Static Analysis Notes
2022-06-09 09:43:07 # Development # Static Analysis


By chance, I found a course called Static Analysis taught by Nanjing University professors. There are a lot of recommendations on how to learn this course and most of them coming down to this - watching the relative videos - Static Analysis is being a major trend.

I searched for Monash University’s static analysis courses online and found they offer some of these courses. Sadly, they are graduate courses or research projects, so I do not have the opportunity to apply.

Static analysis techniques have been used to assess the security of applications as well as to verify a program’s properties. For easy understanding, my notes are being written in English, and I hope to cover the most important concepts of the entire Static analysis learning process.

S1 Introduction

Sound & Truth

TP True Positive: found a real error

FP False Positive: false alarm

TN True Negative: no error, no alarm—OK

FN False Negative: missed error

Sound: no false negatives - no missed error

Complete: no false positive - no false alarm

Mostly compromising completeness: We prefer sound but not fully-precise static analysis.

Abstraction & over-approximation

Abstraction is used for representing results using an abstract value.

Transfer functions define how to evaluate different program statements on abstract values.

Transfer functions are defined according to “analysis problem” and the “semantics” of different program statements.

An example


Over-approximation may produce false positives.


  • What are the differences between static analysis and (dynamic) testing?
  • Understand soundness, completeness, false negatives and false positives.
  • Why soundness is required by static analysis?
  • How to understand abstraction and over-approximation?

S2 Intermediate Representation

Intermediate Representation = IR

Compilers and Static Analyzers