Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Static Code Analysis - A Behind-the-scenes Look

GOTO Conferences via YouTube

Overview

Dive into the technical intricacies of static code analysis tools in this 38-minute conference talk from GOTO Amsterdam 2022. Explore how linters, IDE inspections, and scanners for bugs, coding style, and vulnerabilities function behind the scenes. Learn about file and text utilities, abstract syntax trees, byte code, flow tracking, and the challenges of cross-referencing and combinatorial explosion. Understand the complexities of handling conditional flows, loops, function calls, and virtual method calls. Discover the importance of flow sensitivity, aliasing, and framework knowledge in code analysis. Gain insights into the levels of sophistication in these tools and how they identify unique findings, ultimately enhancing your understanding of their strengths and limitations.

Syllabus

Intro
File & text utilities
Challenge: Cross referencing
Abstract syntax tree
Which identifier refers to what?
Explicit support for all language features
Byte code
Which is the better choice?
Tracking flows
Assignment
Propagators
Conditional flows
Combinatorial explosion
Merging
Combinatorial explosion - Revisited
Merging - Limitations
Loops
Impossible to be precise
Function calls
Recursion
Virtual method calls
Call graph
Flow sensitivity
Aliasing
Framework / Library knowledge
Identifying unique findings
Quality of results
Levels of sophistication
Summary
Outro

Taught by

GOTO Conferences

Reviews

Start your review of Static Code Analysis - A Behind-the-scenes Look

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.