Oracle Solaris Studio Code Analyzer



Similar documents
G Cloud 7 Pricing Document

G Cloud 7 Pricing Document

An Oracle White Paper July Introducing the Oracle Home User in Oracle Database 12c for Microsoft Windows

Oracle Financial Management Analytics

ORACLE OPS CENTER: VIRTUALIZATION MANAGEMENT PACK

PEOPLESOFT SUCCESSION PLANNING

Oracle Hyperion Financial Close Management

Oracle Value Chain Planning Inventory Optimization

Oracle Learning Management

Siebel CRM Quote and Order Capture - Product and Catalog Management

ORACLE INFRASTRUCTURE AS A SERVICE PRIVATE CLOUD WITH CAPACITY ON DEMAND

An Oracle White Paper January Using Oracle's StorageTek Search Accelerator

PeopleSoft Mobile Inventory Management for Healthcare

Oracle Sales Cloud Sales Performance Management

An Oracle White Paper February Rapid Bottleneck Identification - A Better Way to do Load Testing

ORACLE SYSTEMS OPTIMIZATION SUPPORT

PeopleSoft HelpDesk. Maximized Operational Efficiency. Usability and Role-Based Access

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

The new Manage Requisition Approval task provides a simple and user-friendly interface for approval rules management. This task allows you to:

Oracle Sales For Handhelds

Oracle Sales Cloud for Consumer Goods

Simplify IT and Reduce TCO: Oracle s End-to-End, Integrated Infrastructure for SAP Data Centers

Oracle Human Resources

An Oracle Technical White Paper June Oracle VM Windows Paravirtual (PV) Drivers 2.0: New Features

WEBLOGIC SERVER MANAGEMENT PACK ENTERPRISE EDITION

PeopleSoft Strategic Sourcing

Oracle Big Data Discovery The Visual Face of Hadoop

ORACLE FUSION PROJECT MANAGEMENT CLOUD SERVICE

Siebel CRM Reports. Easy to develop and deploy. Administration

ORACLE SOCIAL MARKETING CLOUD SERVICE

Oracle Sales Cloud Analytics

ORACLE CRM ON DEMAND RELEASE 30

An Oracle White Paper March Oracle s Single Server Solution for VDI

Running Oracle s PeopleSoft Human Capital Management on Oracle SuperCluster T5-8 O R A C L E W H I T E P A P E R L A S T U P D A T E D J U N E

PeopleSoft Compensation

How To Use Oracle Hyperion Strategic Finance

March Oracle Business Intelligence Discoverer Statement of Direction

Field Service Management in the Cloud

PeopleSoft Enterprise Directory Interface

Oracle Telesales. Comprehensive Customer Management. View of Business Activities Across Operating Units

Oracle Sales Cloud on Smartphones and Tablets

Oracle JD Edwards EnterpriseOne Mobile Sales Order Entry

PRODUCT HUB STREAMLINED ITEM BATCH USER INTERFACE DEFINE IMPORT FORMATS FOR SPREADSHEET IMPORT CONSOLIDATION OF DIGITAL ASSETS THROUGH THE ITEM BATCH

An Oracle White Paper November Oracle Business Intelligence Standard Edition One 11g

Performance with the Oracle Database Cloud

ORACLE CLOUD MANAGEMENT PACK FOR ORACLE DATABASE

ORACLE VM MANAGEMENT PACK

An Oracle White Paper May Distributed Development Using Oracle Secure Global Desktop

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

Migrating Non-Oracle Databases and their Applications to Oracle Database 12c O R A C L E W H I T E P A P E R D E C E M B E R

Oracle s Primavera Prime Capital Plan Management

An Oracle Technical Article October Certification with Oracle Linux 5

THE NEW BUSINESS OF BUSINESS LEADERS. Hiring and Onboarding

ORACLE ENTERPRISE DATA QUALITY PRODUCT FAMILY

Oracle Service Cloud and Oracle Field Service Cloud Accelerator

Oracle Enterprise Manager 13c Cloud Control

Oracle Order Management

An Oracle Benchmarking Study February Oracle Insurance Insbridge Enterprise Rating: Performance Assessment

A Framework for Implementing World-Class Talent Management. The highest performing businesses are re-focusing on talent management

An Oracle White Paper June, Provisioning & Patching Oracle Database using Enterprise Manager 12c.

