The Communications of the ACM recently had several development articles, and I found the one on static analysis tools at Google particularly interesting. The article works through how Google went about integrating static analysis tools into every developer's workflow. And the tools have to be in the workflow, or developers will "forget" to use them. The second problem with the tools is ensuring that the feedback is useful. Currently, each dev will mark the items as either useful or incorrect. If a tool exceeds a 10% false-positive rate, it is temporarily disabled until that tool's developers can fix the flagged issues. The third issue with the tools is that some are expensive. Depending on the type of static analysis, the time required may be significant. Thus the tools are classified into two camps: on each compile, or on each code review / commit. It is also important that some tools can be temporarily disabled, such that during debugging or refactoring the code may temporarily mutate into an "unsafe" state to simplify the process.
Personally, I am glad that they are integrating analysis tools into the development workflow. Much work has been done to find bugs and issues within source code, so it is good that these analyses can be utilized regularly to improve code quality.
(As a note, I do not nor never have worked for Google, so I can only write based on the ACM article and not personal experience.)
1 comment:
Post a Comment