Lessons from Building Static Analysis Tools at Google: https://cacm.acm.org/magazines/2018/4/226371-lessons-from-building-static-analysis-tools-at-google/fulltext
An excellent 'view from the trenches' of static analysis at Google's scale. Thread.
Related Posts
I've been building an 'extract function' refactor feature. It's surprisingly nuanced.
Where do you put the extracted function? Once you've done the static analysis, what order do you use for the parameters?
I'm intrigued to see that Google has quantified that new code is generally buggier and less secure than code that has existed in your codebase for longer: https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
I've had a new Linux laptop for several weeks and only just realised that I didn't have `man` installed!
Google is my default the vast majority of the time, and this seems to confirm it.