaviors has been observed. Also, care must be taken to minimize the effect that instrumentation has on the execution (including temporal properties) of the target program. Inadequate testing can lead to catastrophic failures similar to the maiden flight of the Ariane 5 rocket launcher where dynamic execution errors (run time error) resulted in the destruction of the vehicle.
Examples of Tools
- Avalanche is an open source tool that generates input data demonstrating crashes in the analysed program.
- BoundsChecker: Memory error detection for Windows based applications. Part of Micro Focus DevPartner.
- Cenzic: publishes a line of dynamic application security tools that scans web applications for security vulnerabilities.
- ClearSQL: is a review and quality control and a code illustration tool for PL/SQL.
- Daikon (system) is an implementation of dynamic invariant detection. Daikon runs a program, observes the values that the program computes, and then reports properties that were true over the observed executions, and thus likely true over all executions.
- Dmalloc, library for checking memory allocation and leaks. Software must be recompiled, and all files must include the special C header file dmalloc.h.
- DynInst is a runtime code-patching library that is useful in developing dynamic program analysis probes and applying them to compiled executables. Dyninst does not require source code or recompilation in general, however, non-stripped executables and executables with debugging symbols are easier to instrument.
- Gcov is the GNU source code coverage program.
- HP Security Suite is a suite of Tools at various stages of development. QAInspect and WebInspect are generally considered Dynamic Analysis Tools, while DevInspect is considered a static code analysis tool.
- IBM Rational AppScan is a suite of application security solutions targeted for different stages of the development lifecycle. The suite includes two main dynamic analysis products - IBM Rational AppScan Standard Edition, and IBM Rational AppScan Enterprise Edition. In addition, the suite includes IBM Rational AppScan Source Edition - a static analysis tool.
- Intel Thread Checker is a runtime threading error analysis tool which can detect potential data races and deadlocks in multithreaded Windows or Linux applications.
- Intel Parallel Inspector performs run time threading and memory error analysis in Windows.
- OpenPAT statically instruments assembly and bytecodes to call a tool with dynamic execution trace information as the program runs. Used to monitor memory usage, for quality assurance and to model new HPC architectures.
- Parasoft Insure++ is runtime memory analysis and error detection tool. Its Inuse component provides a graphical view of memory allocations over time, with specific visibility into overall heap usage, block allocations, possible outstanding leaks, etc.
- Parasoft Jtest uses runtime error detection to expose defects such as race conditions, exceptions, resource & memory leaks, and security attack vulnerabilities.
- Purify: mainly memory corruption detection and memory leak detection.
- Valgrind runs programs on a virtual processor and can detect memory errors (e.g., misuse of malloc and free) and race conditions in multithread programs.
- VB Watch injects dynamic analysis code into Visual Basic programs to monitor their performance, call stack, execution trace, instantiated objects, variables and code coverage.
- Vector FabricsPareon uses code simulation to analyse code behavior. The tool will then suggest code optimizations based on parallelization.
- Recognizer - for PHP programms, converts Xdebug debugger trace log to the sequence diagram.
- IBM OLIVER (CICS interactive test/debug): CICS application error detection including storage violations using an instruction Set Simulator to detect most CICS errors interactively
- SIMON (Batch Interactive test/debug) interactive batch program analyzer and test/debug using an instruction Set Simulator
- SIMMON: IBM internal instruction Set Simulator used for testing operating system components, utilities and I/O processors