Software Engineering At Google
Chapter #20 Static Analysis (3 of 3)
Software Engineering at Google Chapter #20 - Static Analysis (3 of 3)
Each analyzer must…
Messages must be actionable and easy to fix
Produce less than 10% effective false positive
Have the potential for significant impact on code quality
Feedback on the analyzer must be easy
Google uses custom compilers with static analysis tools built in
They do this so the developer gets the warnings at the earliest possible time (during their test compiles vs a pre-submit hook in git / GitHub)
Google doesn’t show compiler warnings because developers tend to ignore them. Their philosophy is "error or nothing"
Real time static analysis via IDE integration doesn’t work very well because…
It is CPU intensive and makes for a sluggish developer experience
There are too many IDEs and languages to support. The overhead of keeping things up to date becomes too much.
Instead of real-time static analysis in the IDE organizations should focus on using multiple tools chained together
Empower your developers to contribute to your static analysis tools so their changes can benefit the organization and code base
Thank you for your time and attention.
Apply what you've learned here.
Enjoy it all.
© 2021 Josh Turgasen
All product names, logos, and trademarks are property of their respective owners