We recently wrote an article and compared Static Analysis vs Dynamic Analysis in detail where we learned more about Program Analysis concepts and their approaches. In this article, we will expand on that discussion and examine how and why static analysis can become an anti-pattern over time, as well as explore alternative approaches.
What is Static Analytics?
Static analysis is a famous approach for Program Analysis without running the program.
It helps us to find bad practices, anti-patterns, and code smells in the code before releasing the application to production.
You can read this article to learn more about program analysis approaches in general and static analysis specifically. This previous article is also valuable for learning more about Static analysis in general:
What is anti-pattern?
The best definition of anti-pattern is:
Anti-pattern is a solution for a common problem that is not efficient, or at least it was efficient in the past, but now it is inefficient and dysfunctional.
The anti-patterns term was first time used by Andrew Koenig in an article published in the Journal of Object-Oriented Programming (JOOP) in March/April 1995, and he defined it as:
“An antipattern is just like a pattern, except that instead of a solution, it gives something that looks superficially like a solution but isn’t one.”
This image from Martin Fowler‘s website can describe the anti-patterns well:
Anti Pattern from Martin Fowler’s website
When is Static Analytics an anti-pattern?
You might be confused and think about how it is possible. Static Analysis approaches and tools are a way to find anti-patterns in the code. So, how can it be an anti-pattern at the same time!?
It is the nature of anti-patterns by definition. Let’s consider some principles in object-oriented programming (OOP), which, after a while and by new advancements in programming approaches or seeing their disadvantages in some situations, became anti-pattern. For example, Inheritance is one of the core pillars of OOP, but overusing it and using it for the wrong reason for implementing a composition relationship (has a
) between two classes is an anti-pattern.
In this example in OOP, if we know where using inheritance is a good idea and where it is not, we can use it in the best way. We know that inheritance is a good idea when we have is a
relationship between two classes. So we can implement a has a
relationship using composition
way.
We can extend this example to other situations, such as “When do we use static analysis?”
If I want to summarize “Why static analysis is an anti-pattern”, and what the harm is, we can mention these items:
- It creates too much noise and extra work
- There is no way to prioritize issues based on actual effect or impact
- It misses out on anti-patterns that only come up in runtime, such as query inefficiencies or concurrency patterns
When is it appropriate to use static analysis?
The main advantage of static analysis, among other approaches in program analysis, is that it does not require the application to be run. Therefore, this approach is traditionally considered cheap and fast compared to other approaches, such as Dynamic Analysis. There is a long list of these advantages of static analysis, which these days are anti-pattern and dysfunctional. Of course, there is still a place for static analysis:
- Static issue detection in the source code(structural, coding standard, and vulnerabilities)
- Comprehensive code analysis (examine all code, including rarely executed paths)
Static Analysis is a good solution to find Static issues in source code but can not compete with the Dynamic Analysis approach in these areas:
- Accuracy (fewer false positives)
- Runtime issue detection (errors, performance, and security issues)
- Runtime context awareness
As you can see,
If we consider Static Analysis as a single tool in our development pipeline that can detect different kinds of issues in the best way, this is an anti-pattern.
Running applications is not very expensive today
These days, in the era of cloud computing, Docker, and Kubernetes, running applications to use other program analysis approaches, such as Dynamic Analysis, is much cheaper, faster, and more accessible than in the past. So,
Running applications is not very expensive today to run the application for early issue detection.
In this way, using only Static Analysis tools to find issues earlier in the development cycle is an anti-pattern. As we realized, Dynamic Analysis tools are more accurate, and also, by having context awareness and application runtime environment, they can detect more issues in this way.
What are alternatives to Static Analytics?
To leverage the strengths of each approach, we need to combine Dynamic Analysis and Static Analysis in our development pipeline and use each of them in the proper context. Besides that, as I discussed in one of my previous articles, combining performance testing with Dynamic Analysis allows us to make the most of it.
How can Digma help us identify issues?
Tools like Digma can help us get the most out of dynamic analysis by providing local infrastructure and an IDE plugin. Digma enables us to perform dynamic analysis in the early stage of the development pipeline, even inside our IDE during development!
For example, One of the common anti-patterns in web development is Session In View Query
. In this anti-pattern, developers, instead of fetching required data from the database and then closing the database connection, keep the database connection open during the rendering view! which causes lazy database queries
during the view rendering process. Digma can detect this issue inside the IDE (in the development phase) and help us avoid it.
By providing insights, metrics, and tracing information about all aspects of our application, from REST APIs to database queries, Digma helps us to find performance issues and anti-patterns quickly troubleshoot and also fix them by connecting the issue to the source code.
Final Thoughts
Relying entirely on Static Analysis to detect all kinds of issues in a program is a big anti-pattern. We need to use each tool in the right place. By combining Static Analysis, Dynamic Analysis, and performance testing, we can deliver more reliable and bug-free systems.
Download Digma: Here