Software Engineering at Google Chapter #20 - Static Analysis (1 of 3)

  • Static analysis is the action of analyzing source code that has not yet been compiled into binary (runnable) form
  • For comparison, dynamic analysis is the analysis of a compiled running binary
  • Static analysis is generally performed after the programmer has committed their changes but before they push their changes to the VCS to be reviewed
  • Static analysis can also be performed before the code is committed by using “pre-commit” hooks in git / GitHub
  • Static analysis can check for common errors such as security issues, formatting issues, overflowing variables, tests that never run, deprecated functions, and more
  • To scale your static analysis have it only re-examine files that have changed since last run
  • When a software engineer is reading static analysis output they need to be certain to watch for new warnings since the last run
  • Some static analysis tools can fix code style issues automatically (tabs, spaces, mandatory in-code documentation sections, etc)
  • Make static analysis a mandatory part of the developer workflow but make it smooth and easy as not to create more mental overhead
  • Solicit feedback about your static analysis tools to see how well they are performing for the developers - especially false positives
  • Beware of too many false positives or else your developers will start to disregard all messages



Thank you for your time and attention.
Apply what you've learned here.
Enjoy it all.