Accelerating the Transition to Hybrid Cloud with Oracle Managed Cloud Integration Service

An Oracle White Paper September Advanced Java Diagnostics and Monitoring Without Performance Overhead

ORACLE PRODUCT DATA HUB

An Oracle Technical Article November Certification with Oracle Linux 6

Oracle Fusion Middleware

Connect the Contact Center to the Field with Oracle Service Cloud

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

APPLICATION MANAGEMENT SUITE FOR SIEBEL APPLICATIONS

Oracle Sales Cloud Activity Management

PeopleSoft Enterprise Learning Management

ORACLE FUSION PERFORMANCE MANAGEMENT

Oracle Sales Cloud Configuration, Customization and Integrations

An Oracle Communications White Paper December Serialized Asset Lifecycle Management and Property Accountability

Oracle Internet of Things Cloud Service

Oracle s BigMachines Solutions. Cloud-Based Configuration, Pricing, and Quoting Solutions for Enterprises and Fast-Growing Midsize Companies

ORACLE S PRIMAVERA CONTRACT MANAGEMENT, BUSINESS INTELLIGENCE PUBLISHER EDITION

An Oracle White Paper June, Enterprise Manager 12c Cloud Control Application Performance Management

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

Advanced Matching and IHE Profiles

Oracle Cloud E

Driving Down the High Cost of Storage. Pillar Axiom 600

Complete Financial Crime and Compliance Management

An Oracle White Paper July Oracle Linux and Oracle VM Remote Lab User Guide

ORACLE UTILITIES ANALYTICS FOR CUSTOMER CARE AND BILLING

An Oracle Technical Article March Certification with Oracle Linux 7

An Oracle White Paper February Oracle Data Integrator 12c Architecture Overview

Oracle istore. Deliver Intelligent, Personalized Customer Experiences

PEOPLESOFT HELPDESK FOR HUMAN RESOURCES

Managed Storage Services

An Oracle White Paper May 2011 BETTER INSIGHTS AND ALIGNMENT WITH BUSINESS INTELLIGENCE AND SCORECARDS

An Oracle White Paper June Tackling Fraud and Error

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

ORACLE HEALTHCARE ANALYTICS DATA INTEGRATION

Oracle Hyperion Planning

ORACLE DATA INTEGRATOR ENTERPRISE EDITION

ORACLE FINANCIAL SERVICES ANALYTICAL APPLICATIONS INFRASTRUCTURE

Transcription:

Oracle Solaris Studio Code Analyzer The Oracle Solaris Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access violations, enabling developers to write better code with fewer errors faster. KEY FEATURES Integrated and comprehensive view of common coding errors via interactive GUI or command-line interface to meet scripting needs Quick identification of SPARC M7 Silicon Secured Memory runtimerelated errors Get accurate analysis faster than competitive alternatives Low false positive rate Static code checking detects common programming errors as part of normal build process Dynamic code checking finds memory-related errors in executed code paths Code Coverage checking informs developers of gaps in test coverage KEY BENEFITS Improve software quality, security, and reliability Increase developer productivity Introduction Have you ever been called in the middle of the night because your application crashed? Does your application exhibit mysterious intermittent failures that are hard to pinpoint? Do you think your software is not adequately tested? The Code Analyzer helps identify application reliability and security issues by utilizing dynamic, static and code coverage analysis to detect common coding errors, including memory leaks and memory access violations faster than competitive alternatives. In addition, the Code Analyzer provides support for SPARC M7 Silicon Secured Memory, enabling developers to find and fix memory errors with minimal overhead. The Code Analyzer performs static analysis when you are compiling your application and it performs dynamic analysis when you are running your application and gives you feedback about where you may have errors. In addition, it provides code coverage data to give you information about functions that are not covered by your test suite and provides guidance on the type of benefit you could get by covering those functions. The Code Analyzer provides a comprehensive view of application vulnerabilities by synthesizing the data collected from these three types of analysis, enabling you to improve application correctness and reliability. It also provides advanced error filtering and sorting capabilities, enabling you to track, detect, and fix issues faster. Static Analysis Modern static checking can uncover implementation defects in software earlier, more reliably and at a far lower cost than conventional testing methods. Unlike early Unix tools like lint, programs can now be analyzed at a semantic level to point out real defects, rather than potentially problematic constructs. Using sophisticated analysis techniques, bugs and implementation defects can be found during compilation and fixed right away, saving enormous amounts of time and resources.

