An\'alise Est\'atica de C\'odigo-Fonte

Joenio Marques da Costa

arxiv: 1907.00143 · v1 · pith:X7JTCSVLnew · submitted 2019-06-29 · 💻 cs.SE

An\'alise Est\'atica de C\'odigo-Fonte

Joenio Marques da Costa This is my paper

Pith reviewed 2026-05-25 13:19 UTC · model grok-4.3

classification 💻 cs.SE

keywords static analysissource codesoftware engineeringintermediate representationsanalysis techniquesfree tools

0 comments

The pith

A review compiles definitions, methods, and free tools for static source code analysis.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper assembles a theoretical overview of static analysis applied to source code. It covers the practice's definition along with its uses and applications in software development. The work details how such analysis occurs, including common intermediate representations, models, and techniques. It concludes by cataloging free downloadable tools, both general and those created in academic research settings.

Core claim

The article presents a theoretical summary of the source code static analysis, its definition, uses and applications, how static analysis is performed, their intermediate representation formats, models and most common analysis techniques, and a set of free and freely available downloadable static analysis tools, including academic software tools developed during research.

What carries the argument

Compiled overview of static analysis that organizes definitions, execution steps without program running, representation formats, and accessible tools.

If this is right

Developers gain a single reference for selecting analysis approaches suited to their projects.
Early issue detection becomes more feasible through the described techniques.
Research contributions are highlighted via the included academic tools.
Practitioners can compare multiple free options without separate searches.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The overview could function as an entry point for teaching static analysis in software courses.
It implies that combining multiple techniques from the summary may yield broader code coverage than any single method.
Updates to the tool catalog would be needed as new free options appear over time.

Load-bearing premise

The summary accurately and comprehensively covers the field of static analysis without significant omissions or inaccuracies.

What would settle it

Identification of a widely used static analysis technique or free tool absent from the paper's coverage.

read the original abstract

This article presents a theoretical summary of the source code static analysis, its definition, uses and applications, how static analysis is performed, their intermediate representation formats, models and most common analysis techniques, ends up presenting a set of free and freely available downloadable static analysis tools, academic software tools developed by scientists during their research work (The paper is written in Brazillian Portuguese).

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This is a plain Portuguese-language survey of static analysis that compiles standard material with no new results or analysis.

read the letter

This paper is a survey that walks through the definition of static code analysis, its uses, how it works, intermediate representations, models, common techniques, and a list of free plus academic tools. It is written entirely in Brazilian Portuguese and makes no claim to original derivations or findings. That is the core fact to know up front. The organization is straightforward and covers the expected ground for an introductory overview, which could save time for someone who wants the material pulled together in one place rather than scattered across English sources. The tool list at the end is the part most likely to be used in practice. The main limitation is exactly what the abstract states: it is a summary of existing work. There is no critical synthesis, gap analysis, or updated evaluation of the techniques, so the contribution stays at the level of compilation. Usefulness therefore rests on whether the Portuguese explanations are accurate and reasonably complete, which cannot be checked from the abstract alone but is the only real variable here. The paper does not engage deeply with recent developments or compare tools on concrete criteria, which keeps the scope narrow. Readers who would get value are students or practitioners in Portuguese-speaking regions who need a first reference in their own language. It does not advance open questions in software engineering or provide evidence that would change how people do static analysis. I would not send this for peer review at a research venue. It lacks the novelty or depth that justifies referee effort, though it might suit a local technical report or teaching note if the full text holds up as clear and balanced.

Referee Report

0 major / 3 minor

Summary. The manuscript presents a theoretical survey in Brazilian Portuguese on static analysis of source code. It covers the definition of static analysis, its uses and applications, methods of performance, intermediate representation formats and models, common analysis techniques, and concludes with lists of free downloadable tools as well as academic tools developed in research.

Significance. As a survey compiling existing knowledge rather than advancing new results or derivations, the work has modest significance even if accurate. Its primary potential value is as an accessible reference for Portuguese-speaking students and practitioners in software engineering; however, the absence of novel synthesis, critical evaluation, or empirical assessment limits its contribution to the broader cs.SE literature.

minor comments (3)

Abstract: the text consists of a single run-on sentence that would benefit from being split for clarity and readability.
Abstract: 'Brazillian' is misspelled; it should be 'Brazilian'.
The manuscript is written entirely in Portuguese. If the target journal requires an English abstract or title, these should be added.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for reviewing our manuscript and for the recommendation of minor revision. The work is a survey paper written in Brazilian Portuguese to serve as an accessible reference for students and practitioners in software engineering. We note that no specific major comments were provided in the report.

