Parfait is a static bug-checking tool for C/C++ source code, designed to be both scalable and precise. Requirements for this tool were derived from interaction with the Solaris(TM) operating system team, where millions of lines of source code must be checked in a time-efficient manner, with minimal noise and a low cost of integration into the build process.
Internally at Sun various software organizations are using Parfait to analyse thousands to millions of lines of code, with over 500 buffer overflows found and fixed. Assisted by its graphical web-based user interface, both developers and managers are able to traverse bug data in a quick and easy way. Internal feedback from the various organizations allows us to improve the tool on a regular basis.
Externally, we and others are using Parfait to analyse open source code, including the open source operating system kernels OpenSolaris(TM), Linux and OpenBSD. Bugs found have been submitted to their respective communities and are normally fixed in a timely fashion. Presentation at the Software Assurance Forum, November 2009.