viren.org: static software analysis

Static software analysis, at least the way I use the term, involves the examination of code in a manner that fulfills some basic and obvious conditions:
  1. Automated: The analysis in question should not need more than a bare minimum of human intervention. Preferably none.
  2. Primary source of information is the code (source or binary). As is obvious from the word static, this doesn't allow for analysis done on the fly, while executions are taking place. However, it also doesn't allow for analyses that use data collected from prior executions and done post-execution in a static manner.

Yes, this definition allows for a grep executuon to be labelled as an analysis, and IMHO, it is. I've used grep to perform several basic analyses that allow me to reduce the input space that I have to work with, and thus is a perfectly valid, if oftentimes trivial instantiation of static analysis.

I'm interested in several things concerning static analysis. First is of course, the research aspect. There are several efforts going on to advance the state-of-the-art in static analysis. This page has links to several of the groups that I know are doing work in this area. Second, from a more practical aspect, I am interested in tools that are available for me to use either standalone or as building blocks for further development. Finally, I'm interested in the uses to which, and areas in which, people are applying static analysis.

Research

Tools

Applications

Viren R. Shah
Last modified: Mon May 14 11:21:17 EDT 2001