Session
Code Analysis: Empowering developers to write performant, reliable, and safe C++
with Jim Radigan, Sunny Chatterjee
Check out free documentation and modules on Microsoft Learn
Although C++ is a high performing programming language, customers and security researchers have increasingly asked for stronger safety and correctness guarantees in their code. In this talk, we will explore how static and runtime analysis (AddressSanitizer) tooling can be used to achieve high correctness and catch memory security issues before they go into production – without compromising on the performance and memory efficiency of C++. We will demonstrate how modern analysis tools are much more powerful than tradition Lint-style checks and can be used to find deep semantic errors in code, empowering developers write performant, reliable, and safe programs. We will share our experience in developing and running some of these checks on large commercial codebases. All the checks in the demo will be available in the community edition of Visual Studio for you to try them out!
Check out free documentation and modules on Microsoft Learn
Although C++ is a high performing programming language, customers and security researchers have increasingly asked for stronger safety and correctness guarantees in their code. In this talk, we will explore how static and runtime analysis (AddressSanitizer) tooling can be used to achieve high correctness and catch memory security issues before they go into production – without compromising on the performance and memory efficiency of C++. We will demonstrate how modern analysis tools are much more powerful than tradition Lint-style checks and can be used to find deep semantic errors in code, empowering developers write performant, reliable, and safe programs. We will share our experience in developing and running some of these checks on large commercial codebases. All the checks in the demo will be available in the community edition of Visual Studio for you to try them out!
Have feedback? Submit an issue here.