https://www.meetup.com/St-Petersburg-CPP-User- Group/ ● C++ Russia: https://cppconf.ru/en/Why Code Analysis?Software QualityReadability Maintainability tools fuzzer battery life Repeatable tests Undefined Behavior – Fun with NULL pointers, part 1: https://lwn.net/Articles/342330/Why code analysis – ● Improve software quality ● Lower developer frustration ● Avoid UBLanguageLanguage helps Built-in compiler check ○ Current LLVM implementation gives 5% overhead ○ Annotations to help analysis: gsl::SharedOwner, gsl::Owner, gsl::Pointer void sample1() { int* p = nullptr; {

Finding Bugs using Path-Sensitive Static Analysis Gábor Horváth Gabor.Horvath@microsoft.com @XazaxHunWelcome to CppCon 2021! Join #visual_studio channel on CppCon Discord https://aka.ms/cppcon/discord latest announcements Take our survey https://aka.ms/cppconAgenda • Intro to path-sensitive static analysis • Path-sensitive checks in MSVC • A look under the hood • Upcoming features • Lessons learned2012 -> Unknown p -> Null p -> MaybeNull p -> MaybeNull Warning Unknown Null NotNull MaybeNull Analysis state Transition semi-lattice• Some paths are infeasible: • Not taking branch 1, but taking branch

its built-in checks. Static analysis is great, but you also get tons of false positives. Now that you’re hooked on smart tools, you have to try dynamic/runtime analysis. After years of improvements Ciura | @ciura_victor - 2020: The Year of Sanitizers? Vignette in 3 parts Static Analysis Dynamic Analysis Warm Fuzzy Feelings10 2020 Victor Ciura | @ciura_victor - 2020: The Year of Sanitizers I Static Analysis15 2020 Victor Ciura | @ciura_victor - 2020: The Year of Sanitizers? C++ Core Guidelines Checker docs.microsoft.com/en-us/cpp/code-quality/quick-start-code-analysis-for-c-cpp

= __range.end(); for(; __begin != __end; __begin++) { char c = *__begin; [...] } Lifetime analysis for everyone - Gábor Horváth & Matthias Gehre - CppCon 2019C++ is getting safer: P2718! string = __range.end(); for(; __begin != __end; __begin++) { char c = *__begin; [...] } Lifetime analysis for everyone - Gábor Horváth & Matthias Gehre - CppCon 2019 optional mayReadInput(); for(char = __range.end(); for(; __begin != __end; __begin++) { char c = *__begin; [...] } Lifetime analysis for everyone - Gábor Horváth & Matthias Gehre - CppCon 2019 optional mayReadInput(); for(char

overload, which goroutine should be given priority? Analysis ● The goroutine is special, it block all the callers ● The scheduler treat them equally Analysis ● Under heavy workload, goroutines get longer Investigate ● So, the root cause must be related to THP (transparent huge pages) ● But … why? Analysis ● Go Runtime manage memory at 8K size granularity ● Go Runtime give hint to OS about the use of page boundary ● Fragmention!!! ● Fragmention make the memory difficult to be reclamed by the OS Analysis ● And more confusing behavior by the OS, merge pages into huge pages ○ The user program return

judicious programming techniques • Supported by libraries • Enforced by language rules and static analysis • The basic model for achieving that can be found in A brief introduction to C++'s model for type- 2023 31General strategy • Rely on static analysis to eliminate potential errors • Static analysis is impossible for arbitrary code • Global static analysis is very expensive • Rely on rules to simplify simplify the language used • to the point where local static analysis is possible • Provide libraries to make relying on the rules practical • Pleasant to use • Efficient to run Stroustrup - C++ safety

-pedanticStatic Analysis Compiler Linker Primary Source File Object File Application Static Analysis ToolStatic Analysis Primary Source File Static Analysis Tool Microsoft C/C++ Code Analysis https://learn com/en-us/cpp/code-quality Synopsys Coverity https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html SonarSource https://www.sonarsource.com Clang Static Analyzer https://clang-analyzer comDynamic analysis Compiler Linker Primary Source File Object File “Special” Application Compiler and Linker Switches You run this “special” version of your application and the dynamic analysis tools

Navigation ☑️� Linters ☑️� Colorization & Formatting ☑️� IntelliSense ⌛; ☑️�MSVC ☑️�MSVC Code Analysis ☑️�MSBuild ; CMake ⌛ ; GCC ⌛ ; Clang/LLVM ⌛ ☑️�Stepping ☑️�Parallel Stacks ☑️�Debugger Cross-platform development 4. Developer and Team Productivity Static Analysis ✴ New and improved checkers in MSVC Code Analysis • Returning a local variable with std::move • Path-sensitive bounds checking 4:45pm / Fri, Oct 29 – 12:00pm Finding bugs using path-sensitive static analysis Gabor Horvath – _3 Tue, Oct 26 – 3:15pm Static Analysis and Program Safety in C++: Making it Real Sunny Chatterjee – _2

underlying hardware. Static compilation can also devote an arbitrary amount of time to program analysis and optimization. This brings us to the primary constraint on JiT systems: speed A JiT system underlying hardware. Static compilation can also devote an arbitrary amount of time to program analysis and optimization. This brings us to the primary constraint on JiT systems: speed A JiT system underlying hardware. Static compilation can also devote an arbitrary amount of time to program analysis and optimization. This brings us to the primary constraint on JiT systems: speed A JiT system