Undesired Development due to the Rise of Static Analysis Tools
I started Embedded C programming for Automotive ECUs almost 10 years ago. At the time the necessity for #codecompliance was in an uptrend as the industry was predominantly moving towards Autosar Software Architecture.
During this period, the use of #staticanalysis tools was in a much lesser percentage than today. The tool was mostly used only during the final verification to prove compliance or to measure complex metrics.
Though today we see the advantages of having better access to these tools, the onus back then was on the developer to understand the rules for compliance, analyze the code, and code better.
Irrespective of there is a need to prove compliance to a standard or not, the general quality of the code output from the developer was better.
But as the dependency on the static analysis tools increased as the decade progressed, there is much less effort from the developers to understand the coding rules and in general, develop better #codingpractices. They rely on the tools to find them the problems and suggest solutions.
An even frightening scenario today is that the developers are hesitant to optimize the code if the tool does not report a warning.
Another problem is that the static analysis is usually employed by the developers too late in the development cycle, that they end up with thousands of warnings. The developers either filter only the warnings with high severity or end-up justifying warnings with major design changes.
#Organizations and #Managers should emphasize the importance of,
1. Learning better coding practices and measuring code metrics.
2. Understanding the rules behind the code compliance standard and their application to a code.
3. Necessity for a lean and beautiful code.(remember you have to live with it for few years at the least!)
As a community, we should commit to code better to improve safety and improve the inherent coding skills. More importantly, understand that the static analysis tool (or any tool) is not a replacement for skill and is here only to support.
Cannot agree more to this! Great read, and concisely articulated.