Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sessions of Interest 2.

Slides:



Advertisements
Similar presentations
1.
Advertisements

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.
Oracle Labs Graph Analytics Research Hassan Chafi Sr. Research Manager Oracle Labs Graph-TA 2/21/2014.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1.
Jim Ferrentino Elizabeth West
High Tech Executive Discussion New Industry Solutions to Shape Your Future Rosh Dawes, Equinix Joseph Ahn: Principal Consultant, Samsung SDS Jaechul Lee:
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Oracle Cloud Marketplace Neelesh Gurnani Director, Product Development Arif Khan Director, Product Management September 29, 2014 Copyright © 2014, Oracle.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Introduction and Update: Oracle Hyperion Financial Close Management CON8536 Richard.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2 Hidden Gems of APEX David Gale Software Engineer Oracle Application Express November,
The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.
Best Practices for Supporting Oracle Hyperion EPM and Business Intelligence Solutions Mitra Veluri Senior Principal Technical Support Engineer David Valociek.
Best Practices for Upgrading Oracle PeopleSoft Environments
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
2 2 The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit The Newest JDE Module – Rental Management Joel Sandberg Sales Consultant.
Getting Started with Oracle Compute Cloud
Overview of SQL Server Alka Arora.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.
Multi-core Programming Thread Profiler. 2 Tuning Threaded Code: Intel® Thread Profiler for Explicit Threads Topics Look at Intel® Thread Profiler features.
1. When things go wrong: how to find SQL error Sveta Smirnova Principle Technical Support Engineer, Oracle.
1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Reporting from Contract.
Oracle E-Business Suite Order Management: Presenting the HTML and Mobile User Experience Durgaprasad Bodapati Director, Product Management Bhavana Sharma.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
Oracle Patching and Maintenance A practical guide for System Administrators October 2009.
Hadoop 2 cluster with Oracle Solaris Zones, ZFS and unified archives Orgad Kimchi - Principal Software Engineer September 29, 2014 Oracle Confidential.
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1 Quick Tutorial – Part 2 Open Data Web Services for Oracle BPM August, 2013 Forms.
1Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8 Contract Management.
SQL Tuning made much easier with SQLTXPLAIN (SQLT) Mauro Pagano Senior Principal Technical Support Engineer Oracle Confidential – Internal/Restricted/Highly.
Use of Coverity & Valgrind in Geant4 Gabriele Cosmo.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit Really Cool Demo Stuff – 2015 Edition!!!!! For demo content, please.
1. S318417: OAUG SysAdmin SIG Angelo Rosado, Oracle Senior Product Manager Kenneth Baxter, Oracle Strategy Product Manager Biju Mohan, Oracle Principal.
® IBM Software Group © 2006 IBM Corporation PurifyPlus on Linux / Unix Vinay Kumar H S.
1. When things go wrong: how to find SQL error Sveta Smirnova Principle Technical Support Engineer, Oracle.
CSCI Rational Purify 1 Rational Purify Overview Michel Izygon - Jim Helm.
1 Splint: A Static Memory Leakage tool Presented By: Krishna Balasubramanian.
Workforce Scheduling Release 5.0 for Windows Implementation Overview OWS Development Team.
Protecting C Programs from Attacks via Invalid Pointer Dereferences Suan Hsi Yong, Susan Horwitz University of Wisconsin – Madison.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Planning & Budgeting Cloud Service (PBCS) Overview Business Analytics Product Group.
Industry specific cover image Girish Jashnani What’s new in R12 – A technology perspective Jan 17 th 2007.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Proactive Recommendations Public Sector SIG Vanha Le Principal Technical Support.
Debugging Malloc Lab Detecting Memory-Related Errors.
Tuning Threaded Code with Intel® Parallel Amplifier.
Improve Embedded System Stability and Performance through Memory Analysis Tools Bill Graham, Product Line Manager Development Tools November 14, 2006.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 1.
Lecture 1 Page 1 CS 111 Summer 2013 Important OS Properties For real operating systems built and used by real people Differs depending on who you are talking.
CON8473 – Oracle Distribution of OpenStack Ronen Kofman Director of Product Management Oracle OpenStack September, 2014 Copyright © 2014, Oracle and/or.
Oracle Java Cloud Service Oracle Develop July 2013.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | PeopleSoft Order Management Pricing Managers: Have We Got Tools for You Oracle Confidential.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What You Need to Know About User Defined Objects (UDOs) With Tools Release 9.2.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Daddy, what's a middle wear? An incredibly oversimplified explanation of what Middleware.
Content Coverity Static Analysis Use cases of Coverity Examples
YAHMD - Yet Another Heap Memory Debugger
Debugging Memory Issues
My Oracle Support (The next generation Metalink experience) lynn
OpenWorld 2018 How to Create Chatbots with OMCe
Flight Recorder in OpenJDK
JD Edwards Support and Oracle Cloud Infrastructure: A Successful Path to Oracle Cloud
Confidential – Oracle Internal/Restricted/Highly Restricted
Confidential – Oracle Internal/Restricted/Highly Restricted
OpenWorld 2018 Oracle API Platform: How to Manage Typical Workflows
How To Integrate Your Applications Into TMT Fleet Maintenance via Web Services Ben Davis AM Integrations Team Lead.
Confidential – Oracle Internal/Restricted/Highly Restricted
Principal Product Manager Oracle Data Science Platform
Introduction to Static Analyzer
1.
Oracle Java SE Subscriptions; Protect Your Investment in Java SE
Presentation transcript:

