CERN Computing Seminar

Sonar: Exploring static analysis with Open Source solutions

by Michael Gumowski, Arseniy Zaostrovnykh (Sonar)

Europe/Zurich
Zoom (CERN)

Zoom

CERN

Description

From developers to developers, let's explore together how do we find issues (code smells, bugs, vulnerabilities) in code using static analysis. In this presentation we will discuss the various techniques behind the many free and open-source Sonar language analyzers and products, from a purely technical angle, and answer the following questions:

  • What are the difficulties to understand a programming language?
  • What can we find with static analysis, and how?
  • What other techniques can we leverage on top of it to improve performance and/or precision? (for instance: “Context-Sensitive Path-Sensitive Dataflow Analysis”, “REGEX Automata Generation”, “Cross-Language Analysis”)
  • And ultimately, once we found some (or tons of) issues, what should be the proper approach to fix them?
Videoconference
Computing Seminars
Zoom Meeting ID
63932044570
Host
Miguel Marquina
Useful links
Join via phone
Zoom URL