Internal Deployment of the Parfait Static Code Analysis Tool at Oracle
The term static code analysis is used these days to refer to tools that find bugs and/or security vulnerabilities in source or executable code by performing static analysis of the code. In the past years, several static code analysis tools have transitioned from a research environment onto production mode; examples include Coverity , SLAM and Goanna .
Parfait was developed as a research project at Sun Microsystems Laboratories with the aim to look into precision and scalability of static bug-detection analyses over millions of lines of source code (MLOC). The Oracle acquisition of Sun brought Parfait into a new playground where, in the course of one year, a small team of researchers and students showed “value for money” against codebases from “legacy” Oracle. Key to this value proposition was not only showing that the tool reported real bugs of interest to developers, but also that there was a high hit rate of reports and that it scaled well, allowing for not only nightly integration but also incremental, commit-time integration.
In this talk we summarise our experiences in the transitioning of Parfait from a research prototype at Oracle Labs, onto production mode at Oracle, as well as its deployment throughout the company, where it is used on a day-to-day basis by thousands of developers. We also elaborate on our recent experiences on extending Parfait to support the JavaTMlanguage, for the purposes of detecting vulnerabilities in the Java Platform.
Unable to display preview. Download preview PDF.
- 3.Huuck, R.: Formal verification, engineering and business value. In: Proceedings of the First International Workshop on Formal Techniques for Safety-Critical Systems, Electronic Proceedings in Theoretical Computer Science, pp. 1–4 (2012)Google Scholar
- 4.Cifuentes, C., Scholz, B.: Parfait – designing a scalable bug checker. In: Proceedings of the ACM SIGPLAN Static Analysis Workshop, June 12, pp. 4–11 (2008)Google Scholar
- 5.Scholz, B., Zhang, C., Cifuentes, C.: User-input dependence analysis via graph reachability. In: Proceedings of the Eighth IEEE Working Conference on Source Code Analysis and Manipulation, September 28-29, pp. 25–34 (2008)Google Scholar
- 6.Li, L., Cifuentes, C., Keynes, N.: Practical and effective symbolic analysis for buffer overflow detection. In: roceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 317–326. ACM, New York (2010)Google Scholar
- 7.Li, L., Cifuentes, C., Keynes, N.: Boosting the performance of flow-sensitive points-to analysis using value flow. In: Proceedings of the 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering, pp. 343–353. ACM (2011)Google Scholar
- 8.Li, L., Cifuentes, C., Keynes, N.: Precise and scalable context-sensitive pointer analysis via value flow graph. In: Proceedings of the 2013 International Symposium on Memory Management (ISMM), pp. 85–96. ACM (2013)Google Scholar
- 9.Valdiviezo, M., Cifuentes, C., Krishnan, P.: A method for scalable and precise bug finding using program analysis and model checking techniques (2012) (unpublished manuscript)Google Scholar
- 10.Cifuentes, C., Hoermann, C., Keynes, N., Li, L., Long, S., Mealy, E., Mounteney, M., Scholz, B.: BegBunch: Benchmarking for C bug detection tools. In: Proceedings of the 2009 International Workshop on Defects in Large Software Systems (July 2009)Google Scholar
- 11.Lattner, C., Adve, V.: LLVM: A compilation framework for lifelong program analysis & transformation. In: Proceedings of the International Symposium on Code Generation and Optimization. IEEE Computer Society, Washington, DC (2004)Google Scholar
- 12.Clang: a C language family frontend for LLVM, http://clang.llvm.org
- 13.Cifuentes, C., Keynes, N., Li, L., Hawes, N., Valdiviezo, M.: Transitioning Parfait into a development tool. IEEE Security and Practice (May/June 2012)Google Scholar