Static Analysis is enabled in the compiler when building your application. Some of the useful errors found during this phase include: Reading and writing beyond array bounds Incorrect malloc and freed/ freeing memory issues Null pointer deference (leaky pointer checks) Infinite empty loop Uninitialized memory reads / operations Type cast violations All of these types of errors, and many more, are detected during regular builds. Other than the addition of a special option, no other change is necessary. Developers typically find that detecting and eliminating these errors during the design and early implementation phase is an order of magnitude cheaper than detecting them later during development or having to generate patches for critical bugs. Figure 1. Comprehensive view of static errors However, not all errors are detectable at compile time. Some real errors may not be reported (these are called false negatives) and some reported errors might not actually be issues (these are called false positives). The goal of the tool is to minimize these types of errors. Another real limitation is that some errors depend on data that is available only at runtime. For such errors, the tool offers dynamic code checking capabilities. The advantage of using the same compiler to produce static errors is two fold: what is compiled is exactly what is checked and the tool does not use any other external parsing technique which may or may not analyze the same code the compilers see during build time. Dynamic Analysis While static code checking is extremely useful, it does have some limitations outlined above. Additionally, developers want to know exactly how an issue 2 ORACLE SOLARIS STUDIO CODE ANALYZER

arose during application runtime. Dynamic checking provides a complementary view in discovering common kinds of errors: Reading from and writing to unallocated memory Accessing memory beyond allocated array bounds Incorrect use of freed memory Freeing the wrong memory blocks Uninitialized memory reads / writes Memory leaks Dynamic checking works on binaries built with the Oracle Solaris Studio compilers. No special compilation flag is necessary, although the presence of the g option is recommended to help identify offending source lines. Access to source code is not required, which means it can be used on production binaries and works well with third party libraries. The binary is instrumented for these memory related errors. Due to the close linkage with the compilers and intimate knowledge of hardware and Oracle Solaris interfaces, the overhead incurred during dynamic checking is the smallest among similar tools. Figure 2. Comprehensive view of dynamic errors Code Coverage to Identify Gaps in Testing Code coverage checking uses binary instrumentation to inspect test suite runs of an application and to identify vulnerabilities by highlighting source fragments that are not covered. Highlights include: Collecting and aggregating data on uncovered portions of code over multiple runs, thus making it suitable for integration during automated product testing Displaying potential coverage percentage Multi-threaded and Multi-process safe Low overhead of instrumentation during runs The code coverage checking feature of the Code Analyzer provides a sorted list of most important functions that have not been tested. These are functions with 3 ORACLE SOLARIS STUDIO CODE ANALYZER

the largest functionalities. It also hides uncovered functions that are subsumed by other functions, reducing clutter. Graphical or Command-line Interface to Meet Various User Needs Based on the award-winning NetBeans framework, the Code Analyzer GUI provides an easy to use graphical view of the data collected by these three types of analysis. The tool opens with two panes: one pane highlights the types of vulnerabilities found and the other pane details the errors in the context of the surrounding code fragments to quickly pinpoint the root cause of the issues. The featurerich GUI provides: Filters to enable focus on select types of vulnerabilities or a selection of source files to focus on Buttons to hide, show and mark vulnerabilities according to users preference Integrated editor for easy source fixes Source browsing: class, method, field usages, call-graph information Figure 3. Overview of Code Analyzer GUI The Code Analyzer also provides a command-line interface to view analysis results. In addition, it provides the ability to filter new errors and recently fixed errors making it easy to understand recent updates to the program. The Code Analyzer combines the advantages of bug-finding capabilities of static and dynamic code checking along with coverage capabilities, to help developers produce better code with fewer errors in less time. 4 ORACLE SOLARIS STUDIO CODE ANALYZER

SPARC M7 Silicon Secured Memory and Code Analyzer Oracle s new SPARC M7 processor offers new coengineered hardware and software capabilities that enable applications to run with the highest levels of security, reliability, and speed. This functionality is known as Software in Silicon. One key Software in Silicon feature is called Silicon Secured Memory. Silicon Secured Memory detects common memory access errors, thereby limiting runtime data corruption due to such errors. It can be used to detect the following types of memory access errors: Buffer overflows Unallocated memory or freed memory access errors Double free memory access errors Stale pointer memory access errors The Code Analyzer detects runtime-related memory errors identified by Silicon Secured Memory and provides developers additional system information, making it easy to locate and fix issues. With support for Silicon Secured Memory, developers get a memory access checker that runs at near real-time speeds. CONTACT US For more information about Oracle Solaris Studio, visit oracle.com/goto/solarisstudio or call +1.800.ORACLE1 to speak to an Oracle representative. CONNECT WITH US blogs.oracle.com/oracle facebook.com/oracle twitter.com/oracle oracle.com Copyright 2014, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 1015 5 ORACLE SOLARIS STUDIO CODE ANALYZER

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information