CodeChecker is a static analysis tool that finds bugs in code by performing interprocedural analysis across files and functions. It uses the Clang compiler infrastructure to run checks from tools like the Clang Static Analyzer and Clang Tidy. CodeChecker provides features like cross-translation unit analysis, suppressing and tagging issues, and integration with version control systems. It outputs analysis results that are easy for developers to understand and fix issues.
Using static code analysis tools and detecting and fixing identified issues is very important in order to improve the quality and security of the code baseline.
CodeChecker (https://github.com/Ericsson/codechecker ) is an open source analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
It provides a number of additional features:
- Good visualization of problems in the code
- Overview of results for the whole product
- Filtering
- Cross translational unit analysis and statistical checkers support
- Suppression handling
- And many others...
These features simplify the follow up of results and make it more efficient.
In the video, an overview of features and capabilities of CodeChecker is demonstrated as well as a description and recommendation of how to introduce new tools.
Recording of the demo: https://youtu.be/sQ2Qj0kHoRY published in C++ Dublin User group https://www.youtube.com/channel/UCZ4UNE_1IMUFfAhcdq7CMOg/
Useful links:
open source project: https://github.com/Ericsson/codechecker
http://codechecker-demo.eastus.cloudapp.azure.com/login.html#
demo/demo
https://codechecker.readthedocs.io/en/latest/
http://clang-analyzer.llvm.org/available_checks.html
http://clang.llvm.org/extra/clang-tidy/checks/list.html
Other related videos about Clang Static Analyzer and CodeChecker that goes a bit more deeply into how Clang Static Analyzer works:
Clang Static Analysis - Meeting C++ 2016 Gabor Horvath
https://www.youtube.com/watch?v=UcxF6CVueDM
CppCon 2016: Gabor Horvath “Make Friends with the Clang Static Analysis Tools"
https://www.youtube.com/watch?v=AQF6hjLKsnM
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
Microservices, DevOps, and Continuous DeliveryKhalid Salama
Continuous Delivery is the ability to get software changes - including new features, enhancements, configuration changes, and bug fixes - into production safely and quickly, in a sustainable way. In these slides, I am giving a very high-level introduction to microservices architecture, and why it is considered as enabler to continuous delivery. We cover the key characteristics of a microservice, some common concepts, architectural patterns, and implementation guidelines. In addition, we quickly cover the main concepts and activities in DevOps, which the Application Lifecycle Management process to support continuous delivery.
By Kostiantyn Severenchuk at Automation in Action: summer conference.
Video: https://youtu.be/mvbElkLtY0Y
TOPIC DESCRIPTION
The DevTestSecOps approach and its implementation on real projects. How to cook it, how to eat it, and its value. Let’s dive deep into the world of automation and its coverage with real examples. Why it is so important? Bonus funny stories as well.
Hyperledger Fabric is a blockchain framework implementation initially developed by Digital Asset and IBM and now hosted by Linux Foundation under the hyperledger project. Fabric joined the hyperledger project for incubation in the early 2016 and after 1 year of incubation, it became the first project get into the ‘active’ state. On July 11, 2017, the hyperledger Technical Steering Committee announced their first production-ready distributed ledger codebase, Hyperledger Fabric V1.0
Using static code analysis tools and detecting and fixing identified issues is very important in order to improve the quality and security of the code baseline.
CodeChecker (https://github.com/Ericsson/codechecker ) is an open source analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
It provides a number of additional features:
- Good visualization of problems in the code
- Overview of results for the whole product
- Filtering
- Cross translational unit analysis and statistical checkers support
- Suppression handling
- And many others...
These features simplify the follow up of results and make it more efficient.
In the video, an overview of features and capabilities of CodeChecker is demonstrated as well as a description and recommendation of how to introduce new tools.
