Static analysis, also called static code analysis, is the process of analyzing a computer program to find problems in it without actually executing it. Most generally, static analysis is performed on the source code of the program with tools that convert the program into an abstract syntax tree (AST) to understand the code's structure and then find problems in it.
What kind of problems can static analysis find?
Static analysis is a powerful tool to ensure software quality and robustness, and can find a number of issues in code before execution. Some of these categories of issues are:
- Potential security vulnerabilities
- Bug risks and anti-patterns
- Violation of code style guidelines
- Performance issues
- Dead or unused code
Also see Continuous Quality.