Software Engineering at Google Chapter #20 - Static Analysis (3 of 3)

  • Each analyzer must…
    • Be understandable
    • Messages must be actionable and easy to fix
    • Produce less than 10% effective false positive
    • Have the potential for significant impact on code quality
    • Feedback on the analyzer must be easy
  • Google uses custom compilers with static analysis tools built in
  • They do this so the developer gets the warnings at the earliest possible time (during their test compiles vs a pre-submit hook in git / GitHub)
  • Google doesn’t show compiler warnings because developers tend to ignore them. Their philosophy is "error or nothing"
  • Real time static analysis via IDE integration doesn’t work very well because…
  • It is CPU intensive and makes for a sluggish developer experience
  • There are too many IDEs and languages to support. The overhead of keeping things up to date becomes too much.
  • Instead of real-time static analysis in the IDE organizations should focus on using multiple tools chained together
  • Empower your developers to contribute to your static analysis tools so their changes can benefit the organization and code base



Thank you for your time and attention.
Apply what you've learned here.
Enjoy it all.