This specification relates to static analysis of software source code.
Static analysis refers to techniques for analyzing computer software source code without executing the source code as a computer software program. Static analysis systems analyze source code to determine various properties about source code in a code base.
Static analysis systems can identify characteristic segments of source code in the code base. A characteristic segment of source code is a segment of source code having a particular attribute of interest. Static analysis systems can generate analysis results that include data specifying where, in the code base, the characteristic segments of source code occur.
An example of characteristic segments of source code that static analysis systems can generate is source code coding defects. Coding defects are segments of source code that violate one or more coding standards or rules. The data representing such coding defects may be referred to as violations. Such programming errors may not be flagged by compilers or interpreters as errors and thus may go undetected by software developers.
Common violations identified by static analysis systems include type violations, which are characteristic snippets of source code that violate coding standards for how types should be used. In general, a type is a property of a programming language construct. A type determines how the programming language construct can be used in relation to other programming language constructs according to type rules enforced by a compiler or interpreter of the programming language.
Type violations are coding defects that may or may not be considered errors by the compiler or interpreter, but nevertheless represent defects in the code base. Type violations typically include two primary instances: comparison between two incompatible types, and an argument being passed a type that is incompatible with an expected type for the argument. For example, a segment of source code that compares variables of incomparable types is a coding defect that can be represented by a corresponding violation that identifies the location of the source code in the code base, the offending source code itself, and an error message “comparison between variables of incomparable types.”
As type systems of programming languages become more sophisticated, it becomes more difficult for static analysis systems to report understandable information about violations involving types. Consequently, it becomes harder for users to use static analysis systems that do not provide comprehensible information about violations involving types.