Static program analysis techniques focusing on developing precise and scalable analyses for finding bugs in large-scale C and C++ source code.

Project Details



Static program analysis techniques focusing on developing precise and scalable analyses for finding bugs in large-scale C and C++ source code.

Project Overview

Now an internal Oracle product, the Parfait project started in 2007 with the aim to design a static code analysis prototype tool that looked into scalability and precision of detecting bugs in large (millions of lines of) source code. The Parfait prototype was built on top of the LLVM infrastructure and analyses C/C++ source code for various types of memory-related bugs, such as buffer overflows, memory leaks, null pointer dereferences, etc.

Parfait is fast -- it can analyse 10.6 million of lines of non-commented code of the OpenSolaris Operating System/Networking (ON) consolidation in 80 mins on a 2.9GHz AMD Opteron machine. Parfait is also precise -- it's average false positive rate is less than 10%, as reported by product organisations who use the tool on a daily basis.

In June 2012, the Parfait project was transferred to a product organisation and is currently deployed in various organisations where thousands of developers use it on a daily basis. The various teams at Oracle Labs Australia continues to use Parfait as a research framework, to experiment with new general analyses such as points-to, analyses for new bug types, as well as new languages.

Principal Investigator

Cristina Cifuentes

Senior Director of Research & Development, Oracle Labs Australia

Cristina is a Senior Director of R&D, serves as the Director of Oracle Labs Australia and is an Architect at Oracle. Headquartered in Brisbane, the Lab focuses on Intelligent Application Security aiming at making intelligent security of applications a reality, at scale. 

Prior to founding Oracle Labs Australia, Cristina was the Principal Investigator of the Parfait bug tracking project at Sun Microsystems, then Oracle. Today, Oracle Parfait has become the defacto tool used by thousands of Oracle developers for bug and vulnerability detection in real-world, commercially sized C/C++/Java applications. Parfait's success is founded on the pioneering work in advancing static program analysis techniques by Cristina’s team of Researchers and Engineers at Oracle Labs Australia.

Cristina’s passion for tackling the big issues in the field of Program Analysis began with her doctoral work in binary decompilation at Queensland’s University of Technology. In an interview with Richard Morris for Geek of the Week, Cristina talks about Parfait, Walkabout and her career journey in this field.

Before she joined Oracle and Sun Microsystems, Cristina held teaching posts at major Australian Universities, co-edited Going Digital, a landmark book on cybersecurity, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering.

Cristina continues to play an active role in the international programming language, compiler construction and software security communities. On the weekends, she channels her interests into mentoring young programmers through the CoderDojo network.

Personal Career Highlights

Mentor at CoderDojo Brisbane
Adjunct Professor, School of Information Technology and Electrical Engineering, The University of Queensland
Adjunct Professor, School of Electrical Engineering and Computer Science, Queensland University of Technology
Chancellor's Outstanding Alumnus (2001), Queensland University of Technology
PhD in Computer Science, "Decompilation of Binary Programs" (1994), Queensland University of Technology

 View Dr Cristina Cifuentes's profile