Static analysis tools have the potential to significantly improve programmer productivity as well as the safety, reliability and efficiency of the code they write. Modern static analysis has moved well beyond the mental model people often have based on “lint”: just finding simple typos. Static analysis can find subtle, complex bugs early, identify opportunities to improve performance, encourage consistent style and appropriate usage of libraries and APIs.
This talk looks at the different purposes static analysis tools can be used to meet all these different goals. It will present specific examples from our experience working with sophisticated analysis tools on large, commercial codebases. The talk will also present a specific implementation of a modern static analysis toolkit for C++. This toolkit is being used in a number of different contexts: to provide tool-based enforcement of new coding guidelines and rules, to migrate people to modern C++ coding idioms and to find important security and reliability defects.
Video producer: http://cppcon.org/