filmov
tv
Finding the Serious Bugs that Matter with Advanced Static Analysis (170)
Показать описание
Many teams use static analysis tools primarily to enforce coding standards like MISRA that are designed to make programming in highly risky languages such as C and C++ much less hazardous. However, because C and C++ are such dangerous languages, programs that seem perfectly compliant with these standards may still contain serious defects and security vulnerabilities due to the inadvertent introduction of undefined behavior.
The primary purpose of advanced static analysis tools is to see past the superficial syntactic properties of programs and into their deep semantic meaning, and by doing so, find those bugs.
This talk will describe how these tools work, and will show some concrete examples of real bugs that they found in production code, despite the code having gone through style checking, manual review, and testing.
Finally, you will get a taste of how users can customize the tools to their own domain, thereby allowing users to greatly increase the value they receive from using them.
by Paul Anderson, VP of Engineering, GrammaTech
The primary purpose of advanced static analysis tools is to see past the superficial syntactic properties of programs and into their deep semantic meaning, and by doing so, find those bugs.
This talk will describe how these tools work, and will show some concrete examples of real bugs that they found in production code, despite the code having gone through style checking, manual review, and testing.
Finally, you will get a taste of how users can customize the tools to their own domain, thereby allowing users to greatly increase the value they receive from using them.
by Paul Anderson, VP of Engineering, GrammaTech
0:44:35
0:00:56
0:00:22
0:00:21
0:00:51
0:00:52
0:00:11
0:00:15
0:00:21
0:01:01
0:00:14
0:11:55
0:00:10
0:00:58
0:00:08
0:00:07
0:10:15
0:00:35
0:00:49
0:09:43
0:00:16
0:00:06
0:00:41
0:00:16