Loading…
CppCon 2025 has ended
← Back to schedule
Catching Bugs Early: Validating C++ Contracts with Static Analysis
Thursday September 18, 2025 15:15 - 16:15 MDT
Summit 6/7
The recent acceptance of contracts into the draft standard for C++ 26 promises to help create safer programs by supporting preconditions, postconditions and assertions that can be validated at runtime to ensure fast failure in case of error. However, nobody likes programs that unexpectedly terminate, and fixing faults earlier in the development lifecycle is significantly cheaper than later, so a question arises—can we check these contracts  before  the program is run?

In this talk we will show how contracts as specified in C++  can  in many cases be validated at compile-time using static analysis tools. We will talk about which contracts are amenable to such analysis, and what theoretical and practical limitations exist. To validate these ideas, we’ll demonstrate an implementation in CodeQL – GitHub’s extensible static analysis engine – combined with a constraint solver to validate certain types of contracts. Finally, we’ll present results from a case study evaluating the effectiveness of these techniques on real-world contracts and code bases.

Presenters
avatar for Peter Martin

Peter Martin

Product Security Team Leader, Bloomberg LP
Peter Martin leads the Security Automation team in the Product Security group within the CISO Office at Bloomberg. His team focuses on large-scale code analysis and automation to improve software security at scale.

Peter joined Bloomberg in 2007 and spent a decade in the company's... Read More →
avatar for Mike Fairhurst

Mike Fairhurst

Senior CodeQL Analysis Engineer, GitHub
Mike Fairhurst is an expert in static analysis and programming language tooling and a Senior CodeQL Analysis Engineer at GitHub. At GitHub he has worked on C/C++ static analysis using CodeQL including implementing MISRA C/C++ compliance analysis.

Before GitHub, Mike previously worked on the Dart analyzer + language server at Google, and in personal projects Mike has created a JIT-compiled language called Vaiven, and a statically typed Alt-JS language with type inference and testability guarantees called Wake... Read More →
Thursday September 18, 2025 15:15 - 16:15 MDT
Summit 6/7
  Tooling

Attendees (96)


Log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2025. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link