All the Benefits of CI/CD but “Greener”
As climate change has become a key global issue, software developers and DevOps experts reflect on their own industries to help reduce the climate impact of the industry. And, in our specific case, what can be done within static analysis tool development.
The Benefits of CI/CD for Software Development
Within the past several years, one of the major improvements in software development has been the introduction of Continuous Integration (CI) and Continuous Deployment/Delivery (CD), and the DevOps automation movement.
By using CI/CD, developers learn about build issues that have been introduced into the codebase as soon as possible within the development cycle – this is commonly known as “shifting-left”. This practice also ensures the smallest impact on the rest of the team as offending changes can be easily reversed out, since they have not yet been committed to the Master/Main branch.
DevOps professionals, encouraged by Quality Assurance (QA) teams and Security teams or Chief Security Officers (CSOs), have often advocated the inclusion of static analysis or SAST (Static Analysis Security Testing) tools as part of CI/CD pipelines. This ensures that users benefit from not only early detection and remediation for compiler build issues, but additionally for new security vulnerabilities, reliability issues, or standards compliance violations added into the codebase.
However, there is a cost to CI/CD in terms of processor time and — therefore — energy consumption. The amount of energy CI/CD processes consume is significant — especially when you consider that these CI/CD jobs are ideally run for every single developer commit or pull request, which can mean several projects builds per day, per developer.
If you then add quality and security checking to these processes, which in the best cases involves running the sophisticated, whole-program, control, and dataflow static analysis engines, that multiply the build time in a linear fashion (typically 2x to 10x the standard compile and link time), then the amount of machine resources, and energy, consumed for each of these jobs also increases proportionally. It soon becomes apparent that there is a scalability issue, and an even more significant energy use issue here.Back to top
Greener Static Analysis
For many years now, static analysis tool developers have worked tirelessly to improve performance, often making small gains in performance to offset occasional performance reductions that are associated with scanning for a new class of defect or doing a deeper scan of some element to improve accuracy.
But fundamentally, they are dealing with an ever-greater problem space, which is often referred to as the ‘Path Explosion’ – symbolically executing all feasible program paths.
One significant efficiency improvement used by many static analysis tools is via the use of incremental analysis
Incremental analysis means analyzing only the code that has been changed or added based on dependency trees. In the best case, incremental analysis means that only a handful of files are being reanalyzed, which leads to significantly reduced time, resource, and energy requirements.
However, in the worst-case scenario, which would involve an inefficient architecture system, incremental analysis can be equivalent to a full analysis, where all files need to be reanalyzed, regardless. In addition, incremental analysis also requires that the analysis data is preserved from previous runs, which is not always possible.Back to top
How Klocwork Supports Green Software Development
Klocwork, a static analysis and SAST tool, was designed differently, in such a way that enables it to efficiently perform whole-program dataflow analysis by analyzing each node independently and then producing a “shorthand” representation of the nodes for other nodes to use that depend upon them.
This capability — known as “differential analysis” — is one step further than incremental analysis and not only allows for analysis jobs to parallelize almost infinitely but also makes it possible to analyze a single new or changed node in isolation from the rest of the system as if the whole program had been analyzed as one.
Differential analysis is an incremental analysis performed for an explicit set of changed and new files, with no prior run analysis data preserved, and with the minimum possible code being re-analyzed.
In other words, differential analysis gives us the ability to run static analysis or SAST checks on new and changed code only as part of every single developer commit, or every pull request, in the shortest possible time and using the minimum possible amount of energy. All the benefits of CI but with a much quicker result and much lower energy consumption. All the benefits of CI/CD pipelines incorporating static analysis or SAST checking but more sustainable.Back to top
Get Started Developing Green Software with Klocwork