The Parfait Static Code Analysis Framework -- Lessons Learnt
Cristina Cifuentes, Nathan Keynes, Kevin Gough, Diane Corney, Manuel Valdiviezo Basauri
09 May 2016
The Parfait static code analyser was conceived at Sun Labs, now Oracle Labs, in 2007. At the time, the project focused on the detection of defects in C/C++ code. Over the next five years, Parfait matured to include detection of vulnerabilities (not just defects) in C/C++ and JavaTM while meeting the performance and precision standards expected of a commercial tool: Parfait can analyse 39 of the most common defects in the C language over an operating system codebase of 11 million lines of C code in 1.5 hours with a false positive rate of 10%. Today, Parfait is maintained by Oracle as an internal product and is used by thousands of developers at Oracle worldwide.
Venue : Designing Code Analysis Frameworks (DECAF) workshop, co-located with ISSTA