1. 4

This is a collection of static analysis tools and code quality checker


  2. 3

    Not really sure this quite covers “static analysis” the way its usually meant by researchers. Yes, linters perform a type of static analysis, yes, the field is quite broad, but the sum total of this page is a very weak sauce as a stand in for static analysis. For example, there is a single section for “binary static analysis”, and there is all of 4 entries. The previous section, detailing “multiple language” projects is probably closer to the colloquial sense of the word and covers a much wider breadth.

    1. 1

      the list includes static analysis tools that leverage Abstract Interpretation (eg. Ikos

      IKOS (Inference Kernel for Open Static Analyzers) is a static analyzer for C/C++ based on the theory of Abstract Interpretation. )

      1. 2

        yeah, but how many? I don’t really want to take the time at the moment, its not that big a deal, but several of those language-oriented sections were like 50% linters. Again, not a big deal, linting involves static analysis(!), but if you want to talk to someone who actually uses static analysis for bug hunting (or whatever, performance, etc) in their day-to-day, linters are not what they mean. Binary focused static analysis is what probably 90+ percent of the current research papers published mean when the use the phrase “static analysis”. There is an interesting essay to be written about the fluidity of terms in computational science research and practice, Halvar Flake among others had a tweet about “soundness” and “completeness” relatively recently, and the squishly-ness of those terms, if you search his handle with either of those terms it’ll come up, lots of serious people in the replies, point being I think a similar problem befalls use of “static analysis”.

        1. 1

          Yes, the list includes a mix of syntax checkers, style checkers, narrow bounds checkers and so on. A couple of tools eg Ikos, Spark, Polyspace are based on solid theoretical methods. Ikos also does binary analysis (well, LLVM IR encoded into bitstream files), do not know about others.

          Also agree, that we would benefit from some form of taxonomy, helping us navigate the theoretical constructs and their practical implementation in this space (eg Abstract Interpretation, Symbolic execution).

    2. 1

      even if it isn’t necessarily “compsci” or “plt”, this is a nice and useful list :)

      1. 1

        To the creator of this: the “Multiple Languages” href should link to #multiple-languages_1 and not #multiple-languages or #multiple-languages-1.

        1. 1

          Looks like this is a problem when generating the static version of this page from the Markdown version. On the GitHub repository the link works as expected