[Solved]: Getting started with Program Analysis

Unfortunately there aren’t many textbooks on the topic. I think the best way to learn program analysis today is to survey different courses that are available, play with a few implementations and then look at a few research papers for your specific needs. What follows is a very small sampling of what’s out there. Since you specifically mentioned compiler-oriented analyses were easy to find, I will not cover such material below. Web-based resources These are articles that emphasise the use of static analysis outside a compilation context.

1. A Reverse Engineering Reddit discussion on program analysis has many useful links.
2. Mozilla Wiki on abstract interpretation.
3. Deploying Static Analysis, a Dr. Dobbs article by Flash Sheridan
4. A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World, Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, Dawson Engler in Communications of the ACM.

University courses on program analysis

1. Anders Møller at Arhus University teaches a course that covers object-oriented and web technology.
2. Bor-Yuh Evan Chang at University of Colorado Boulder has a foundational course that involves an OCaml implementation and a graduate course.
3. Ben Hardekopf at the University of California Santa Barbara used to have a great set of assignments, but they are no longer available online. Some students who took his course seem to have made a Python implementation available.
4. Markus Müller-Olm has a graduate course on analysis of Android.
5. Reinhard Wilhelm at the University of Sarbruecken teaches a graduate course that covers static analysis applications such as timing analysis, cache behaviour prediction, and some shape analysis.
6. Sumit Gulwani from MSR taught a nice course on statically estimating resource consumption of programs (time/memory) at the Oregon Summer School on Programming Languages.
7. Koushik Sen at the University of California at Berkeley teaches a course that focuses on bug finding and whose topics cover concolic execution and software model checking.
8. Jeffrey Foster at the University of Maryland teaches a course that covers type systems, model checking, alias analysis and a lot of the other usual material.
9. Patrick Cousot spent a year at MIT and taught a comprehensive, foundational course on abstract interpretation. The assignments include an OCaml implementation which go from concrete collecting semantics to some algorithmically non-trivial ideas.
10. A graduate course on abstract interpretation taught by some leaders in the field is a good place to catch up on even more theory.
11. Patrick Cousot taught a short course on abstract interpretation at the Oregon Summer School on Programming Languages in 2009.

Tools to play with I am not listing a lot of research tools here. There are many of those but I have tried to list a few that you can download and play with to understand the area better.

1. Interproc is a very educational tool to play with to learn about numerical static analysis.
2. The Apron Numeric Abstraction library if you are really into numeric analysis.
3. Slayer is a shape analysis tool from Microsoft Research.
4. jStar is an analyzer for Java that is based on separation logic.
5. Microsoft Research has numerous groups developing numerous tools, many of which are available for download or have web-demos. I cannot list everything here and suggest you play with them.

There is a lot more, but that’s probably enough to keep you busy for a while.