Static analysis is the term applied to the analysis of computer software that is performed without actually executing programs built from that software (analysis performed on executing programs is known as dynamic analysis). In most cases the analysis is performed on some version of the source code and in the other cases some form of the object code. The term is usually applied to the analysis performed by an automated tool, with human analysis being called program understanding or program comprehension. Computer software (or simply software) refers to one or more computer programs and data held in the storage of a computer for some purpose. ... Source code (commonly just source or code) is any series of statements written in some human-readable computer programming language. ... In computer science, object file or object code is an intermediate representation of code generated by a compiler after it processes a source code file. ... This software is useful for static code analysis. ... Understanding is a psychological state in relation to an object or person whereby one is able to think about it and use concepts to be able to deal adequately with that object. ...

The sophistication of the analysis performed by tools varies from those that only consider the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. Uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the lint tool) to formal methods that mathematically prove properties about a given program (e.g., its behavior matches that of its specification). Lint is a computer programming tool that performs the lexical and syntactic portions of the compilation with substantial additional checks, noting when variables had been used before being set, when they were used as a datatype other than that of their definition, and numerous other programming errors. ... In computer science, formal methods refers to mathematically based techniques for the specification, development and verification of software and hardware systems (Foldoc:formalmethods). ...

Some people consider software metrics to be a form of static analysis. A software metric is a measure of some property of a piece of software or its specifications. ...

A growing commercial use of static analysis is in the verification of properties of software used in safety-critical computer system. A life-critical system or safety-critical system is a system whose failure or malfunction may result in a) death or serious injury to people, or b) loss or severe damage to equipment or c) environmental harm. ...

Formal methods

Formal methods is the term applied to the analysis of software (and hardware) whose results are obtained purely through the use of rigorous mathematical methods. The mathematical techniques used include denotational semantics, axiomatic semantics, operational semantics, and abstract interpretation. Computer software (or simply software) refers to one or more computer programs and data held in the storage of a computer for some purpose. ... Hardware is the general term that is used to describe physical artifacts of a technology. ... In computer science, denotational semantics is one of the approaches to formalize the semantics of computer programs. ... Axiomatic Semantics is an approach based on mathematical logic to proving the correctness of computer programs. ... In computer science, operational semantics is a way to give meaning to computer programs in a mathematically rigorous way (see semantics of programming languages). ... Abstract interpretation is a theory of sound approximation of the semantics of computer programs, based on monotonic functions over ordered sets, especially lattices. ...

It has been proved that finding possible run-time errors – is undecidable: there is no mechanical method that can always answer truthfully whether programs may or not exhibit runtime errors. This result dates from the works of Church, Gödel and Turing in the 1930s (see the halting problem and Rice's theorem). As with most undecidable questions, one can still attempt to give useful approximate solutions. In logic, a decision problem is determining whether or not there exists a decision procedure or algorithm for a class S of questions requiring a Boolean value (i. ... Alonzo Church (June 14, 1903 – August 11, 1995) was an American mathematician and logician who was responsible for some of the foundations of theoretical computer science. ... Kurt Gödel Kurt Gödel [kurt gøːdl], (April 28, 1906–January 14, 1978) was a logician, mathematician, and philosopher of mathematics. ... Alan Turing is often considered the father of modern computer science. ... // Events and trends A public speech by Benito Mussolini, founder of the Fascist movement The 1930s were described as an abrupt shift to more radical lifestyles, as countries were struggling to find a solution to the global depression. ... In computability theory the halting problem is a decision problem which can be informally stated as follows: Given a description of a program and its initial input, determine whether the program, when executed on this input, ever halts (completes). ... Rices theorem (also known as The Rice-Myhill-Shapiro theorem) is an important result in the theory of recursive functions. ...

Some of the implementation techniques of formal static analysis include:

• model checking considers systems that have finite state or may be reduced to finite state by abstraction;
• abstract interpretation models the effect that every statement has on the state of an abstract machine (ie, it 'executes' the software based on the mathematical properties of each statement and declaration).

Model checking is a method to algorithmically verify formal systems. ... In computer science, abstraction is a mechanism and practice to reduce and factor out details so that one can focus on few concepts at a time. ... Abstract interpretation is a theory of sound approximation of the semantics of computer programs, based on monotonic functions over ordered sets, especially lattices. ...

See also

• DAEDALUS
• formal semantics of programming languages
• Formal verification
• Software analysis
• Software testing
• Crash-only software
• Graceful degradation
• SPARK programming language
• List of tools for static code analysis

This article deals with the mythological character Daedalus. ... In theoretical computer science formal semantics is the field concerned with the rigorous mathematical study of the meaning of programming languages and models of computation. ... In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property, using formal methods. ... Testing is a process used to help identify the correctness, completeness, security and quality of developed computer software. ... Crash-only software refers to computer programs that handle failures by simply restarting, without attempting any sophisticated recovery. ... Graceful degradation is a property of a computer system whereby it reacts safely and proportionately to erroneous or unexpected circumstances. ... SPARK is a secure, formally-defined language designed to support the development of software used in applications where correct operation is vital either for reasons of safety or business integrity. ... This software is useful for static code analysis. ...

External links

• information of software management
• Citations from CiteSeer
• PolySpace Technologies, static verification of dynamic properties,
• ASTRÉE project, with explanations on static analysis by abstract interpretation
• Flawfinder, contains a good list of other static checking tools towards the bottom
• PREfix from Microsoft Research team - not on GA (General availability) yet.
• Type Inference and Static Analysis for Object-Oriented Software by Jens Palsberg
• Securing Web Application Code by Static Analysis and Runtime Protection