|
|
|
|
|
|
by sdevlin
4699 days ago
|
|
|
Your point is well taken, but I think it has value. Compile-time error checking is useful because it gives you flexibility to make changes in a big program. It's kind of like a big suite of automatic tests that make sure all the parts of your program talk to each other correctly. Does it catch everything? Can you stop thinking critically? No, but it's still nice to have. This sort of goes hand in hand with IDE tools (e.g. "change method name" sorts of things), so I don't think we necessarily disagree. > I've never seen a bug in production that could have been prevented with static analysis. That seems unlikely to me. I do application penetration testing for a living, and I'll often use static analysis tools in my work. (Both robust, established tools and ad hoc scripts.) For example, check out Brakeman for Rails apps. These tools find actual bugs in actual production software. Do they find everything? No, you can't rely on them completely. But they're still nice to have. |
|
|