In this talk, I will explore how to leverage language rules and static analysis principles to provide safety guarantees in C++ at compile time, without compromising on its performance and memory efficiency. Modern analysis tools have come a long way since their inception and are much more powerful than traditional Lint-style checks. They use several techniques from theorem solvers to simple heuristics mimicking developer’s reasoning and can find deep semantic errors in programs. Furthermore, modern analysis tools take advantage of information available in types and type extensions in the language to bridge the gap across function boundaries, without incurring performance penalties of running global analyses. This makes them an indispensable part of the “shift left” experience to drive program safety. Throughout the talk, I will share my experience in developing and running these tools on large production codebases over the last decade and how they evolved over time. All the checks in the demo will be available for free in the community edition of Visual Studio and as security actions in GitHub.
ALL TALK SESSIONS CAN BE ACCESSED FROM THE MAIN LOBBY:
https://cppcon.digital-medium.co.uk/
