11

I've recently been looking at C++ static analysis tools. One thing that confuses me is the terminology used with these tools:

Some tools are simply called "static analysis tools" (e.g. CppCheck), others are called "sanitizers" (e.g. ASan, TSan, MSan, UBSan) and others are called "linters" (e.g. PC-Lint).

Is there an actual distinction that can be made between these three terms, or are they simply different words for the same thing?

Terence D
  • 123
  • 1
  • 1
  • 5
  • "Sanitizers" aren't part of static analysis, but injected code to detect runtime bugs. – πάντα ῥεῖ Mar 18 '18 at 03:51
  • @ πάντα - So, when compile using `clang++ -fsanitize=address` it's not only compiling but then also executing the code in attempts to find issues? – Terence D Mar 18 '18 at 04:13
  • No. There's additional code injected by the compiler that is able to check for e.g. stack overflow errors at runtime. – πάντα ῥεῖ Mar 18 '18 at 08:17
  • @πάντα - Ah, got it, thx. In the example I was looking at I failed to notice they executed a.out on the same line after compiling by using ; ./a.out - Example: `clang++ -O1 -fsanitize=address foo.cpp; ./a.out` – Terence D Mar 18 '18 at 14:26

1 Answers1

17

Sanitizers modify data to make it safe and/or usable by a program. For instance, escaping characters that may allow SQL injections, etc.

Linters analyze code to search for stylistic issues, bugs, possible memory leaks...

Static code analysis tools are any tool that analyzes source code without the need to run it. Linters are often static code analysis tools but may be other types. For instance, looking for dependencies or calculating metrics.

Jesus Alonso Abad
  • 778
  • 4
  • 7
  • 3
    The specific clang sanitizers mentioned in the question are different to what is described in this answer. Those sanitizers modify the code at compilation and work at runtime, sometimes with help from runtime libraries. Therefore they are dynamic analyzers - the "opposite" to static analyzers. Now, it'd be interesting to know why they were called "sanitizers" at all. – hmijail Mar 07 '21 at 00:19
  • 1
    I would say dynamic analysis is more of a complement to static analysis rather than an opposite. (think complementary angles) Opposites would undo each other. – Max Power Jul 11 '22 at 16:50