DocumentCode
3008650
Title
Parfait - A Scalable Bug Checker for C Code
Author
Cifuentes, Cristina
Author_Institution
Sun Microsyst. Labs., Brisbane, QLD
fYear
2008
fDate
28-29 Sept. 2008
Firstpage
263
Lastpage
264
Abstract
Parfait is a bug checker of C code that has been designed to address developers´ requirements of scalability (support millions of lines of code in a reasonable amount of time), precision (report few false positives) and reporting of bugs that may be exploitable from a security vulnerability point of view. For large code bases, performance is at stake if the bug checking tool is to be integrated into the software development process, and so is precision, as each false alarm (i.e., false positive) costs developer time to track down. Further, false negatives give a false sense of security to developers and testers, as it is not obvious or clear what other bugs were not reported by the tool. A common criticism of existing bug checking tools is the lack of reported metrics on the use of the tool. To a developer it is unclear how accurate the tool is, how many bugs it does not find, how many bugs get reported that are not actual bugs, whether the tool understands when a bug has been fixed, and what the performance is for the reported bugs. In this tool demonstration we show how Parfait fairs in the area of buffer overflow checking against the various requirements of scalability and precision.
Keywords
C language; program debugging; C code tool demonstration; Parfait; scalable bug checker; Algorithm design and analysis; Australia; Buffer overflow; Computer bugs; Laboratories; Programming; Scalability; Security; Sun; Testing; Scalability; benchmarking; precision;
fLanguage
English
Publisher
ieee
Conference_Titel
Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on
Conference_Location
Beijing
Print_ISBN
978-0-7695-3353-7
Type
conf
DOI
10.1109/SCAM.2008.21
Filename
4637559
Link To Document