Software Engineering At Google
Chapter #20 Static Analysis (1 of 3)
Software Engineering at Google Chapter #20 - Static Analysis (1 of 3)
Static analysis is the action of analyzing source code that has not yet been compiled into binary (runnable) form
For comparison, dynamic analysis is the analysis of a compiled running binary
Static analysis is generally performed after the programmer has committed their changes but before they push their changes to the VCS to be reviewed
Static analysis can also be performed before the code is committed by using “pre-commit” hooks in git / GitHub
Static analysis can check for common errors such as security issues, formatting issues, overflowing variables, tests that never run, deprecated functions, and more
To scale your static analysis have it only re-examine files that have changed since last run
When a software engineer is reading static analysis output they need to be certain to watch for new warnings since the last run
Some static analysis tools can fix code style issues automatically (tabs, spaces, mandatory in-code documentation sections, etc)
Make static analysis a mandatory part of the developer workflow but make it smooth and easy as not to create more mental overhead
Solicit feedback about your static analysis tools to see how well they are performing for the developers - especially false positives
Beware of too many false positives or else your developers will start to disregard all messages
Thank you for your time and attention.
Apply what you've learned here.
Enjoy it all.
© 2021 Josh Turgasen
All product names, logos, and trademarks are property of their respective owners