Static audit are a great tool to help with code quality. Audits means that the code being written is reviewed by an external auditor. Human auditors are usually the best, though they are not always available. Static auditing provides an automated way to review the code, and receive feedback on it. It checks every file and line of code, systematically. It doesn’t target the same kind of violations than a human reviewer, but comes with nice advantages :
It runs fast :
it will take a few minutes for the auditing too to read a million lines of code and produce a report with file name, line number and documentation for a code smell. While any human read would be still reading the first classes, the auditor has found some results. And it is ready to do it against, in case that one-line change has a major impact on the whole application.
It is ruthless with the code :
Call a variable $constant, and every reader will get a bias : this variable should contains a constant, or act as a constant even though it is … a variable. Auditing tools are ruthless with the code : they won’t take into account how easy it is to write such dirty code, but will always zero on bad code. It means that complex-looking expressions, compact-one liners or worked and reworked code will get the same treatment for cleanness.
It helps target code smell in the code :
Problems in the code often appear in group : several violations will happen in the same area, calling for attention. Upon human review, a larger refactoring is needed. As such, auditing tool draw attention in the code to places that may have otherwise avoided the review. The whole project is cleaned, not just locally.
It never forgets :
The best moment to spot some problem is the code, is when you’re not looking for it. As such, proof-reading code gives a chance to spot other dirty spots that needs a clean. Since we’re already hunting for bugs, why not clean those too ? And, if this is a new and unusual issue, it is time to add this to the reference (such as clear PHP) so that it will be taken into account later.
It feels good afterwards :
just like endorphins and a shower provide a cozy feeling after a sport gig, running the auditing tool and cleaning some code leaves a great feeling. Sometimes, it’s as good as squashing a bug before any arm ; sometimes it just cleaning the code and keeping it flexible. In any case, the level of trust in the code is higher and it shows.
Try a list an auditing tool today.