To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
Videos about static code analysis

Videos about static code analysis

Apr 26 2017

IT conferences and meetings on programming languages see a growing number of speakers talking about static code analysis. Although this field is quite specific, there is still a number of interesting discussions to be found here to help programmers understand the methods, ways of use, and specifics of static code analysis. In this article, we have collected a number of videos on static analysis whose easy style of presentation makes them useful and interesting to a wide audience of both skilled and novice programmers.

0501_Videos_about_static_code_analysis/image1.png

What is Static Analysis?

Author: Matt Might

Static analyzers allow programmers to bound and predict the behavior of software without running it. Once used exclusively for program optimization, they have rapidly risen in prominence for areas like software security and automatic parallelization. The author takes you on a tour of the landscape of static analysis through the lens of abstract interpretation.

Static code analysis used for code clean up

Author: PVS-Studio team

The report gives information about ways to detect bugs, methodology of static analysis, correct and incorrect use of analysis tools. The author also provides myths about static analysis that may lead to erroneous understanding among the developers. The presentation shows errors in Open Source projects, detected by such tools as ReSharper, PVS-Studio, Visual Studio SCA.

Static Code Analysis: Scan All Your Code For Bugs

Author: Jared DeMott

The author discusses static code analysis and how it is used in bug elimination. The talk covers a discussion of pattern matching, procedural, data flow, and statistical analysis, and also includes examples of common software vulnerabilities such as memory corruption, buffer overflow and over reads, script injection, XSS and CSRF, command injection, and misconfigurations.

Static Code Analysis: Preventing Bugs and Lag Before They Happen

Author: Vinny DaSilva

A Unit 16 Los Angeles forum session. The author discusses how to use static code analysis tools to improve code quality throughout the development process, how to customize static code analysis to fit teams' specific needs and workflows, and how to integrate with continuous integration systems to give developers continuous feedback.

Make more Secure Code! - Overview of Security Development Lifecycle and Static Code Analysis

Author: Jason Cohen

Despite the exponential growth in security products, security services, security companies, security certifications, and general interest in the security topic, we still see security vulnerability disclosures happening on a regular basis. Implementing Security Development Lifecycle best practices and principles can go a long way to reducing the potential for common security flaws. Input sanitization issues, Cross-Site-Scripting, buffer overflows, and many other known issues still represent the bulk of security issues present. Static Code Analysis can help catch many of these unnoticed issues before code makes it out of the developer's hands. In this video, the author discusses some common best practices of the Security Development Lifecycle theory and how this can be integrated into modern code.

Bug Hunting with Static Code Analysis

Author: Nick Jones

A BSlidesLondon 2016 conference video. This talk covers a number of automated analysis techniques for spotting bugs and security flaws in applications at the source code level, ranging from quick and dirty bash scripts through open source and commercial analyzers to custom implementations. The video also discusses how these techniques can be used in continuous integration systems to catch bugs as early in the development cycle as possible.

The Current State of (free) Static Analysis

Author: Jason Turner

A CPPCON2015 conference video. The author discusses the currently available free static analysis software available for C++ and explains what kinds of errors these tools can catch, what kinds they miss, and why static analysis should be a part of a normal build process.

Static Analysis and C++: More Than Lint

Author: Neil MacIntosh

A CPPCON2015 conference video. Static analysis can find not only trivial bugs but also subtle, complex bugs early, identify opportunities to improve performance, encourage consistent style and appropriate usage of libraries and APIs. This talk looks at the different purposes static analysis tools can be used to meet all these different goals. Specific examples are presented from the author's experience working with sophisticated analysis tools on large, commercial codebases.

Make Friends with the Clang Static Analysis Tools

Author: Gabor Horvath

A CPPCON2016 conference video. This talk is an overview of the open source static analysis tools for C++ with the emphasis on Clang based tools. Understanding these methods can be really useful as it helps write more static analysis friendly code and understand the cause of false positive results. It also helps to understand limitations of the currently available tools. The author gives a short tutorial on how to use these tools and how to integrate them into the workflow.

Finding Bugs with Clang at Compile and Run Time

Author: Bernhard Merkle

An ACCU 2016 conference video. Code analysis and verification gain more and more importance within programming and quality assurance of software projects. Especially in languages like C/C++, undefined behavior and memory leaks can cause great problems. Static analysis tools help a lot but often hard to detect problems happen at runtime. This session shows how to use clang's features to find bugs at both compile time (via static analysis) and runtime (via sanitizers). The combination of both approaches can improve software quality a lot.

Static Source Code Analysis, The Next Generation

Author: James Croall

A Devoxx 2016 conference video. Gone are the days of "linters" and glorified spell checkers. Today's static source code analysis is accurate and trustworthy, and can find complex inter-procedural coding defects that our human eyes would never see. The video discusses how open-source developers have used Coverity's Software Testing Platform to find and fix critical, crash causing bugs and security defects in the Java language.

Static Analysis Saved My Code Tonight

Author: Damien Seguy

A PHP UK Conference 2017 video. Static analysis tools check PHP code without running it. Fully automated, they bring expertise to review the code, enforce good practices when programming, keep code ready for the next PHP version. PHP 7 has developed tremendously our capacity to audit code -thanks to AST and return types, it is possible to go deeper and prevent more bugs. In this video, the author reviews the current state of static analysis tools and shows what they can find and how to integrate them in the development cycle.

Static Code Analysis with Python

Author: Andrew Wolfe

Auditing a code base for code formatting mistakes, potential security vulnerabilities or defects can be time consuming. Static code analysis will let the computer do that for you. The video discusses how to use code static analysis to catch errors early and improve code quality in Python codebases.

Augmenting Static Analysis Using Pintool: Ablation

Author: Paul Mehta

A BH USA 2016 conference video. Ablation is a tool supplementing static analysis built to extract information from a process as it executes. This information is then imported into the disassembly environment where it used to resolve virtual calls, highlight regions of code executed, or visually diff samples. The goal of Ablation is to augment static analysis with minimal overhead or user interaction. Ablation makes it simple to diff samples by and highlight where the samples diverge. This is achieved by comparing the code executed rather than just comparing data. The video also compares a heavily mutated crash sample and the source sample.

Conclusion

You may find that some of the videos cover the same aspects, but each codebase is unique and one developer's experience may be different from that of another. The authors share their knowledge of the static analysis methodology and experience of using static analysis tools with the audience to prevent them from making the same mistakes, straining their nerves and wasting their time on finding and fixing these mistakes. The static analysis field is intensively developing; some diagnostic rules inevitably become obsolete, whereas new diagnostics and standards appear. That's why attempts to compare analyzers based on what defects they can detect or running them on synthetic tests make no sense. The only way to compare tools is to run them on your code and see which of them meets your needs and expectations the most.

Other materials

You are welcome to send us the links to videos on static code analysis that you find interesting, and we will add them to the article.

Popular related articles
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept