Static analysis for go lang

•

1 like•236 views

Daisuke Yamashita

this is for English tech LT #2. https://andpad.connpass.com/event/231653/

Technology

Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止
Static analysis for go lang

Selft-Introduction
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

daisuke0131  
 
After graduated from university, Joined Fujitsu Laboratories.  
I developed firmware, AI, Web services, ios/android apps.  
 
After the career, Joined startups to experience something new.  
 
Joined ANDPAD in 2016. Developed mobile applications.  
山下大輔 Daisuke Yamashita 
 
ANDPAD Chief Development Officer
Self-Introduction

What is ANDPAD?
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

What is ANDPAD?
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
・Project Management System For Construction Industry
・Project Management, Chat, Blueprint, Inspection, Schedule Adjustment
swift/kotlin swift/kotlin swift ReactNative→Flutter Flutter

Many features in ANDPAD
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Project Management
Chat Communication
Inspection
Blueprint
The others
ANDPAD
Built by Ruby on Rails Microservices by Go
Notifications
Approval
Authorization
・・・

Static analysis
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

Development cycle
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Requirement
Definition
Implementation QA test release

Cost gradually increases
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Implementation QA test release
increased cost
Shift-Left
Requirement
Definition

Why should we use static analysis?
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
QA test release
static analysis
unit test/
integration test
Requirement
Definition Implementation

Static analysis for Go
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

Static Analysis for Go
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Structure Analysis
Type Check
Static Single Assignment(SSA)
Pointer Analysis
ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168

Structure Analysis
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Structure Analysis
Type Check
Static Single Assignment(SSA)
Pointer Analysis
ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168
a+1
a
+
1
BinaryExpr
Ident BasicLit
AST
(Abstract Syntax Tree):
Code:

Static Single Assignment(SSA)
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Structure Analysis
Type Check
Static Single Assignment(SSA)
Pointer Analysis
ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168
n := 10
n += 100
n0 = 10
n1 = n0 + 100
It is easy to analyze process flow.

Type Check
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
Structure Analysis
Type Check
Static Single Assignment(SSA)
Pointer Analysis
ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168
n := 10 + 30
m := n + 200
What type is this?
-> int

$Pointer Analysis Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 var n int p := &n g(p) g(p1) g(p2) func g(p *int){ } We can understand where the pointer come from.$

how to develop static analysis on Go
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

Start from Skeleton
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
ref) https://github.com/gostaticanalysis/skeleton

layered architecture
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
ref) https://www.oreilly.com/content/software-architecture-patterns/

What kind of dependency is prohibited
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
ref) https://www.oreilly.com/content/software-architecture-patterns/
×
×
⭕
⭕
⭕
⭕

Find incorrect dependency
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
interface
→ Dependency Inversion Principle(DIP)
a_service → a_repository(interface) ◯
b_service → a_repository(implement) ×
ref) https://github.com/daisuke0131/layer

Conclusion
Conﬁdential
Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止
・explained static analysis for Go.
・developed a static analysis for layered architecture.

The only thing constant is change, and change requires oversight and very possibly an overhaul of your processes to support any shifts. The open source world is not exempt. Net, your code isn’t static so your processes shouldn’t be either. What open source management processes should be in your team’s eyeline? How does change impact devops, integration, automation, compliance, and issue remediation? In this webinar with Alex Rybak, Director of Product Management at Flexera, learn more about the impact of change in the world of open source software and the processes supported by software development teams.

Nsc42 security knights slayer of dragons 0-5_very_short_15m_share

NSC42 Ltd

Security Architecture in DEVOPS Title: Security Architect, slayer of dragons defenders of the realms and protectors of the cybersecurity automation Synopsis: The talk will take the audience on a journey from the origin of the security architecture, the challenge of cloud security and the role of an architect in the dev-sec-ops world. The talk explains the difference between traditional command and control governance and the solution to avoid starving automation and innovation with traditional security governance We will explore: Security Gates and why they do not always work in dev-ops Automation how-tos: How to deploy cybersecurity at scale Why is important to know how to deal with people Automation in the pipeline is the king If time is available the talk will explore some additional lesson learned rough length: compressed version 30 min normally 50 min or workshop format Audience Take Away: How to build a cybersecurity programme with architecture at the heart how to do traditional security governance how to mix governance and agile development as well as dev sec ops how to extract patterns from existing design the value of design principle patterns and why they are key to go fast. how and when to use tools (SAST/DAST) and when to engineer

Your Digital Experience (DX) will be compared to Google. We all do it. Everyone compares the flappy bird experience to the online banking experience. The challenge is the application IS your business, and that’s why DX is exploding our lives in DevOps. Elevating the digital experience transformed how we build apps, ship apps, support apps – even our team structures and business models. Every company is now a technology company. Want to avoid spending your life log-surfing in war rooms? You will hear how to: Avoid obsessing over metrics that don’t matter Map the customer journey from the smartphone to the database Eliminate release problems BEFORE they hit production Set watchpoints in production for when you forgot to set breakpoints Focus on what the customer sees and will pay for You are not alone, there are people and tools that can help. Hear from two industry leaders who may have broken something major in their careers. Learn from their stories.

