Lazaro is a founding engineer at Gitar, working on program analysis and refactoring tools. He is broadly interested in program analysis tooling, including static analysis tools and fast dynamic instrumentation frameworks. Before Gitar, he was one of the initial members of Uber’s Programming Systems Group, where he built various components of Uber’s static analysis tooling strategy, particularly around null safety. He has been a maintainer for various open source projects related to static analysis, including NullAway, NilAway, Piranha, and RxThreadEffectChecker. He is also a member of the JSpecify effort to standardize Java annotations for static analysis. He hold a Ph.D. in Computer Science from Stanford University, where he worked primarily on security analysis of Android applications.
Lazaro Clapp
How we automated code maintenance and you can too!
Let's face it: as developers, we dedicate a third of our time to code maintenance, which includes tasks such as upgrading dependencies, addressing security vulnerabilities, and removing obsolete code. This is tedious and repetitive. Neglecting regular maintenance can lead to costly outcomes, including unexpected crashes and it makes the codebase more difficult to understand and evolve.
However, automation of these tasks is not always straightforward. Existing tools such as security scanners, feature flag systems warn you about the issues or obsolete code but fall short of automatically rectifying these problems. Tools that upgrade dependencies merely increase the version number, leaving engineers to handle any API compatibility issues. Automating code changes is hard, and the polyglot nature of modern development makes it harder.
In this talk, we will delve into code rewriting techniques such as pattern matching, program analysis, and AI. We will illustrate how we leveraged the complementing power of these tools to generate over 1800 automated pull requests, eliminating or refactoring more than 500,000 lines of code. In this talk, you will also learn how to harness the power of these tools to drive down tech debt, ensuring your apps are not only functional but also future-proof.