Recording of the demo: https://youtu.be/sQ2Qj0kHoRY published in C++ Dublin User group https://www.youtube.com/channel/UCZ4UNE_1IMUFfAhcdq7CMOg/
Useful links:
open source project: https://github.com/Ericsson/codechecker
http://codechecker-demo.eastus.cloudapp.azure.com/login.html#
demo/demo
https://codechecker.readthedocs.io/en/latest/
http://clang-analyzer.llvm.org/available_checks.html
http://clang.llvm.org/extra/clang-tidy/checks/list.html
Other related videos about Clang Static Analyzer and CodeChecker that goes a bit more deeply into how Clang Static Analyzer works:
Clang Static Analysis - Meeting C++ 2016 Gabor Horvath
https://www.youtube.com/watch?v=UcxF6CVueDM
CppCon 2016: Gabor Horvath “Make Friends with the Clang Static Analysis Tools"
https://www.youtube.com/watch?v=AQF6hjLKsnM
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
Microservices, DevOps, and Continuous DeliveryKhalid Salama
Continuous Delivery is the ability to get software changes - including new features, enhancements, configuration changes, and bug fixes - into production safely and quickly, in a sustainable way. In these slides, I am giving a very high-level introduction to microservices architecture, and why it is considered as enabler to continuous delivery. We cover the key characteristics of a microservice, some common concepts, architectural patterns, and implementation guidelines. In addition, we quickly cover the main concepts and activities in DevOps, which the Application Lifecycle Management process to support continuous delivery.
By Kostiantyn Severenchuk at Automation in Action: summer conference.
Video: https://youtu.be/mvbElkLtY0Y
TOPIC DESCRIPTION
The DevTestSecOps approach and its implementation on real projects. How to cook it, how to eat it, and its value. Let’s dive deep into the world of automation and its coverage with real examples. Why it is so important? Bonus funny stories as well.
Hyperledger Fabric is a blockchain framework implementation initially developed by Digital Asset and IBM and now hosted by Linux Foundation under the hyperledger project. Fabric joined the hyperledger project for incubation in the early 2016 and after 1 year of incubation, it became the first project get into the ‘active’ state. On July 11, 2017, the hyperledger Technical Steering Committee announced their first production-ready distributed ledger codebase, Hyperledger Fabric V1.0
2021. Chương 2 3. Cơ sở toán học của blockchainNhường Lê Đắc
Chương 2 3. Cơ sở toán học của blockchain; Chương 2
Cơ chế hoạt động và tính bảo mật của Blockchain
Blockchain Security; Công nghệ Blockchain. PGS.TS. Lê Đắc Nhường
Khoa Công nghệ thông tin – Đại học Hải Phòng
Nhuongld@dhhp.edu.vn
0987.394.900.
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence.
Fully automate secure app delivery and deployment, without the need for extra security scans or processes.
Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
These are the slides (in english) of my talk I gave (in french) at University Paris VII on january 12th 2017.
Videos in two parts are available here : https://bitcoin.fr/video-paiements-securises-et-non-securises-sur-une-blockchain-1ere-partie/
and there :
https://bitcoin.fr/video-paiements-securises-et-non-securises-sur-une-blockchain-2eme-partie/
In the second part, I presented my article I've recently written with Ricardo Perez-Marco. It should be available soon on arxiv.
For more informations see :
https://webusers.imj-prg.fr/~ricardo.perez-marco/blockchain/blockchain.html
How to do Cryptography right in Android Part TwoArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
see videos :
https://www.youtube.com/playlist?list=PLT2xIm2X7W7j-arpnN90cuwBcNN_5L3AU
https://www.aparat.com/v/gtlHP
Security as Code: A DevSecOps ApproachVMware Tanzu
SpringOne 2021
Session Title: Security as Code: A DevSecOps Approach
Speakers: Alvaro Muñoz, Staff Security Researcher at GitHub; Tony Torralba, Software Engineer at GitHub
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_F19.shtml
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Simplilearn
This presentation on Ethereum will help you understand what is Ethereum, Ethereum features which includes cryptocurrency, smart contracts, Ethereum virtual machine, decentralized application, decentralized autonomous organization, applications of Ethereum and at the end you will see a demo on smart contract. Ethereum is a blockchain based distributed computing platform that enables developers to build and deploy their decentralized applications. Ether(ETH) is a cryptocurrency that runs on Ethereum network. It is used to pay for the computational resources and transaction fees on the Ethereum network. Ether can be utilized for building decentralized applications, smart contracts and making standard peer to peer payments. Now, lets deep dive into these slides and understand what is Ethereum and how does it work.
