"Static Analysis" refers to the software tools (or their use) to analyze application code for arbitrary properties, such as errors (uninitialized variables, possible SQL injection-attack, is this code-dead, can an argument be null,...) or structure (what is the call graph for this code? is there duplicate code? what information is passed between components?).
Static analysis refers to the software tools (or their use) to analyze application code for arbitrary properties, such as errors (uninitialized variables, possible SQL injection-attack, is this code-dead, is there duplicate code, can an argument be null), or structure (what is the call graph for this code? what information is passed between components?).
The variety of questions that one might ask about application properties is endless. Usually, one needs a tool customized to answer each individual question, for each individual language. And each such tool typically requires a lot of engineering, as most of them have to contain a significant part of a compiler front end just to read the source code and understand the meaning of the source code entities. Consequently, such tools are rare for the specific question you want to ask; where they exist, there are as many static analysis software tools are there are questions, although often a set of questions are rolled up into a single tool.
(In contrast, dynamic analysis refers to collecting data about interesting properties as an application program actually executes, e.g., "did this sum overflow at runtime?". In principle, a static analysis tool can provide exactly the information that dynamic analysis can, just by simulating the execution of the program, but its a lot of work to build such a simulator when there's already a computer lying around that is willing to do it for no extra effort.)
