Home Blog About Contact

Solidity smart contract Static Code Analysis and common tools

Fri, Dec 17, 21

Static Code Analysis

Static code analysis is a method of debugging by examining source code before a program is run. It’s done by analyzing a set of code against a set (or multiple sets) of coding rules. Static code analysis and static analysis are often used interchangeably, along with source code analysis.

Static Analysis vs Dynamic Analysis

So, what’s the difference between static analysis and dynamic analysis?

Both types detect defects. The big difference is where they find defects in the development lifecycle. Static analysis identifies defects before you run a program (e.g., between coding and unit testing).

Dynamic code analysis identifies defects after you run a program (e.g., during unit testing). However, some coding errors might not surface during unit testing. So, there are defects that dynamic testing might miss that static code analysis can find.

List of Static and Dynamic Analysis tools

Weakness OSS Classifcation & Test Cases

Further reading

Full Version of Solidity smart contract Static Code Analysis and common tools