Building Data Environments for Production Microservices with Geode

VMware Tanzu

Digitization - What Does This Mean to Internal Audit?

jennyhollingworth

Digitization is becoming an increasingly popular term for the usage of technology and digital advances, such as analytics, mobility, social media and smart devices, to radically improve the performance and/or reach of organizations. Companies across industries are racing to migrate analog approaches to customers, products, services and operating models to an always-on, real-time and information-rich marketplace. This presentation, originally from a webinar recorded on September 14, 2016, looks at: What is digitization? What risks are associated with digitization? What can internal audit do to help its organization analyze and monitor the associated risks? To hear the original webinar, please go to http://www.protiviti.com/en-US/Pages/Webinars.aspx

FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT

ForgeRock

Cynoteck Technology Solutions - Company Profile

Rosa Aguiar Catraio

Cynoteck is a dynamic and professional IT services provider that serves enterprises and individuals, helping them meet the challenges of the global economy. We offer services in the area of CRM Consultation and implementation, Application development, Mobile application development, Web development & Offshore Development. Our experienced Project Managers apply a mature development methodology, continuously exceeding our client’s business expectations, and ensuring the success of off-shoring projects. We have expertise ranging from consulting on business and technology to creating innovative technology solutions. Our vision shapes the culture at Cynoteck, which lays a strong emphasis on innovation and thought process.

Guidewire Connections 2023 DE-4 Using AI to Accelerate Application Integration

BrianPetrini

Spring Cloud Gateway - Ryan Baxter

VMware Tanzu

Computer Vision con AWS

Amazon Web Services

Leadership Session: The Future of Enterprise IT (ENT220-L) - AWS re:Invent 2018

Amazon Web Services

The cloud is enabling the transformation of IT in the enterprise at an unprecedented rate. No longer is IT viewed just as a provider of services, but increasingly it is viewed as a strategically important team that plays a central role in the creation of new business value. How are enterprise IT leaders responding, and what are the people, process and technology shifts needed to build agile and innovative organizations?

How resolve Gem dependencies in your code?

Hiroshi SHIBATA

Tensorflow

Daisuke Yamashita

Introduction of ios-chart in oss-labs#3

Daisuke Yamashita

Similar to Static analysis for go lang

Ivanti for msp

Ivanti

How resolve Gem dependencies in your code?

Hiroshi SHIBATA

ARO For Developers

Doug Sillars

𝐆𝐞𝐧𝐞𝐫𝐚𝐭𝐢𝐯𝐞 𝐀𝐈: 𝐂𝐡𝐚𝐧𝐠𝐢𝐧𝐠 𝐇𝐨𝐰 𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐞𝐬 𝐚𝐧𝐝 𝐎𝐩𝐞𝐫𝐚𝐭𝐞𝐬

VINCI Digital - Industrial IoT (IIoT) Strategic Advisory

Viviota: R&D Engineering Analysis & Data Management

Doug Norton

940 paw business general session - ssg - data-robot

Rising Media, Inc.

940 diamond sponsor sengupta

Rising Media, Inc.

940 diamond sponsor sengupta,_using our laptop

Rising Media, Inc.

ANTI-ANTI-CODE-MODIFICATION MiSSConf(SP5) 2019

Boonpoj Thongakaraniroj

NYC Identity Summit Tech Day: Authorization for the Modern World

ForgeRock

Prepare Your DevOps Culture to Withstand the Digital Experience Onslaught

DevOps.com

Building Data Environments for Production Microservices with Geode

VMware Tanzu

Digitization - What Does This Mean to Internal Audit?

jennyhollingworth

FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT

ForgeRock

Cynoteck Technology Solutions - Company Profile

Rosa Aguiar Catraio

Guidewire Connections 2023 DE-4 Using AI to Accelerate Application Integration

BrianPetrini

Spring Cloud Gateway - Ryan Baxter

VMware Tanzu

Computer Vision con AWS

Amazon Web Services

Leadership Session: The Future of Enterprise IT (ENT220-L) - AWS re:Invent 2018

Amazon Web Services

How resolve Gem dependencies in your code?

Hiroshi SHIBATA

Similar to Static analysis for go lang (20)

Ivanti for msp

How resolve Gem dependencies in your code?

ARO For Developers

Viviota: R&D Engineering Analysis & Data Management

940 paw business general session - ssg - data-robot

940 diamond sponsor sengupta

940 diamond sponsor sengupta,_using our laptop

ANTI-ANTI-CODE-MODIFICATION MiSSConf(SP5) 2019

NYC Identity Summit Tech Day: Authorization for the Modern World

Prepare Your DevOps Culture to Withstand the Digital Experience Onslaught

Building Data Environments for Production Microservices with Geode

Digitization - What Does This Mean to Internal Audit?

FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT

Cynoteck Technology Solutions - Company Profile

Guidewire Connections 2023 DE-4 Using AI to Accelerate Application Integration

Spring Cloud Gateway - Ryan Baxter

Computer Vision con AWS

Leadership Session: The Future of Enterprise IT (ENT220-L) - AWS re:Invent 2018

How resolve Gem dependencies in your code?

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 4

Elevating Tactical DDD Patterns Through Object Calisthenics

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

UiPath Test Automation using UiPath Test Suite series, part 3

Epistemic Interaction - tuning interfaces to provide information for AI support

Assuring Contact Center Experiences for Your Customers With ThousandEyes

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

A tale of scale & speed: How the US Navy is enabling software delivery from l...

By Design, not by Accident - Agile Venture Bolzano 2024

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Essentials of Automations: Optimizing FME Workflows with Parameters

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

FIDO Alliance Osaka Seminar: Overview.pdf

Introduction to CHERI technology - Cybersecurity

Quantum Computing: Current Landscape and the Future Role of APIs

Static analysis for go lang

1. Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止 Static analysis for go lang

2. Selft-Introduction Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

3. daisuke0131     After graduated from university, Joined Fujitsu Laboratories.   I developed firmware, AI, Web services, ios/android apps.     After the career, Joined startups to experience something new.     Joined ANDPAD in 2016. Developed mobile applications.   山下大輔 Daisuke Yamashita    ANDPAD Chief Development Officer Self-Introduction

4. What is ANDPAD? Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

5. What is ANDPAD? Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止・Project Management System For Construction Industry ・Project Management, Chat, Blueprint, Inspection, Schedule Adjustment swift/kotlin swift/kotlin swift ReactNative→Flutter Flutter

6. Many features in ANDPAD Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Project Management Chat Communication Inspection Blueprint The others ANDPAD Built by Ruby on Rails Microservices by Go Notifications Approval Authorization ・・・

7. Static analysis Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

8. Development cycle Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Requirement Definition Implementation QA test release

9. Cost gradually increases Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Implementation QA test release increased cost Shift-Left Requirement Definition

10. Why should we use static analysis? Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 QA test release static analysis unit test/ integration test Requirement Definition Implementation

11. Static analysis for Go Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

12. Static Analysis for Go Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168

13. Static Analysis for Go Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 how to analyze the sourcecode

14. Static Analysis for Go Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 how to check the detail.

15. Structure Analysis Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 a+1 a + 1 BinaryExpr Ident BasicLit AST (Abstract Syntax Tree): Code:

16. Structure Analysis Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 ref) https://go.dev/play/p/9jenf3yjoWg Code: AST:

17. Static Single Assignment(SSA) Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 n := 10 n += 100 n0 = 10 n1 = n0 + 100 It is easy to analyze process flow.

18. Static Single Assignment(SSA) Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 ref) https://golang-ssaview.herokuapp.com/ Code: SSA:

19. Type Check Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 n := 10 + 30 m := n + 200 What type is this? -> int

20. Pointer Analysis Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 Structure Analysis Type Check Static Single Assignment(SSA) Pointer Analysis ref) https://docs.google.com/presentation/d/1I4pHnzV2dFOMbRcpA-XD0TaLcX6PBKpls6WxGHoMjOg/edit#slide=id.g80ffbfd5e3_0_168 var n int p := &n g(p) g(p1) g(p2) func g(p *int){ } We can understand where the pointer come from.

21. how to develop static analysis on Go Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. Proprietary & Confidential 無断転載・無断複製の禁止

22. Start from Skeleton Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 ref) https://github.com/gostaticanalysis/skeleton

23. layered architecture Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 ref) https://www.oreilly.com/content/software-architecture-patterns/

24. What kind of dependency is prohibited Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 ref) https://www.oreilly.com/content/software-architecture-patterns/ × × ⭕ ⭕ ⭕ ⭕

25. Find incorrect dependency Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 interface → Dependency Inversion Principle(DIP) a_service → a_repository(interface) ◯ b_service → a_repository(implement) × ref) https://github.com/daisuke0131/layer

26. Find incorrect dependency Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止 ref) https://github.com/daisuke0131/layer

27. Conclusion Conﬁdential Copyright © 2020 Present ANDPAD Inc. This information is confidential and was prepared by ANDPAD Inc. for the use of our client. It is not to be relied on by and 3rd party. 無断転載・無断複製の禁止・explained static analysis for Go. ・developed a static analysis for layered architecture.

Static analysis for go lang

Recommended

Recommended

More Related Content

Similar to Static analysis for go lang

Similar to Static analysis for go lang (20)

More from Daisuke Yamashita

More from Daisuke Yamashita (12)

Recently uploaded

Recently uploaded (20)

Static analysis for go lang