-
06.01.2012
The post focuses on the false idea that static analysis tools are testing tools or can be a good substitute for them. The author explains the difference between various kinds of testing and static analysis bringing out the point of the latter and its role in development. He agrees that static analyzers are necessary tools, but they are intended for detecting a "narrow band of code-related defects".
-
06.10.2011
The author uses a sample code to show how to set compiler and linker options to build a C++ application for 64-bit Windows. Each step is commented upon.
-
11.09.2011
The article concerns the C++ code analyzer integrated into the Visual Studio 2012 development environment. The author speaks on the improvements introduced into the new version of the application and cites several code samples to show how it works and demonstrate various features of the analyzer. The text is complemented with screenshots explaining how to handle the analyzer.
-
06.09.2011
This post describes the stack frame layout of the x64 architecture focusing mainly on Linux and other operating systems that follow the official System V AMD64 ABI. The author gives diagrams and code samples to show the specifics of stack frame layout on the x64 platform.
-
20.05.2011
The article concerns the method of code review and explains the principles, types, steps and levels of this process as well as tools to be used for code review. The author also provides a list of examples demonstrating most common programming mistakes of different sorts.
-
19.04.2011
The article presents a large research on the TDSS family of malware programs and consists of three parts each of which describes certain aspects of the TDSS rootkits and bootkits, including internals of the malware, mechanisms of rootkit distribution, specifics of bootkit installation on various systems (x86 and x64) and embedding into the bootsector. The processes of infecting the system are described in detail and illustrated by plenty of tables, schemes and figures.
-
04.04.2011
Microsoft has added the new Code Analysis feature in the Visual Studio 2010 development environment. This feature performs static analysis on code and will help developers to find various potential problems at different levels. This course is intended for developers to get acquainted with Code Analysis and learn the principles of handling this feature completing some exercises.
-
27.02.2011
In his post, the author speaks on various static code analysis tools intended to perform code auditing as an alternative to formal methods. He gives tips on how to use these tools according to programmers' needs and circumstances.
-
31.01.2011
Static analysis tools being able to find security vulnerabilities in source code, many firms adopting the static analysis technology feel the urge to compare different static analyzers to each other to find the best solution. Gary McGraw explains why this task is not so easy at it may seem and why comparing any tools without bearing in mind crucial pitfalls resembles comparing fruit and aardvarks. The author also gives advice on what to choose as the best criteria for tool comparison.
-
14.01.2011
Guy Steele's presentation expresses his idea that it is not the programmer's job to think about parallelism; instead, a new approach is required to build programming languages that would provide ways to run tasks in parallel and support algorithms built on independence and build-and-conquer principles rather than on linear decomposition of problems.