Parfait
Static program analysis techniques focusing on developing precise and scalable analyses for finding bugs in large-scale C and C++ source code.
Parfait
Parfait
Static program analysis techniques focusing on developing precise and scalable analyses for finding bugs in large-scale C and C++ source code.
Project Overview
Now an internal Oracle product, the Parfait project started in 2007 with the aim to design a static code analysis prototype tool that looked into scalability and precision of detecting bugs in large (millions of lines of) source code. The Parfait prototype was built on top of the LLVM infrastructure and analyses C/C++ source code for various types of memory-related bugs, such as buffer overflows, memory leaks, null pointer dereferences, etc.
Parfait is fast -- it can analyse 10.6 million of lines of non-commented code of the OpenSolaris Operating System/Networking (ON) consolidation in 80 mins on a 2.9GHz AMD Opteron machine. Parfait is also precise -- it's average false positive rate is less than 10%, as reported by product organisations who use the tool on a daily basis.
In June 2012, the Parfait project was transferred to a product organisation and is currently deployed in various organisations where thousands of developers use it on a daily basis. The various teams at Oracle Labs Australia continues to use Parfait as a research framework, to experiment with new general analyses such as points-to, analyses for new bug types, as well as new languages.
As Vice President of Oracle's Software Assurance organisation, I lead a team of world-class security researchers and engineers whose passion lies in solving the big issues in Software Assurance. Our mission is to make application security and software assurance, at scale, a reality. We enjoy working with today's complex enterprise systems composed of millions of lines of code, variety of languages, established and new technologies, to detect vulnerabilities and attack vectors before others do. Automation is important, so are security assessments.
Cristina was the founding Director of Oracle Labs Australia in 2010, a team she led for close to 12 years. As Director of Oracle Labs Australia, I led a team of world-class Researchers and Engineers whose passion lies in solving the big issues in Program Analysis. Our team specialises in software vulnerability detection and developer productivity enhancement – in the context of real-world, commercial applications that contain millions of lines of code. My team successfully released Oracle Parfait, a static analysis tool used by thousands of C/C++/Java developers each day. Our inventions have resulted in dozens of US patents at Oracle and Sun Microsystems, and our impact on program analysis is well known through our active participation and publication record.
Cristina’s passion for tackling the big issues in the field of Program Analysis began with her doctoral work in binary decompilation at the Queensland University of Technology, which led to her being named the Mother of Decompilation for her contributions to this domain. In an interview with Richard Morris for Geek of the Week, Cristina talks about Parfait, Walkabout and her career journey in this field.
Before she joined Oracle and Sun Microsystems, Cristina held academic posts at major Australian Universities, co-edited Going Digital, a landmark book on Cybersecurity, and served on the executive committees of ACM SIGPLAN and IEEE Reverse Engineering.
Cristina continues to play an active role in the international programming language and software security communities. Where possible, she channels her interests into mentoring young programmers through the CoderDojo network and mentoring women in STEM.
Personal Career Highlights
Mentor at CoderDojo Brisbane
Adjunct Professor, School of Information Technology and Electrical Engineering, The University of Queensland
Adjunct Professor, School of Electrical Engineering and Computer Science, Queensland University of Technology
Chancellor's Outstanding Alumnus (2001), Queensland University of Technology
PhD in Computer Science, "Decompilation of Binary Programs" (1994), Queensland University of Technology