Static Analysis and C++: More Than Lint

Play Static Analysis and C++: More Than Lint
Sign in to queue


Presentation Slides, PDFs, Source Code and other presenter materials are available at: — Static analysis tools have the potential to significantly improve programmer productivity as well as the safety, reliability and efficiency of the code they write. Modern static analysis has moved well beyond the mental model people often have based on “lint”: just finding simple “typos” or “thinkos”. Static analysis can find subtle, complex bugs early, identify opportunities to improve performance, encourage consistent style and appropriate usage of libraries and APIs. This talk will look at the different purposes static analysis tools can be used to meet all these different goals. It will present specific examples from our experience working with sophisticated analysis tools on large, commercial codebases. The talk will also present a specific implementation of a modern static analysis toolkit for C++. This toolkit is being used in a number of different contexts: to provide tool-based enforcement of new coding guidelines and rules, to migrate people to modern C++ coding idioms and to find important security and reliability defects. One notable example of its use is to implement the checker for enforcement of a core set of coding guidelines that are presented in Bjarne Stroustrup’s keynote address. Some of the tools described in the talk will be available for download in a future Community Technology Preview . — Neil is the lead for the C++ static analysis frameworks used widely within Microsoft, including PREfix, PREfast, and ESPx, as well as the /analyze feature of the Microsoft C++ compiler. He is currently focused on making all these tools work better with portable C++14 code rather than nonstandard annotations. — Videos Filmed & Edited by Bash Films:









Download this episode

The Discussion

Add Your 2 Cents