Static deep error checking in large system applications using parfait

Authors:
Cristina Cifuentes;Nathan Keynes;Lian Li;Nathan Hawes;Manuel Valdiviezo;Andrew Browne;Jacob Zimmermann;Andrew Craik;Douglas Teoh;Christian Hoermann
Affiliations:
Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia;Oracle Labs, Brisbane, Australia
Venue:
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Year:
2011

Citing 9
Cited 1

Improving Security Using Extensible Lightweight Static Analysis

IEEE Software
Finding bugs is easy

OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Saturn: A scalable framework for error detection using Boolean satisfiability

ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Parfait: designing a scalable bug checker

Proceedings of the 2008 workshop on Static analysis
BegBunch: benchmarking for C bug detection tools

Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Practical and effective symbolic analysis for buffer overflow detection

Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Boosting the performance of flow-sensitive points-to analysis using value flow

Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Orion: high-precision methods for static error analysis of c and c++ programs

FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
The ASTREÉ analyzer

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems

Precise and scalable context-sensitive pointer analysis via value flow graph

Proceedings of the 2013 international symposium on memory management

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we introduce Parfait, a static bug-checking tool for C/C++ applications. Parfait achieves precision and scalability at the same time by employing a layered program analysis framework. In Parfait, different analyses varying in precision and runtime expense can be invoked on demand to detect defects of a specific type, effectively achieving higher precision with smaller runtime overheads. Several production organizations within Oracle have started to integrate Parfait into their development process. Feedback from various production teams suggests that it is precise and scalable: the tool is able to analyze the OpenSolarisTM operating system and network consolidation (ON) with more than 6 million lines of code in 1 hour, and report thousands of defects with a false positive rate of close to 10%.