Circularity Check

0 steps flagged

No significant circularity; survey of existing literature

full rationale

This is a survey paper presenting definitions, uses, IR formats, techniques, and tool lists drawn from prior literature. It contains no original derivations, equations, predictions, fitted parameters, or load-bearing self-citations. The central claim is simply that it supplies a Portuguese-language summary; no step reduces by construction to its own inputs. Self-contained against external benchmarks as a review article.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The paper introduces no new technical claims, derivations, or entities. No free parameters, axioms, or invented entities are required or present beyond standard background definitions in software engineering.

pith-pipeline@v0.9.0 · 5570 in / 934 out tokens · 44107 ms · 2026-05-25T13:19:02.174032+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

27 extracted references · 27 canonical work pages

[1]

encontrar todos os usos de um certo m´ etodo

deﬁne uma extensa lista dessas atividades, incluindo: • An´ alise de performance • Compreens˜ ao de programas • Desenvolvimento baseado em modelos • Detec¸ c˜ ao de clones • Evolu¸ c˜ ao de software • Garantia de qualidade • Localiza¸ cao de falhas • Manuten¸ c˜ ao de software • Recupera¸ c˜ ao arquitetural • Testes Seja em qual atividade for, a an´ alise...

work page
[2]

conhecidas

enumera e descreve uma quantidade signiﬁcativa de grafos de repre- senta¸ c˜ ao interna para programa¸ c˜ ao funcional. 6 T´ ecnicas de an´ alise In´ umeras t´ ecnicas e m´ etodos distintos podem ser utilizados pelas ferramentas de an´ alise est´ atica, seja com o objetivo de veriﬁca¸ c˜ ao de tipos, localiza¸ c˜ ao de bugs, compreens˜ ao de programas, av...

work page
[3]

Experimental Evaluation of Static Source Code Analysis Tools

Khalid Alemerien and Magel Kenneth. Experimental Evaluation of Static Source Code Analysis Tools. Th e11th Internaitonal Conference on Soft- ware Engineering Research and Practice, July 2013

work page 2013
[4]

The use and limitations of static-analysis tools to improve software quality

Paul Anderson. The use and limitations of static-analysis tools to improve software quality. CrossTalk: The Journal of Defense Software Engineering , 21(6):18–21, 2008

work page 2008
[5]

Analyzing the state of static analysis: A large-scale evaluation in open source software

Moritz Beller, Radjino Bholanath, Shane McIntosh, and Andy Zaidman. Analyzing the state of static analysis: A large-scale evaluation in open source software. In Software Analysis, Evolution, and Reengineering (SA- NER), 2016 IEEE 23rd International Conference on , volume 1, pages 470– 481, 2016

work page 2016
[6]

Source code analysis: A road map

David Binkley. Source code analysis: A road map. In 2007 Future of Software Engineering, pages 104–119. IEEE Computer Society, 2007

work page 2007
[7]

Secure programming with static analysis

Brian Chess and Jacob West. Secure programming with static analysis . Pearson Education, 2007

work page 2007
[8]

On the sustainability of academic software: the case of static analysis tools

Joenio Costa, Paulo Meirelles, and Christina Chavez. On the sustainability of academic software: the case of static analysis tools. In Proceedings of the XXXII Brazilian Symposium on Software Engineering , pages 202–207. ACM, 2018

work page 2018
[9]

Code analysis: Past and present

Daniela da Cruz, Pedro Rangel Henriques, and Jorge Sousa Pinto. Code analysis: Past and present. 2009

work page 2009
[10]

Software static code analysis lessons learned

Andy German. Software static code analysis lessons learned. Crosstalk, 16(11):19–22, 2003

work page 2003
[12]

Static analysis: A survey of techni- ques and tools

Anjana Gosain and Ganga Sharma. Static analysis: A survey of techni- ques and tools. In Intelligent Computing and Applications , pages 581–591. Springer, 2015

work page 2015
[13]

Source code analysis with codesonar

GrammaTech. Source code analysis with codesonar. online, 06 2016. [on- line; acessado em 27 Julho 2016]. 12

work page 2016
[14]

Why source code analysis and manipulation will always be important

Mark Harman. Why source code analysis and manipulation will always be important. In Source Code Analysis and Manipulation (SCAM), 2010 10th IEEE Working Conference on , pages 7–19, 2010

work page 2010
[15]

Evaluating Static Source Code Analysis Tools

Thomas Hofer. Evaluating Static Source Code Analysis Tools . PhD thesis, Citeseer, 2010

work page 2010
[16]

Static code analysis: A systematic literature review and an industrial survey, 2016

