ABSTRACT
In this paper, we introduce Parfait, a static bug-checking tool for C/C++ applications. Parfait achieves precision and scalability at the same time by employing a layered program analysis framework. In Parfait, different analyses varying in precision and runtime expense can be invoked on demand to detect defects of a specific type, effectively achieving higher precision with smaller runtime overheads. Several production organizations within Oracle have started to integrate Parfait into their development process. Feedback from various production teams suggests that it is precise and scalable: the tool is able to analyze the OpenSolarisTM operating system and network consolidation (ON) with more than 6 million lines of code in 1 hour, and report thousands of defects with a false positive rate of close to 10%.
- C. Cifuentes, C. Hoermann, N. Keynes, L. Li, S. Long, E. Mealy, M. Mounteney, and B. Scholz. BegBunch: Benchmarking for C bug detection tools. In Proceedings of the 2009 international workshop on Defects in large software systems, July 2009. Google ScholarDigital Library
- C. Cifuentes and B. Scholz. Parfait -- designing a scalable bug checker. In Proceedings of the ACM SIGPLAN Static Analysis Workshop, pages 4--11, 12 June 2008. Google ScholarDigital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTRÉE analyser. In Proceedings of the 2005 European Symposium on Programming, pages 21--30. Springer, April 2005. Google ScholarDigital Library
- Fortify Static Code Analysis (SCA). http://www.coverity.com/products/coverity-prevent.html. Last accessed: 1 June 2011.Google Scholar
- D. Dams and K. S. Namjoshi. Orion: High-precision methods for static error analysis of c and c programs. In FMCO'05: Proceedings of the 4th International Symposium on Formal Methods for Components and Objects, volume 4111 of Lecture Notes in Computer Science, pages 138--160. Springer, 2005. Google ScholarDigital Library
- A. Deutsch. Static verification of dynamic properties. PolySpace White Paper, February 2004.Google Scholar
- D. Evans and D. Larochelle. Improving security using extensible lightweight static analysis. IEEE Software, pages 42--51, January/February 2002. Google ScholarDigital Library
- Fortify Static Code Analysis (SCA). http://www.fortify.com/products/sca/. Last accessed: 1 June 2011.Google Scholar
- GrammaTech CodeSonar. http://www.grammatech.com/products/codesonar/overview.html. Last accessed: 1 April 2008.Google Scholar
- D. Hovemeyer and W. Pugh. Finding bugs is easy. In Companion to the 19th conference on Object-oriented Programming Systems, Languages, and Applications, pages 132--136. ACM Press, 2004. Google ScholarDigital Library
- L. Li, C. Cifuentes, and N. Keynes. Practical and effective symbolic analysis for buffer overflow detection. In Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, FSE '10, pages 317--326, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- L. Li, C. Cifuentes, and N. Keynes. Boosting the performance of flow-sensitive points-to analysis using value flow. In Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, FSE '11, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- LLVM/Clang Static Analyzer. http://clang.llvm.org/StaticAnalysis.html. Last accessed: 1 December 2010.Google Scholar
- B. Scholz, C. Zhang, and C. Cifuentes. User-input dependence analysis via graph reachability. In Proceedings of the Eighth IEEE Working Conference on Source Code Analysis and Manipulation, pages 25--34, 28-29 September 2008.Google ScholarCross Ref
- Uno Tool Synopsis. http://spinroot.com/uno/. Last accessed: 26 October 2010.Google Scholar
- M. Webster. Leveraging static analysis for a multidimensional view of software quality and security: Klocwork's solution. White paper, IDC, Sept. 2005.Google Scholar
- Y. Xie and A. Aiken. Saturn: A scalable framework for error detection using boolean satisfiability. ACM Transactions on Programming Languages and Systems, 29(3):16, 2007. Google ScholarDigital Library
Index Terms
- Static deep error checking in large system applications using parfait
Recommendations
Boosting the performance of flow-sensitive points-to analysis using value flow
ESEC/FSE '11: Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineeringPoints-to analysis is a fundamental static analysis technique which computes the set of memory objects that a pointer may point to. Many different applications, such as security-related program analyses, bug checking, and analyses of multi-threaded ...
Testing static analyses for precision and soundness
CGO 2020: Proceedings of the 18th ACM/IEEE International Symposium on Code Generation and OptimizationStatic analyses compute properties of programs that are true in all executions, and compilers use these properties to justify optimizations such as dead code elimination. Each static analysis in a compiler should be as precise as possible while ...
Exception analysis and points-to analysis: better together
ISSTA '09: Proceedings of the eighteenth international symposium on Software testing and analysisException analysis and points-to analysis are typically done in complete separation. Past algorithms for precise exception analysis (e.g., pairing throw clauses with catch statements) use pre-computed points-to information. Past points-to analyses ...
Comments