Is there any static analysis tool that can be used as a "tutorial" towards this concept? [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.

Closed 9 years ago.

Improve this question

I know the basic concept of static analysis, dynamic analysis and have some experiences using some tools on dataflow analysis, taint analysis and some model checking work.

Currently I am trying to get a deeper understanding of static analysis by reading some implementation of static analysis tools.

Is there any recommendation..?

Tools that work on dynamic typing language are especially welcomed:)

Thank you!

Answer 1

Static analysis tools come in wide variety, having to do with differences in:

• Purpose of the tool (find dead variables? find subscript errors? determine dynamic variable type?)
• Method to achieve it (heuristic? conservative algorithm? theorem prover?)
• Target languages and properties analyzed
• Representations processed (text, ASTs, byte code, mixtures)
• User annotations to help guide the analysis (when facing Turing-hard analyses, sometimes a hint is huge help)
• User interface, IDE integration, and reporting
• ...

This is far too much to learn about by reading some implementation. You virtually never learn anything significant by reading source code. Worse, 90% of the source code handles junk that is unrelated to the above issues ("open file", "parse lexeme", "print unicode string").

You are better off getting a textbook on program analysis and reading that to understand at least some of the above issues.

Answer 2

I'd suggest to go and look at WALA and Soot. They're very academic implementations, but they have very interesting algo implemented.

If you want to start with lightweight (intraprocedural, no global dataflow, etc.) analyses, you can look at Findbugs.

Concerning the dynamically typed languages, WALA had some support for JavaScript, but AFAIK it is fairly limited (though haven't looked at it deeply enough). There are academic tools for JavaScript though, such as TAJS. Google closure compiler is also interesting in that regard.