STATIC 2025

The 1st International Workshop on Advancing Static Analysis for Researchers and Industry Practitioners in Software Engineering.

Static analysis examines software without executing the code to detect defects, security vulnerabilities, code smells, etc. It is paramount for early bug detection, improving code quality, and enhancing security. By proactively identifying defects before code is executed, static analysis helps maintain robust and maintainable software. Static analysis has been a fundamental practice for many years, for both researchers in software engineering and security and for practitioners:

• Researchers: improving existing techniques and devising new methodologies to enhance software quality and security.
• Practitioners: supporting software development and DevOps by integrating static analysis tools into CI/CD pipelines.

However, while static analysis is powerful, it is inherently limited: any non-trivial semantic property of a program—a category that includes the targets of all but the simplest static analysis—is undecidable: all static analyses must either over-approximate the possible behaviors of the target program and so produce false positive warnings about problems that might not occur in practice, under-approximate the possible behaviors of the program and miss real problems, or both. These limitations present significant research challenges, driving the need for more advanced techniques and tools to improve precision (the percentage of warnings that are about real problems) and recall (the percentage of real problems about which an analysis warns). Besides, the rise of multi-language programs and the heavy use of frameworks and libraries in modern software development have introduced additional complexities for static analysis. Therefore, static analysis tools must now also handle the intricacies of different languages and framework-specific contexts, which create research problems and necessitate more advanced and sophisticated techniques to ensure comprehensive analyses.

STATIC promotes discussion on how the choices of program analysis designers impact the software engineers who actually use the tools. There is fertile ground for discussion of the practical limitations of various analysis backends/techniques, and whether there are lessons that we can share for alleviating some of the pain that those limitations cause for engineers. Some topics along this vein include (1) handling of libraries, (2) specification techniques, (3) aliasing, (4) error reporting, (5) analysis predictability, (6) entrypoint specification, and (7) integrations with build systems.

Furthermore, recent advances in artificial intelligence (AI) bring new questions to the field of static analysis: should we rely solely on traditional static analysis methods or explore combining them with AI to improve their efficiency? Large Language Models (LLMs) push us to reflect on traditional topics such as static analysis. Do they need to complement each other? We require sound analysis, but can LLMs provide the necessary soundness? This intersection brings us to consider whether AI can enhance or even transform the effectiveness of static analysis.

The goal of the workshop is to build a community at ICSE around static analysis. This workshop aims to be the premier venue for researchers to discuss static analysis techniques and their application to solving concrete software engineering problems.

Target Audience

The workshop is designed for software engineers and researchers that have a background in static analysis. The audience should have a basic understanding of static analysis principles and techniques, as the workshop will build on these to explore more advanced topics and practical applications.

The core objective of this workshop is to foster a collaborative environment where both researchers and industry practitioners can brainstorm about the current and upcoming challenges in static analysis. Our goal is twofold: (1) to foster research efforts towards solving specific unresolved challenges; and (2) to bridge the gap between research and practical application by addressing industry needs. Practitioners are particularly welcome to provide insights into the most valuable tools and techniques currently in use in the industry and their needs.

Call for Papers

The international workshop on Advancing Static Analysis for Researchers and Industry Practitioners in Software Engineering (STATIC) aims to bring together international researchers and practitioners to discuss static analysis techniques and their application to solving concrete software engineering problems. To this end, we welcome original articles on every aspect related to static analysis.

Areas of interest include but are not restricted to:

• Innovative advancements in static analysis techniques (e.g., novel call graph construction algorithms).
• Practical tools, prototypes, or frameworks demonstrating real-world applicability.
• Combining static analysis and Artificial Intelligence
• New algorithms enhancing static analysis efficiency in terms of time, precision, and soundness.
• Compelling use cases for features that are not yet supported by existing analysis tools.
• Empirical studies evaluating the effectiveness of static analysis techniques in practice.
• Demonstrations of new tools showcasing practical applications.
• Novel ideas for enhancing software development processes and DevOps practices.

Submission Guidelines

Authors are invited to submit:

• Regular paper: original articles presenting emerging results on static analysis. The articles must not exceed 6 pages, including figures, appendices, and references.
• short papers: covering new ideas, visions (of the future), reflections (on the past), and tool demonstrations that must not exceed 4 pages, including figures, appendices, and references.

All the submissions must not have been published elsewhere or under review elsewhere when being considered for STATIC 2025. All submissions must be in PDF format and conform, at time of submission, to the IEEE conference proceedings template format, as per the ICSE 2025 guidelines:

“Submissions must conform to the IEEE conference proceedings template, specified in the IEEE Conference Proceedings Formatting Guidelines (title in 24pt font and full text in 10pt type, LaTeX users must use \documentclass[10pt,conference]{IEEEtran} without including the compsoc or compsocconf options).”

Reviewing will be double-blind. We strongly encourage authors to make their tools, source code, artifacts, and experimental results public and reproducible. To streamline the review process, there will be no formal artifact evaluation.

Publication

All accepted papers will appear in the ICSE 2025 workshop proceedings. At least one author must register for the workshop and present the paper.

Awards

Best Paper and Best Presentation awards will be announced during the workshop.

Submission Link

We invite you to contribute to the STATIC 2025 workshop and be part of a vibrant community dedicated to advancing static analysis techniques for software engineering at:

https://static2025.hotcrp.com/

If you have any questions, please do not hesitate to contact the organizers.