The term “static analysis” as it relates to computer software typically refers to the partly or wholly automated analysis of source code or other forms of computer instructions, as opposed to “dynamic analysis,” which refers to the analysis of a computer program while it is being executed. While existing static analysis tools provide useful information to computer software developers and programmers, they currently do not provide certain kinds of useful information.
One particular shortcoming of current static analysis tools may be understood by way of the following example. In the case of a computer software application that writes and read information to/from a database using SQL queries, database accesses A and B may be said to be “chainable” if A is a write to the database and B is a read from the database, and if A and B intersect in terms of the areas of the database that they access. In other words, there is overlap between the tables A and B access, and in some of the overlapping tables there is overlap between the columns A and B access. This information would be useful to computer software developers and programmers as it would enable them to identify the implicit flow between points within software code where writing to the database occurs and points where data are read from the database, and verify that the lifecycle of the data through the chain is correct. For example, a developer may want to ensure that data is sanitized (i.e., inspected for malicious content, and if such content is found, then it is removed) either before they are written to the database, or after they are read from it. As commonplace as this scenario is, current static analysis tools are incapable of identifying such chains accurately, particularly where an instruction at one location of a computer program causes information to flow into a database through a write operation, and another instruction at one location of the program causes that same piece of information to be read. Rather, in such cases current static analysis tools typically do one of the following:                1. They map every operation that writes to a database to every operation that reads from the database. This often leads to false positives, such as where write and read operations that are mapped to each other do not overlap at one or more tables and columns of the database;        2. They map write and read operations only in cases where there is hard-coded evidence of the connection between them, such as where the database is accessed using constant keys;        3. In the interest of performance, as well as of reducing the number of false positives, the static analyzer simply ignores possible read/write chains.        
Being able to accurately identify such read/write chains would represent a significant improvement to the field of static analysis.