Date: Fri, 25 Apr 2014 19:14:25 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Ben Laurie <benl@freebsd.org> Cc: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org>, "Ronald F. Guilmette" <rfg@tristatelogic.com> Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <86zjj9mivi.fsf@nine.des.no> In-Reply-To: <CAG5KPzyTCTbe_vTcP8HDa_KU0agNZQjzVmQ4XnZZjgGFEVnyaQ@mail.gmail.com> (Ben Laurie's message of "Fri, 25 Apr 2014 15:15:29 %2B0100") References: <DC2F9726-881B-4D42-879F-61377CA0210D@mac.com> <8783.1398202137@server1.tristatelogic.com> <20140423003400.GA8271@glaze.hydra> <20140423010054.2891E143D098@rock.dv.isc.org> <20140423012206.GB8271@glaze.hydra> <86bnvpoav7.fsf@nine.des.no> <CAG5KPzyTCTbe_vTcP8HDa_KU0agNZQjzVmQ4XnZZjgGFEVnyaQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ben Laurie <benl@freebsd.org> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > https://en.wikipedia.org/wiki/Halting_problem > Curious what the halting problem can tell us about finding/fixing bugs? Some participants in this thread claim that there is no such thing as a false positive from a static analyzer. A corollary of the halting problem is that it is impossible to write a program capable to proving or disproving the correctness of all programs. Hence, static analysis must perforce produce both false positive and false negative results. The purpose of static analysis in a compiler is to identify possible optimizations; therefore it must be conservative, because a false negative may result in incorrect code; therefore it will produce many false positives. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86zjj9mivi.fsf>