Below topics are explained in this Ethereum presentation:
1. What is Ethereum?
2. Ethereum features
- Cryptocurrency
- Smart contract
- Ethereum virtual machine
- Decentralized application
- Decentralized autonomous organization
3. Applications of Ethereum
4. Demo - Smart contract
Simplilearn’s Blockchain Certification Training has been designed for developers who want to decipher the global craze surrounding Blockchain, Bitcoin and cryptocurrencies. You’ll learn the core structure and technical mechanisms of Bitcoin, Ethereum, Hyperledger and Multichain Blockchain platforms, use the latest tools to build Blockchain applications, set up your own private Blockchain, deploy smart contracts on Ethereum and gain practical experience with real-world projects.
Why learn Blockchain?
Blockchain technology is the brainchild of Satoshi Nakamoto, which enables digital information to be distributed. A network of computing nodes makes up the Blockchain. Durability, robustness, success rate, transparency, incorruptibility are some of the enticing characteristics of Blockchain. By design, Blockchain is a decentralized technology which is used by a global network of the computer to manage Bitcoin transactions easily. Many new business applications will result in the usage of Blockchain such as Crowdfunding, smart contracts, supply chain auditing, Internet of Things(IoT), etc.
The Blockchain Certification Training Course is recommended for:
1. Developers
2. Technologists interested in learning Ethereum, Hyperledger and Blockchain
3. Technology architects wanting to expand their skills to Blockchain technology
4. Professionals curious to learn how Blockchain technology can change the way we do business
5. Entrepreneurs with technology background interested in realizing their business ideas on the Blockchain
Learn more at: https://www.simplilearn.com/
2021. Chương 2 3. Cơ sở toán học của blockchainNhường Lê Đắc
Chương 2 3. Cơ sở toán học của blockchain; Chương 2
Cơ chế hoạt động và tính bảo mật của Blockchain
Blockchain Security; Công nghệ Blockchain. PGS.TS. Lê Đắc Nhường
Khoa Công nghệ thông tin – Đại học Hải Phòng
Nhuongld@dhhp.edu.vn
0987.394.900.
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
Are you struggling with application security testing? Do you wish it was easier, faster, and better? Join us to learn more about IAST, a next-generation application security tool that provides highly accurate, real-time vulnerability results without the need for application or source code scans. Learn how this nondisruptive tool can:
Run in the background and report vulnerabilities during functional testing, CI/CD, and QA activities.
Auto verify, prioritize and triage vulnerability findings in real time with 100% confidence.
Fully automate secure app delivery and deployment, without the need for extra security scans or processes.
Free up DevOps resources to focus on strategic or mission-critical tasks and contributions.
Slides for a college course at City College San Francisco. Based on "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q.
Instructor: Sam Bowne
Class website: https://samsclass.info/127/127_S17.shtml
These are the slides (in english) of my talk I gave (in french) at University Paris VII on january 12th 2017.
Videos in two parts are available here : https://bitcoin.fr/video-paiements-securises-et-non-securises-sur-une-blockchain-1ere-partie/
and there :
https://bitcoin.fr/video-paiements-securises-et-non-securises-sur-une-blockchain-2eme-partie/
In the second part, I presented my article I've recently written with Ricardo Perez-Marco. It should be available soon on arxiv.
For more informations see :
https://webusers.imj-prg.fr/~ricardo.perez-marco/blockchain/blockchain.html
How to do Cryptography right in Android Part TwoArash Ramez
Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people worldwide on a daily basis. It is used to protect data at rest and data in motion. While extremely useful, cryptography is also highly brittle. The most secure cryptographic system can be rendered completely insecure by a single specification or programming error.to argue that a cryptosystem is secure, we rely on mathematical modeling and proofs to show that a particular system satisfies the security properties attributed to it.
We often need to introduce certain plausible assumptions to push our security arguments through.
