All software contains bugs, i.e., implementation errors in the code. Many of these errors can be detected statically, at compile-time, before running the program; other only at runtime. Ideally, in order for compile-time analysis to happen, the analysis needs to be fast, so that developers can use it during their development cycle, as other types of development tools.
The Program Analysis team focuses on developing scalable and precise analyses for finding or preventing bugs and vulnerabilities, as well as to enhance developer productivity.
For the last years, the focus of the team has been on static analysis techniques as applied to finding bugs in large (millions of lines of code) C/C++ source code. New scalable analyses were developed in the areas of symbolic analysis, dataflow analysis, points-to analysis, taint analysis and model-based analysis, and were integrated in the Parfait static code analysis tool.
- Transitioning Parfait into a Development Tool
- Cristina Cifuentes, Nathan Keynes, Lian Li, Nathan Hawes, Manuel Valdiviezo, Article, (2012)
- Boosting the performance of flow-sensitive points-to analysis using value flow.
- Lian Li, Cristina Cifuentes, Nathan Keynes, SIGSOFT FSE 2011:343-353
- Static deep error checking in large system applications using Parfait.
- Cristina Cifuentes, Nathan Keynes, Lian Li, Nathan Hawes, Manuel Valdiviezo, Andrew Browne, Jacob Zimmermann, Andrew Craik, Douglas Teoh, Christian Hoermann, In Proceedings, (2011)
- Practical and effective symbolic analysis for buffer overflow detection.
- Lian Li, Cristina Cifuentes, Nathan Keynes, SIGSOFT FSE 2010:317-326
- BegBunch: Benchmarking for C Bug Detection Tools
- Cristina Cifuentes, Christian Hoermann, Nathan Keynes, Lian Li, Simon Long, Erica Mealy, Michael Mounteney, Bernhard Scholz, In Proceedings, (2009)
- Benchmarking Static C Bug-Checking Tools
- Cristina Cifuentes, In Proceedings, (2009)
- Improving Software Quality with Parfait
- Cristina Cifuentes, Misc, (2009)
- Program analysis for bug detection using Parfait: invited talk.
- Cristina Cifuentes, Nathan Keynes, Lian Li, Bernhard Scholz, In Proceedings, (2009)
- Parfait - A Scalable Bug Checker for C Code.
- Cristina Cifuentes, SCAM 2008:263-264
- Parfait - Designing a Scalable Bug Checker
- Cristina Cifuentes, Bernhard Scholz, In Proceedings, (2008)
- User-Input Dependence Analysis via Graph Reachability
- Bernard Scholz, Chenyi Zhang, Cristina Cifuentes, Technical Report, (2008)
- User-Input Dependence Analysis via Graph Reachability.
- Bernhard Scholz, Chenyi Zhang, Cristina Cifuentes, SCAM 2008:25-34
The Parfait project was designed as a static code analysis prototype that looked into scalability and precision of finding bugs in large (millions of lines of) source code.
The Parfait prototype was built on top of the LLVM infrastructure and analyses C/C++ source code for various types of memory-related bugs, such as buffer overflows, memory leaks, null pointer dereferences, etc.
Parfait is fast -- it can analyse 10.6 million of lines of non-commented code of the OpenSolaris Operating System/Networking (ON) consolidation in 80 mins on a 2.9GHz AMD Opteron machine.
Parfait is also precise -- it's average false positive rate is less than 10%, as reported by product organisations who use the tool on a daily basis.
In June 2012, the Parfait project was transferred to a product organisation and is currently deployed in various organisations where thousands of developers use it on a daily basis.
The Program Analysis team continues to use Parfait as a research framework, to experiment with new analyses for new bug types, as well as new languages.
The Java vulnerability detection project is a new project that aims at detecting vulnerabilities via static and dynamic techniques. Of interest are not only vulnerabilities that happen within the Java language, but also cross-language vulnerabilities.
The Java JNI interface is a source of vulnerabilities due to the interaction between the C and the Java language. This part of the project looks into development of static analyses to determine such vulnerabilities using an extension of the Parfait framework.
The Productivity Tools project is a new project that looks into enhancing developer productivity by means of better code comprehension techniques over large code bases. The project aims to aid both, experienced and inexperienced developers.
The focus of this work is to be applied to the commonly used languages such as C/C++ and Java.
Vulnerability Detection Combining Static Analysis and Model-based Testing
The aim of this collaboration is to combine program analysis with model-based testing techniques to address issues of scalability and precision of bug checking tools, especially in the context of large systems code.
Software Quality Improvement Through Static Analysis and Annotation
The aim of this Australian Research Council (ARC) Linkage project is to develop better methods for automatic static analysis of software to find latent errors and security loopholes, thereby improving the quality of code. The approach will make use of code annotations (such as assertions, invariants and extended type systems) to improve the precision of the program analysis process.
Demand-driven Points-to Analysis
The aim of this collaboration is to develop new context-sensitive and field-sensitive analysis with full heap cloning to perform demand-driven points-to and alias analysis for the Java language.