Software Engineering at Google Chapter #20 - Static Analysis (1 of 3)

  • Static analysis is the action of analyzing source code that has not yet been compiled into binary (runnable) form
  • For comparison, dynamic analysis is the analysis of a compiled running binary
  • Static analysis is generally performed after the programmer has committed their changes but before they push their changes to the VCS to be reviewed
  • Static analysis can also be performed before the code is committed by using “pre-commit” hooks in git / GitHub
  • Static analysis can check for common errors such as security issues, formatting issues, overflowing variables, tests that never run, deprecated functions, and more
  • To scale your static analysis have it only re-examine files that have changed since last run
  • When a software engineer is reading static analysis output they need to be certain to watch for new warnings since the last run
  • Some static analysis tools can fix code style issues automatically (tabs, spaces, mandatory in-code documentation sections, etc)
  • Make static analysis a mandatory part of the developer workflow but make it smooth and easy as not to create more mental overhead
  • Solicit feedback about your static analysis tools to see how well they are performing for the developers - especially false positives
  • Beware of too many false positives or else your developers will start to disregard all messages
< BACK NEXT >
Tweet


   


   

Thank you for your time and attention.
Apply what you've learned here.
Enjoy it all.