Lessons from Building Static Analysis Tools at Google

Edward Aftandilian
Alex Eagle
Liam Miller-Cushon
Communications of the ACM (CACM), 61 Issue 4(2018), pp. 58-66


In this article, we describe how we have applied the lessons from Google’s previous experience with FindBugs Java analysis, as well as lessons from the academic literature, to build a successful static analysis infrastructure that is used daily by the majority of engineers at Google. Our tooling detects thousands of issues per day that are fixed by engineers, by their own choice, before the problematic code is checked into the codebase.

Research Areas