This presentation is about exactly that: constructing practical cryptosystems in android platform for which we can argue security under plausible assumptions.part one just covers fundamentals topics in cryptography world.
see videos :
https://www.youtube.com/playlist?list=PLT2xIm2X7W7j-arpnN90cuwBcNN_5L3AU
https://www.aparat.com/v/gtlHP
Security as Code: A DevSecOps ApproachVMware Tanzu
SpringOne 2021
Session Title: Security as Code: A DevSecOps Approach
Speakers: Alvaro Muñoz, Staff Security Researcher at GitHub; Tony Torralba, Software Engineer at GitHub
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare NelsonSSIMeetup
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
CNIT 126: 10: Kernel Debugging with WinDbgSam Bowne
Slides for a college course at City College San Francisco. Based on "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901.
Instructor: Sam Bowne
Class website: https://samsclass.info/126/126_F19.shtml
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Simplilearn
This presentation on Ethereum will help you understand what is Ethereum, Ethereum features which includes cryptocurrency, smart contracts, Ethereum virtual machine, decentralized application, decentralized autonomous organization, applications of Ethereum and at the end you will see a demo on smart contract. Ethereum is a blockchain based distributed computing platform that enables developers to build and deploy their decentralized applications. Ether(ETH) is a cryptocurrency that runs on Ethereum network. It is used to pay for the computational resources and transaction fees on the Ethereum network. Ether can be utilized for building decentralized applications, smart contracts and making standard peer to peer payments. Now, lets deep dive into these slides and understand what is Ethereum and how does it work.
Below topics are explained in this Ethereum presentation:
1. What is Ethereum?
2. Ethereum features
- Cryptocurrency
- Smart contract
- Ethereum virtual machine
- Decentralized application
- Decentralized autonomous organization
3. Applications of Ethereum
4. Demo - Smart contract
Simplilearn’s Blockchain Certification Training has been designed for developers who want to decipher the global craze surrounding Blockchain, Bitcoin and cryptocurrencies. You’ll learn the core structure and technical mechanisms of Bitcoin, Ethereum, Hyperledger and Multichain Blockchain platforms, use the latest tools to build Blockchain applications, set up your own private Blockchain, deploy smart contracts on Ethereum and gain practical experience with real-world projects.
Why learn Blockchain?
Blockchain technology is the brainchild of Satoshi Nakamoto, which enables digital information to be distributed. A network of computing nodes makes up the Blockchain. Durability, robustness, success rate, transparency, incorruptibility are some of the enticing characteristics of Blockchain. By design, Blockchain is a decentralized technology which is used by a global network of the computer to manage Bitcoin transactions easily. Many new business applications will result in the usage of Blockchain such as Crowdfunding, smart contracts, supply chain auditing, Internet of Things(IoT), etc.
The Blockchain Certification Training Course is recommended for:
1. Developers
2. Technologists interested in learning Ethereum, Hyperledger and Blockchain
3. Technology architects wanting to expand their skills to Blockchain technology
4. Professionals curious to learn how Blockchain technology can change the way we do business
5. Entrepreneurs with technology background interested in realizing their business ideas on the Blockchain
Learn more at: https://www.simplilearn.com/
Performs code analysis in C, C++, C++/CLI, C++/CX, C#. Plugin for Visual Studio 2010-2015. Integration with SonarQube, QtCreator, CLion, Eclipse CDT, Anjuta DevStudio and so on. Standalone utility. Direct integration of the analyzer into the systems of build automation and the BlameNotifier utility (e-mail notification). Automatic analysis of modified files. Great scalability. Why do people need code analyzers?
How to write clean & testable code without losing your mindAndreas Czakaj
If you create software that is to be developed continuously over several years you'll need a sustainable approach to code quality.
In our early days of AEM development, however, we used to struggle with code that is rigid, hard to test and full of LOG.debug calls.
In this talk I will share some development best practices we have found that really work in actual AEM based software, e.g. to achieve 100% code coverage and provide high confidence in the code base.
Spoiler alert: no new libraries, frameworks or tools are required - once you know the ideas, plain old TDD and the S.O.L.I.D. principles of Clean Code will do the trick.
by Andreas Czakaj, mensemedia Gesellschaft für Neue Medien mbH
Presented at the adaptTo() 2017 conference in Berlin (https://adapt.to/2017/en/schedule/how-to-write-clean---testable-code-without-losing-your-mind.html).