Bilal Ilyas and Islam Elkhalifa. Static code analysis: A systematic literature review and an industrial survey, 2016

work page 2016
[17]

S. C. Johnson. Lint, a c program checker. In COMP. SCI. TECH. REP , pages 78–1273, 1978

work page 1978
[18]

Source code analysis - an overview

Radoslav Kirkov and Gennady Agre. Source code analysis - an overview. Cybernetics and Information Technologies, 10(2):60–77, 2010

work page 2010
[19]

A comparative study on software vulnerability static analysis techniques and tools

Peng Li and Baojiang Cui. A comparative study on software vulnerability static analysis techniques and tools. In Information Theory and Infor- mation Security (ICITIS), 2010 IEEE International Conference on , pages 521–524, 2010

work page 2010
[20]

Comparing Software Metrics Tools

R¨ udiger Lincke, Jonas Lundberg, and Welf L¨ owe. Comparing Software Metrics Tools. In Proceedings of the 2008 International Symposium on Software Testing and Analysis , ISSTA ’08, pages 131–142, New York, NY, USA, 2008. ACM

work page 2008
[21]

Thomas J. McCabe. A complexity measure. Software Engineering, IEEE Transactions on, (4):308–320, 1976

work page 1976
[22]

Nielson, and Chris Hankin

Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of program analysis. Springer, 2015

work page 2015
[23]

Taxonomy of static code analysis tools

Jernej Novak, Andrej Krajnc, et al. Taxonomy of static code analysis tools. In MIPRO, 2010 Proceedings of the 33rd International Convention , pages 418–422. IEEE, 2010

work page 2010
[24]

Document semantics: two approaches

Jos´ e Carlos Ramalho, Jose Joao Almeida, and Pedro Rangel Henriques. Document semantics: two approaches. 1996

work page 1996
[25]

Barbara G. Ryder. The pfort veriﬁer. Software: Practice and Experience , 4(4):359–377, 1974

work page 1974
[26]

Intermediate representations in imperative compilers: A survey

James Stanier and Des Watson. Intermediate representations in imperative compilers: A survey. ACM Computing Surveys (CSUR) , 45(3):26, 2013

work page 2013
[27]

Industrial perspective on static analysis

BA Wichmann, AA Canning, DL Clutterbuck, LA Winsborrow, NJ Ward, and DWR Marsh. Industrial perspective on static analysis. Software En- gineering Journal, 10(2):69, 1995

work page 1995
[28]

Using dependence graphs for slicing functional programs

Vadim Zaytsev. Using dependence graphs for slicing functional programs. 2015. 13

work page 2015

[1] [1]

encontrar todos os usos de um certo m´ etodo

deﬁne uma extensa lista dessas atividades, incluindo: • An´ alise de performance • Compreens˜ ao de programas • Desenvolvimento baseado em modelos • Detec¸ c˜ ao de clones • Evolu¸ c˜ ao de software • Garantia de qualidade • Localiza¸ cao de falhas • Manuten¸ c˜ ao de software • Recupera¸ c˜ ao arquitetural • Testes Seja em qual atividade for, a an´ alise...

work page

[2] [2]

conhecidas

enumera e descreve uma quantidade signiﬁcativa de grafos de repre- senta¸ c˜ ao interna para programa¸ c˜ ao funcional. 6 T´ ecnicas de an´ alise In´ umeras t´ ecnicas e m´ etodos distintos podem ser utilizados pelas ferramentas de an´ alise est´ atica, seja com o objetivo de veriﬁca¸ c˜ ao de tipos, localiza¸ c˜ ao de bugs, compreens˜ ao de programas, av...

work page

[3] [3]

Experimental Evaluation of Static Source Code Analysis Tools

Khalid Alemerien and Magel Kenneth. Experimental Evaluation of Static Source Code Analysis Tools. Th e11th Internaitonal Conference on Soft- ware Engineering Research and Practice, July 2013

work page 2013

[4] [4]

The use and limitations of static-analysis tools to improve software quality

Paul Anderson. The use and limitations of static-analysis tools to improve software quality. CrossTalk: The Journal of Defense Software Engineering , 21(6):18–21, 2008

work page 2008

[5] [5]

Analyzing the state of static analysis: A large-scale evaluation in open source software

Moritz Beller, Radjino Bholanath, Shane McIntosh, and Andy Zaidman. Analyzing the state of static analysis: A large-scale evaluation in open source software. In Software Analysis, Evolution, and Reengineering (SA- NER), 2016 IEEE 23rd International Conference on , volume 1, pages 470– 481, 2016

work page 2016

[6] [6]

