Static Analysis

Static analysis is the examination of software source code without executing it, using automated tools to infer properties of the program's behavior across all possible inputs rather than testing a sample of actual executions. Unlike dynamic testing, which asks 'what does the program do on these inputs?', static analysis asks 'what could the program do on any input?' — a fundamentally harder question that trades computational expense for exhaustiveness.

The field ranges from lightweight syntactic checks (linting, style enforcement) to heavyweight semantic analysis that attempts to prove the absence of memory safety violations, null pointer dereferences, data races, and information leaks. Modern static analyzers such as Coverity, Infer, and Rust's borrow checker integrate into the Compiler pipeline, turning the build process into a continuous verification engine. The deepest result is that any non-trivial static analysis is necessarily approximate: by Rice's theorem, no algorithm can decide all interesting semantic properties of arbitrary programs. Static analysis is therefore not the elimination of uncertainty but its disciplined management — a theme it shares with abstract interpretation and type systems.