Presentation video can be found on YouTube (https://www.youtube.com/watch?v=JbJw5oN_zL4)
Eclipse Con 2015: Codan - a C/C++ Code Analysis Framework for CDTElena Laskavaia
Presentation about code analysis framework for CDT which is C/C++ IDE based on Eclipse. How to write a good static analysis tool? How to integrate right where develop introduces bugs? Catch bugs as you type!
This tutorial is intended for verification engineers that must validate algorithmic designs. It presents the detailed steps for implementing a SystemVerilog verification environment that interfaces with a GNU Octave mathematical model. It describes the SystemVerilog – C++ communication layer with its challenges, like proper creation and activation or piped algorithm synchronization handling. The implementation is illustrated for Ncsim, VCS and Questa.
PVS-Studio delved into the FreeBSD kernelPVS-Studio
About a year ago we checked the Linux core. It was one of the most discussed articles at that time. We also got quite a number of requests to check FreeBSD, so finally we decided to take the time to do it.
In most of our articles about project checks, we mention that bugs are found by the PVS-Studio static code analyzer. In certain cases – when dealing with projects of a complex structure – it is this particular analyzer that is needed. However, many developers will also appreciate its lightweight version, the CppCat analyzer. In this connection, we decided to use CppCat this time, when checking the TortoiseGit project.
PVS-Studio and static code analysis techniqueAndrey Karpov
What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
Do it right from the start (doesn’t work)
Follow company rules
Use “best practices”
Code Review
Couple development
Test-driven development (TDD)
Agile development
Tools
100 bugs in Open Source C/C++ projects Andrey Karpov
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++.
It is quite often that software developers have absolutely no clue about the cost of an error. It is very important that the error be found at the earliest possible stage.
IMAGE CAPTURE, PROCESSING AND TRANSFER VIA ETHERNET UNDER CONTROL OF MATLAB G...Christopher Diamantopoulos
This implemented DSP system utilizes TCP socket communication. Upon message reception, it decides the appropriate process to be executed based on cases which can be categorized as follows:
1) image capture
2) image transfer
3) image processing
4) sensor calibration
A user-friendly MATLAB GUI, named DIPeth, facilitates the system's control.
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Windows Developer
Visual Studio 2015 provides the best in class C++ development experience whether you are targeting Android, iOS, Linux, Windows, or IoT. With a good mix of demos and showcase for new C++ experiences, this talk goes over six great reasons why you should migrate to Visual Studio 2015 today.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
3. • No additional test code needed
• It saves time and money
• find software bugs before they find your customers
• Can identify potential security vulnerabilities
• Increase developer productivity
• Features
• Full path coverage
• False path pruning
• Inline explanations of defects
• Customer trust and satisfaction
• Enforce safe coding standards: MISRA, CWE, SEI cert
STATIC CODE ANALYSES
CodeChecker
Cppcheck
Flexlint
Speed Depth Accuracy Usability Supported versions of OS and language
Commercial Open source
And many more….
4. Codechecker
Clang Tidy
clang.llvm.org
Clang SA
clang-analyzer.llvm.org
CodeChecker
Report Mgmt
Web Server
GIT (CI)
Commit Loop
utilities
Browser
Eclipse Client
CodeCheckercmd line
analyzer
toolset
E///
Checkers
Analyzer Report Storage
Ericsson
only checkers
New Analyzer Features
Cross Translation Unit Analysis
Statistical Checkers
Viewer & Report
Management
Features
1
2
3
Analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
6. Short summary card CodeChecker 6.16.0 - current latest version (Clang 12)
Description
Analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
Static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain
Supported Languages
C, C++, Objective C,
Up to date C/C++ language support (C++11,14,17)
Supported Architectures Linux, OSX, docker support
Technology AST(Abstract Syntax Tree) Matcher, Symbolic Execution
Analyzers
Support for multiple analyzers, currently Clang Static Analyzer and Clang-Tidy,
Can also store results from CppCheck, FB Infer, Sanitizers more to come – report-converter
Features Inter-procedural analysis, Cross TU Analysis, statistical checkers, suppression handling, filtering,…
Price Free
Gerrit and GitLab integration Shows analysis results as Gitlab or Gerrit reviews
False Positive Rate Low
Checker Database
~300+ checkers (Clangsa 120+, clang-tidy 250+, clang warnings…)
+50 Ericsson rules
CodeChecker can enforce ~50% of the rules (through more than 400 checkers)
Developer Community Large open source. Apple, Google, Ericsson supported
Useful links
https://codechecker.readthedocs.io/en/latest/usage/
https://github.com/Ericsson/codechecker
https://github.com/Ericsson/CodeCheckerEclipsePlugin
Getting started (How-To with examples)
https://www.slideshare.net/OliveraMilenkovic/codechecker-overview-nov-2019
7. CodeChecker can be used as a
generic tool for visualizing
analyzer results.
