Analysis of computer programs without executing them
Part of a series on
Software development
Core activities
Data modeling
Processes
Requirements
Design
Construction
Engineering
Testing
Debugging
Deployment
Maintenance
Paradigms and models
Agile
Cleanroom
Incremental
Prototyping
Spiral
V model
Waterfall
Methodologies and frameworks
ASD
DevOps
DAD
DSDM
FDD
IID
Kanban
Lean SD
LeSS
MDD
MSF
PSP
RAD
RUP
SAFe
Scrum
SEMAT
TDD
TSP
OpenUP
UP
XP
Supporting disciplines
Configuration management
Documentation
Software quality assurance
Project management
User experience
Practices
ATDD
BDD
CCO
CI
CD
DDD
PP
SBE
Stand-up
TDD
Tools
Compiler
Debugger
Profiler
GUI designer
UML Modeling
IDE
Build automation
Release automation
Infrastructure as code
Standards and bodies of knowledge
CMMI
IEEE standards
ISO 9001
ISO/IEC standards
PMBOK
SWEBOK
ITIL
IREB
OMG
Glossaries
Artificial intelligence
Computer science
Electrical and electronics engineering
Outlines
Outline of software development
v
t
e
In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution in the integrated environment.[1][2]
The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding", program comprehension, or code review. In the last of these, software inspection and software walkthroughs are also used. In most cases the analysis is performed on some version of a program's source code, and, in other cases, on some form of its object code.
^Wichmann, B. A.; Canning, A. A.; Clutterbuck, D. L.; Winsbarrow, L. A.; Ward, N. J.; Marsh, D. W. R. (Mar 1995). "Industrial Perspective on Static Analysis" (PDF). Software Engineering Journal. 10 (2): 69–75. doi:10.1049/sej.1995.0010. Archived from the original (PDF) on 2011-09-27.
^Egele, Manuel; Scholte, Theodoor; Kirda, Engin; Kruegel, Christopher (2008-03-05). "A survey on automated dynamic malware-analysis techniques and tools". ACM Computing Surveys. 44 (2): 6:1–6:42. doi:10.1145/2089125.2089126. ISSN 0360-0300. S2CID 1863333.
and 24 Related for: Static program analysis information
This is a list of notable tools for staticprogramanalysis (programanalysis is a synonym for code analysis). AdaControl CodePeer ConQAT Fluctuat LDRA...
ensuring that the program does what it is supposed to do. Programanalysis can be performed without executing the program (staticprogramanalysis), during runtime...
security testing Staticprogramanalysis Okun, V.; Guthrie, W. F.; Gaucher, H.; Black, P. E. (October 2007). "Effect of staticanalysis tools on software...
Dynamic programanalysis is the act of analyzing software that involves executing a program – as opposed to staticprogramanalysis, which does not execute...
Staticanalysis, static projection, or static scoring is a simplified analysis wherein the effect of an immediate change to a system is calculated without...
static or -static in Wiktionary, the free dictionary. Static may refer to: Static Nunatak, in Antarctica Static, Kentucky and Tennessee, U.S. Static Peak...
LDRA Testbed is a set of core static and dynamic analysis engines for both host and embedded software. LDRA Testbed is made by Liverpool Data Research...
semgrep or Semgrep CLI is a free open-source static code analysis tool developed by Semgrep, Inc. (formerly r2c) and open-source contributors. It has stable...
one run of the program. A static call graph is a call graph intended to represent every possible run of the program. The exact static call graph is an...
object-oriented programming languages, dynamic compilers are particularly good candidates for performing escape analysis. In traditional static compilation...
quality to perform automatic reviews with staticanalysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on...
sense. Static type checking is the process of verifying the type safety of a program based on analysis of a program's text (source code). If a program passes...
Polyspace is a static code analysis tool for large-scale analysis by abstract interpretation to detect, or prove the absence of, certain run-time errors...
observing program output, and Dynamic taint propagation: Finding vulnerabilities without attacking. List of tools for static code analysis "HP Completes...
"Secure information flow as a safety problem". In 12th International StaticAnalysis Symposium, September 2005. "DBI - Database independent interface for...
Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects....
compute useful information for understanding aliasing in programs. In general, alias analysis determines whether or not separate memory references point...
analysis is a type of data flow analysis that tracks the range (interval) of values that a numeric variable can take on at each point of a program's execution...
rigorous form of staticprogramanalysis. The tool uses directed graphs and regular algebra to represent the program under analysis. Using the automated...
Cppcheck is a static code analysis tool for the C and C++ programming languages. It is a versatile tool that can check non-standard code. The creator...
commercial static code analysis tool developed by BUGSENG, LLC for automatic analysis, verification, testing and transformation of C and C++ programs. ECLAIR...
Pylint is a static code analysis tool for the Python programming language. It is named following a common convention in Python of a "py" prefix, and a...