Source code analysis: A road map

David Binkley. Source code analysis: A road map. In 2007 Future of Software Engineering, pages 104–119. IEEE Computer Society, 2007

work page 2007

[7] [7]

Secure programming with static analysis

Brian Chess and Jacob West. Secure programming with static analysis . Pearson Education, 2007

work page 2007

[8] [8]

On the sustainability of academic software: the case of static analysis tools

Joenio Costa, Paulo Meirelles, and Christina Chavez. On the sustainability of academic software: the case of static analysis tools. In Proceedings of the XXXII Brazilian Symposium on Software Engineering , pages 202–207. ACM, 2018

work page 2018

[9] [9]

Code analysis: Past and present

Daniela da Cruz, Pedro Rangel Henriques, and Jorge Sousa Pinto. Code analysis: Past and present. 2009

work page 2009

[10] [10]

Software static code analysis lessons learned

Andy German. Software static code analysis lessons learned. Crosstalk, 16(11):19–22, 2003

work page 2003

[11] [12]

Static analysis: A survey of techni- ques and tools

Anjana Gosain and Ganga Sharma. Static analysis: A survey of techni- ques and tools. In Intelligent Computing and Applications , pages 581–591. Springer, 2015

work page 2015

[12] [13]

Source code analysis with codesonar

GrammaTech. Source code analysis with codesonar. online, 06 2016. [on- line; acessado em 27 Julho 2016]. 12

work page 2016

[13] [14]

Why source code analysis and manipulation will always be important

Mark Harman. Why source code analysis and manipulation will always be important. In Source Code Analysis and Manipulation (SCAM), 2010 10th IEEE Working Conference on , pages 7–19, 2010

work page 2010

[14] [15]

Evaluating Static Source Code Analysis Tools

Thomas Hofer. Evaluating Static Source Code Analysis Tools . PhD thesis, Citeseer, 2010

work page 2010

[15] [16]

Static code analysis: A systematic literature review and an industrial survey, 2016

Bilal Ilyas and Islam Elkhalifa. Static code analysis: A systematic literature review and an industrial survey, 2016

work page 2016

[16] [17]

S. C. Johnson. Lint, a c program checker. In COMP. SCI. TECH. REP , pages 78–1273, 1978

work page 1978

[17] [18]

Source code analysis - an overview

Radoslav Kirkov and Gennady Agre. Source code analysis - an overview. Cybernetics and Information Technologies, 10(2):60–77, 2010

work page 2010

[18] [19]

A comparative study on software vulnerability static analysis techniques and tools

Peng Li and Baojiang Cui. A comparative study on software vulnerability static analysis techniques and tools. In Information Theory and Infor- mation Security (ICITIS), 2010 IEEE International Conference on , pages 521–524, 2010

work page 2010

[19] [20]

Comparing Software Metrics Tools

R¨ udiger Lincke, Jonas Lundberg, and Welf L¨ owe. Comparing Software Metrics Tools. In Proceedings of the 2008 International Symposium on Software Testing and Analysis , ISSTA ’08, pages 131–142, New York, NY, USA, 2008. ACM

work page 2008

[20] [21]

Thomas J. McCabe. A complexity measure. Software Engineering, IEEE Transactions on, (4):308–320, 1976

work page 1976

[21] [22]

Nielson, and Chris Hankin

Flemming Nielson, Hanne R. Nielson, and Chris Hankin. Principles of program analysis. Springer, 2015

work page 2015

[22] [23]

Taxonomy of static code analysis tools

Jernej Novak, Andrej Krajnc, et al. Taxonomy of static code analysis tools. In MIPRO, 2010 Proceedings of the 33rd International Convention , pages 418–422. IEEE, 2010

work page 2010

[23] [24]

Document semantics: two approaches

Jos´ e Carlos Ramalho, Jose Joao Almeida, and Pedro Rangel Henriques. Document semantics: two approaches. 1996

work page 1996

[24] [25]

Barbara G. Ryder. The pfort veriﬁer. Software: Practice and Experience , 4(4):359–377, 1974

work page 1974

[25] [26]

Intermediate representations in imperative compilers: A survey

James Stanier and Des Watson. Intermediate representations in imperative compilers: A survey. ACM Computing Surveys (CSUR) , 45(3):26, 2013

work page 2013

[26] [27]

Industrial perspective on static analysis

BA Wichmann, AA Canning, DL Clutterbuck, LA Winsborrow, NJ Ward, and DWR Marsh. Industrial perspective on static analysis. Software En- gineering Journal, 10(2):69, 1995

work page 1995

[27] [28]

Using dependence graphs for slicing functional programs

Vadim Zaytsev. Using dependence graphs for slicing functional programs. 2015. 13

work page 2015