For details see supported code
analyzers documentation and
the Report Converter Tool
Storage of reports from analyzer tools
Language Analyzer
C/C++
Clang Static Analyzer
Clang Tidy
Clang Sanitizers
Cppcheck
Facebook Infer
Coccinelle
Smatch
Kernel-Doc
Sparse
cpplint
Java
SpotBugs
Facebook Infer
Python
Pylint
Pyflakes
JavaScript ESLint
TypeScript TSLint
Go Golint
Markdown
Markdownlint
Sphinx
8.
9. • Examples of commands to get list of checkers:
• CodeChecker checkers --profile sensitive
• CodeChecker checkers --guideline sei-cert
• See also https://codechecker.readthedocs.io/en/latest/usage/
• For analyze, parse and store commands you can use option
• --config <config file>
Codechecker config file example
{
"analyzer": [
"--jobs=10",
"--quiet",
"--ctu",
"--enable=sensitive",
"--enable= alpha.core.PointerArithm ",
"--disable= alpha.security.ArrayBound ",
"--disable= alpha.unix.cstring.BufferOverlap ",
"--report-hash=context-free-v2",
],
"parse": [
"--trim-path-prefix","${ROOT_PATH_FOR_REPO}",
"--print-step"
],
"store": [
"--url=<link to your Codechecker DB>",
"--trim-path-prefix","${ IROOT_PATH_FOR_REPO} ",
"--tag","${ CODECHECKER_STORE_TAG}"
]
}
Example of config file:
CODECHECKER_STORE_TAG can include SHA1 for commit, date,…
12. SUMMARY
Easier visual understanding of defects (The root cause of each defect is
clearly explained, making it easy to fix bugs)
Full path coverage – CTU analyses and statistical checkers
Overall summary of results for product (good for Status monitoring and
Planning of cleanups)
Filtering possibilities
Visibility of “Depth” of finding - number of steps that lead to error
Suppression handling (Per finding not file, False positive vs intentional)
Report generation
Easy detection of new defects
Easy integration to Gerrit verification for new defects
Eclipse integration...
Low false positive rate – path pruning
14. Ericsson Internal | 2016-03-08 | Page 5
Sim pl e An a l y s is
test1(){
int z=1/(3-abs(3));
}
int abs(int a){
if a<0
return –a;
else
return a;
}
source1.c Error:
Division by zero
Interprocedural: symbolic execution across
procedure (function) boundaries.
Simple analyses
15. Ericsson Internal | 2016-03-08 | Page 6
int abs(int a){
if a<0
return –a;
else
return a;
}
test1(){
int z=1/(3-abs(3));
}
Cr o s s Tr a n s l a t io n
Un it a n a l y s is (CTU)
source1.c
source2.c
Translation Unit 1
Translation Unit 2
Error:
Division by zero
To detect bugs across source file boundaries CTU analysis is needed!
Cross translational unit analyses (CTU)
16. Cross Translation unit analysis
CodeChecker analyze --ctu –b “make” –o reports_dir
• Default analysis is restricted to single translation unit only
• Cross Translation Unit mode: can catch faults across C/C++ file boundaries
• Analysis is slower (3-5 times) but finds 2-3 times more faults!
