Software Engineering at Google Chapter #20 - Static Analysis (3 of 3)

  • Each analyzer must…
    • Be understandable
    • Messages must be actionable and easy to fix
    • Produce less than 10% effective false positive
    • Have the potential for significant impact on code quality
    • Feedback on the analyzer must be easy
  • Google uses custom compilers with static analysis tools built in
  • They do this so the developer gets the warnings at the earliest possible time (during their test compiles vs a pre-submit hook in git / GitHub)
  • Google doesn’t show compiler warnings because developers tend to ignore them. Their philosophy is "error or nothing"
  • Real time static analysis via IDE integration doesn’t work very well because…
  • It is CPU intensive and makes for a sluggish developer experience
  • There are too many IDEs and languages to support. The overhead of keeping things up to date becomes too much.
  • Instead of real-time static analysis in the IDE organizations should focus on using multiple tools chained together
  • Empower your developers to contribute to your static analysis tools so their changes can benefit the organization and code base
< BACK NEXT >
Tweet


   


   

Thank you for your time and attention.
Apply what you've learned here.
Enjoy it all.