I am shocked! I am shocked when I see developers do nothing but rely on static analysis tools to help them improve code quality. Some of them proclaim that the IDE that they use helps them write better code. Yes. To some extent IDEs help. Just because IDEs and static analysis tools help to a certain extent, can we afford to do nothing else but relying on them? My answer is a firm ‘no’.Coding requires not only expertise but also discipline. How can you ignore self-review, refactoring, peer reviews or expert reviews? How can you avoid setting your own traps ? - read my previous post 'The Trap Called Ten Percent Code Review'.
XP- Extreme Programming, one of the agile methods emphases on ‘coding standards’ as one of the practices. ‘Coding standards’ does not mean following a documented guidelines or standards or how to code. It is more than that. It is about writing code in such a way that all team members follow similar style and can understand the code written by other team members. It is about seamless coding in order to ensure high quality code. This is possible when developers write good code even before they put their code through a static analysis tool.
Static analysis tools provide you with valid comments as well as false positives. The less the comments are the more efficient it is for you to complete static analysis. This means that the code that you put through static analysis needs to be good enough. That is when your static analysis tool will provide you a manageable list of observations. Writing good code in a team setting is possible when you follow some discipline. This is possible when you do self-review, implement regular refactoring and practice defect prevention.
Unfortunately in our industry there are agile teams relying on static analysis alone. This does not help as it is an inefficient way of improving code quality. Self-review and continuous refactoring are the practices that are pragmatic in agile development. This is because the code base is consistently evolving. Keeping it clean, structured and simple is what is going to help you in being agile. Else you are struck with growing and messy code base not knowing that you are accumulating technical debt day by day. That is going to cost a lot in terms of maintenance overheads.
I am not against static analysis tools. Static analysis tools are powerful. These tools can provide a snapshot on the health of your product or quality of code - that is a holistic view. A very good analogy is medical electronics. Medical electronics has enabled us check blood pressure at home. Medical electronics has helped clinics do ECG test in a sophisticated way. This does not mean that one can afford to wait for clinical results in order to improve health. Many of us follow a health regime by doing regular workouts, eating healthy food and leading a stress free life. When it comes to coding how can we wait for the static analysis tools to spew hundreds of findings including false positives before we attempt to improve code quality? Don’t we have to improve our coding practices?