Static analysis, as a concept, seems to earn itself a certain reputation. The general population may regard programming as a technocratic, geeky pursuit. But inside the world of programmers, static analysis has that equivalent rap. It’s a geeky subject even among geeks.
I suspect this arises from the academic flavor to static analysis. You hear terms like “halting problem,” “satisfiability,” and “correctness proofs,” and you find yourself transported back to some 400-level discrete course from your undergrad. And that’s assuming you did a CS undergrad. If not, your eyes might glaze over. Oh, and googling “static analysis” only to see things like this probably doesn’t help:
I have two CS degrees, concentrated heavily on the math side of things, and I specialize in static analysis. And that featured image makes my eyes glaze over. So let’s hit the reset button here. Let’s make the subject at least approachable and maybe, just maybe, even interesting.
Defining Static Analysis Dead Simply
Whether you’re a grizzled programming veteran, fresh out of a bootcamp, or can’t program a lick, you can understand the concept. I’ll use an analogy first, to ease into things.
When you write software, you write instructions in a format that you and other programmers understand. A program called the compiler (in many cases) then translates these into terms that computers understand and eventually into automation output. So think of programming as writing a grocery list for a personal shopper. You write down what you want, in easily understood terms. The personal shopper then maps this list to his knowledge of the grocery store’s layout and eventually produces output in the form of food that he brings you.
What, then, is static analysis in this world? Well, it’s analyzing the written grocery list itself and using it to speak to what the grocery shopping and groceries will be like. For instance, you might say, “Wow, 140 watermelons, huh? We’re going to need to rent a truck, so that’s going to cost you extra.”
When it comes to writing code, people usually reason about it by running it and seeing what happens. In our world, that means the shopper simply takes the list, goes on the shopping trip, and sees how things go. “Wow, this is a lot of watermelon,” he says as he fills the 15th cart full of the things. Only then does he start to understand the ramifications of this.
Static analysis capitalizes on the fact that you can understand things about the upcoming grocery run without actually executing it.