Dynamic analysis is the testing and evaluation of an application during
Static analysis is the testing and evaluation of an
application by examining the code without executing the application.
Many software defects that cause memory and threading errors can be
detected both dynamically and statically. The two approaches are complementary
because no single approach can find every error.
The primary advantage of dynamic analysis: It reveals subtle defects or
vulnerabilities whose cause is too complex to be discovered by static analysis.
Dynamic analysis can play a role in security assurance, but its primary goal is
finding and debugging errors.
The primary advantage of static analysis: It examines all possible
execution paths and variable values, not just those invoked during execution.
Thus static analysis can reveal errors that may not manifest themselves until
weeks, months or years after release. This aspect of static analysis is
especially valuable in security assurance, because security attacks often
exercise an application in unforeseen and untested ways.
generates dynamic analysis results to help you find and fix memory and