Static program analysis has been used since the early 1960’s in optimizing compilers. More recently, it has proven useful also for bug finding and verification tools, and in IDEs to support program development. In the following, we give some examples of the kinds of questions about program behavior that arise in these different applications. [1]

Analysis for program optimization

Code optimization is any method of code modification to improve code quality and efficiency. A program may be optimized so that it becomes a smaller size, consumes less memory, executes more rapidly, or performs fewer input/output operations.

The basic requirements optimization methods should comply with, is that an optimized program must have the same output and side effects as its non-optimized version. This requirement, however, may be ignored in the case that the benefit from optimization, is estimated to be more important than probable consequences of a change in the program behavior. [2]

Analysis for program correctness

The most successful analysis tools that have been designed to detect errors (or verify absence of errors) target generic correctness properties that apply to most or all programs written in specific programming languages. In unsafe languages like C, such errors sometimes lead to critical security vulnerabilities. In more safe languages like Java, such errors are typically less severe, but they can still cause program crashes.

Dynamic program analysis

Dynamic code analysis is the method of analyzing an application right during its execution. The dynamic analysis process can be divided into several steps: preparing input data, running a test program launch and gathering the necessary parameters, and analyzing the output data. [2]

Dynamic testing can provide the following metrics to you:

1. Resources consumed – the time of program execution on the whole or its modules individually, the number of external queries (for example, to the database), the number of memory being used, and other resources;
2. Cyclomatic complexity – the degree of code coverage with tests, and other program metrics;
3. Program errors – division by zero, null pointer dereferencing, memory leaks, “race conditions”;
4. Vulnerabilities in the program.

References

To see the references click on the link above.