CppCon 2021 has ended
Back To Schedule
Thursday, October 28 • 4:45pm - 5:45pm
Finding Bugs Using Path-Sensitive Static Analysis

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Path-sensitive static analysis simulates the runtime behavior of the program code and uses the analysis state to evaluate which branches can be taken. It is an effective tool to find non-trivial bugs in code at compile time. While checks based on such analysis can take longer time to run, they have a sophisticated understanding of the code that helps them uncover semantic issues. First, I will discuss how can you turn these checks on and how to make sense of the warning messages they produce. Furthermore, I will do a deep dive on what makes path-sensitive analysis an effective tool to reason about code and how MSVC is leveraging this power to find bugs. In particular, I will explain how modern tools like constraint solvers can help increase the precision of the analysis. Throughout the talk, I will not only feature already released checks but also give a glimpse of the upcoming ones that we are actively working on. All the checks in the demo will be available for free in the community edition of Visual Studio and as security actions in GitHub.

avatar for Gabor Horvath

Gabor Horvath

Senior Software Engineer, Microsoft
Gabor Horvath is a software engineer and a researcher in the field of static analysis. He has been contributing to various research projects on program analysis since 2012, and he obtained his Ph.D. degree on this topic from Eotvos Lorand University in 2020. He has extensive experience... Read More →

Thursday October 28, 2021 4:45pm - 5:45pm MDT
C) Summit 7