A.cpp
void abs(int&);
int foo(int j) {
return 42/(j + abs(j));
//division by zero
}
void main(){
foo(-5);
}
B.cpp
int abs(int a) {
if(a < 0)
return -a;
}
17. SUMMARY CTU
• Clang SA TU-internal analysis extended to Cross-TU analysis for C/C++
• Finds 2-3 times more reports
• Scalable & useful for industrial-size projects (PostgreSql, OpenSSL, …)
• Patch has been accepted into upstream Clang
• Try it yourself with latest Clang and CodeChecker
19
18. AST Matchers
`-FunctionDecl main 'int (void)'
`-CompoundStmt 0x5e40ea0 <col:11, line:6:1>
|-DeclStmt
| `-VarDecl used d 'double *'
|-BinaryOperator 'double *' lvalue '='
| |-DeclRefExpr 'double *' lvalue Var 0x5e2c5a0 'd' 'double *'
| `-CStyleCastExpr 'double *' <BitCast>
| `-CallExpr 'void *'
| |-ImplicitCastExpr 'void *(*)(int) throw()' <FunctionToPointerDecay>
| | `-DeclRefExpr 'void *(int) throw()' lvalue Function 0x5dea360 'malloc' 'void *(int) throw()'
| `-ImplicitCastExpr 'int' <IntegralCast>
| `-UnaryExprOrTypeTraitExpr 'unsigned long' sizeof
| `-ParenExpr 'double *' lvalue
| `-DeclRefExpr 'double *' lvalue Var 0x5e2c5a0 'd' 'double *'
`-ReturnStmt
`-IntegerLiteral 'int' 1
Call of operator sizeof Type of d is known
#include<stdlib.h>
int main(){
double *d;
d=(double*)malloc(sizeof(d));
return 1;
}
The allocated space is
pointer size and not double type size.
19. ASTMatchers
#include <stdlib.h>
#define ZERO 0
int getNull(int a) {
return a?0:1;
}
int getInput() __attribute__((notzero));
void test(int b)
{
int a,c;
double *d;
switch (b){
case 1: a = b / 0; break;
case 2: a = b / ZERO; break;
case 3: d = (double*) malloc(sizeof(d));
free(d); break;
case 4: c = b-4;
a = b / c; break;
case 5: a = b / getNull(b); break;
case 6: a = b / getInput(); break;
};
}
Found
Found as all preprocessor
statements are resolved.
Found as type resolution
can be used. (size_of checker)
Not found as
symbolic expressions
are not evaluated.
BUILD_MATCHER() { return
binaryOperator(hasOperatorName("/"),
hasRHS(integerLiteral(equals(0)).bind(
KEY_NODE)));
}
Flow insensitive
20. Symbolic Execution
• Path sensitive walk on the Control Flow Graph
• Simulated execution of the program
• On the most promising paths
• Variables are represented as symbolic values
• Constraints are calculated for symbolic values for each path
• Possible paths are calculated based on the constraints
• Impossible paths are dropped
21. Symbolic Execution
#include <stdlib.h>
void test(int b)
{
int a,c;
switch (b){
case 1: a = b / 0; break;
case 4:
c = b-4;
a = b / c; break;
};
}
b: $b
b: $b b: $b b: $b
$b=[4,4]
$b=[1,1]
$b=[MIN_INT,0],[2,3],
[5,MAX_INT]
b: $b
c: 0
$b=[4,4];
c=$b-4
c=0
b: $b
c: 0 $b=[4,4]
a=$b/$c
case 4
c = b-4;
Division by zero
switch(b)
a = b/c;
b: $b
a = b/0;
Nodes are
immutable program
states
22. SymbolicExecution
#include <stdlib.h>
#define ZERO 0
int getNull(int a) {
return a?0:1;
}
void test(int b)
{
int a,c;
double *d;
switch (b){
case 1: a = b / 0; break;
case 2: a = b / ZERO; break;
case 3: d = (double*) malloc(sizeof(d));
free(d); break;
case 4: c = b-4;
a = b / c; break;
case 5: a = b / getNull(b); break;
case 6: a = b / getInput(); break;
};
}
Internal function calls are followed
(context passed), variable constraints
are stored, possible paths are executed.
Context Sensitive
Inter-procedural
Analysis
Path Sensitive
Without context sensitivity, this is
undecidable.
Editor's Notes
The current solution seems bad but actually its fine in most cases (definitely improvable though