Video details

Static Analysis and Program Safety in C++: Making it Real - Sunny Chatterjee - CppCon 2021

English --- In this talk, I will explore how to leverage language rules and static analysis principles to provide safety guarantees in C++ at compile time, without compromising on its performance and memory efficiency. Modern analysis tools have come a long way since their inception and are much more powerful than traditional Lint-style checks. They use several techniques from theorem solvers to simple heuristics mimicking developer’s reasoning and can find deep semantic errors in programs. Furthermore, modern analysis tools take advantage of information available in types and type extensions in the language to bridge the gap across function boundaries, without incurring performance penalties of running global analyses. This makes them an indispensable part of the “shift left” experience to drive program safety. Throughout the talk, I will share my experience in developing and running these tools on large production codebases over the last decade and how they evolved over time. All the checks in the demo will be available for free in the community edition of Visual Studio and as security actions in GitHub.
--- Sunny Chatterjee
Sunny leads a team responsible for developing the core C++ static analysis engines in Visual Studio productivity experience as well as the traditional security tooling scenarios used widely within Microsoft. He has many years of experience in static analysis and enjoys delivering new productivity benefits to customers. His current focus is to lead efforts towards making C++ a safer systems programming language.
--- Videos Filmed & Edited by Bash Films:
YouTube Channel Managed by Digital Medium Ltd
The CppCon YouTube Channel Is Sponsored By: JetBrains :