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sessions of Interest 2

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | September 28 – October 2, 2014 San Francisco Code Analysis Tools For Achieving Consistent, Secure and Reliable Product Quality Sheldon Lobo Oracle Solaris Studio Jared Smolens Microelectronics

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study OpenSSL Heartbleed Wrap-up

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Solaris Studio Compiler Suite C, C++ Compiler Visual Debugger Performance Library Fortran Compiler #1 Development Tool Suite for Oracle Systems Analysis Suite Performance Analyzer Code Analyzer Thread Analyzer IDE 6

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Solaris Studio Compiler Suite C, C++ Compiler Visual Debugger Performance Library Fortran Compiler #1 Development Tool Suite for Oracle Systems Analysis Suite Performance Analyzer Code Analyzer Thread Analyzer IDE 7

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What is the Code Analyzer Code Analyzer Tools Previse – Source code analysis Discover – Runtime memory analysis – Memory leak detection Uncover – Code coverage Supported Interfaces CLI GUI IDE 8

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | The Studio 12.4 Code Analyzer is better Tightly integrated with the Studio compiler, tools, and IDE. 9 – Reliable – In sync – Backwards compatible Binary based, no recompilation. Compare and/or accumulate multiple run results. Customizable via the parseable results format. Free! – Fast – No additional configuration – Debugable

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study OpenSSL Heartbleed Wrap-up

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Internal simulation tool for designing and analyzing next-generation SPARC CPUs 440,000+ lines of C/C++ code built with Oracle Solaris Studio on SPARC/Solaris Largest simulations can run for 2-3 days, consume 200+GB RAM, ~32 processes Heavily-optimized codebase, including custom allocators and hand-crafted data structures Time to reproduce and diagnose a bug is a limiting factor for our performance engineers SPARC Processor Model Overview 11

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Reference for SPARC CPU designs Projects performance for maturing products Follows design through pre-silicon implementation Well-defined designs Gradual changes week-to-week Outcome generally predictable Experimental platform for future CPUs Initial path-finding looks at “out-of-the- box” ideas First prototypes often ad-hoc and “use- once”, no specifications, few tests May eventually inspire reference code Large code revisions week-to-week No two simulations are the same Two Application Usage Models Single code base with biweekly merges of committed code 12

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | On critical path to releasing chip to manufacturing – Hundreds of new lines of code + recent source merge – BUT we hit non-deterministic SEGV in multi-day simulations I requested a small-input test case from developer – Built a discover-instrumented binary – Ran smaller test case Targeted Bug Hunting with Discover 13

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | On critical path to releasing chip to manufacturing – Hundreds of new lines of code + recent source merge – BUT we hit non-deterministic SEGV in multi-day simulations I requested a small-input test case from developer – Built a discover-instrumented binary – Ran smaller test case In <4 hours discover pinpointed both: – Line of code and reason for the crash (array bounds write). Engineer delivered fix the same afternoon Targeted Bug Hunting with Discover buf[-1] = val; [0] [1] [2] [3] [4] ABW! 14

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse: static code analysis – Simple rebuild with –xanalyze=code – Error report available immediately after build Discover: dynamic code analysis – Execute regular battery of check-in tests 500+ wide-ranging tests; baseline code runs <1 hr in compute ranch – Build rules replace custom memory allocators with trivial malloc()/free() calls using #ifdef, debug compiler flags – We request 2x additional memory, expect longer runtime Biweekly Checkup Process 15

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Triage output after each weekend run – Perl scripts aggregate previse and discover output – Sort previously-known errors and false positives Typically a handful of new error signatures – ~30 minutes to dispatch new errors to unit owners Most common errors – Uninitialized variable read/write – Array bounds errors – Freed memory read/write Biweekly Checkup Process Discover’s output: { Error stack, Alloc location stack, Free location stack } Provides developers sufficient information to completely isolate many common errors Many new errors now detected proactively 16

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study OpenSSL Heartbleed Wrap-up

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | OpenSSL Heartbleed Type (1 byte)Length (2 bytes)Payload data TLS1_HB_REQUEST65535X (1 byte) Type (1 byte)Length (2 bytes)Payload data TLS1_HB_RESPONSE65535X (65535 bytes) Heartbeat sent to victim (4 bytes): Victim’s response (65538 bytes): 18

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | OpenSSL Heartbeat source typedef struct ssl3_record_st { […] unsigned int length; /* How many bytes available */ […] unsigned char *data; /* pointer to the record data */ […] } SSL3_RECORD; unsigned char *p = &s->s3->rrec.data[0], *pl; […] /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); Read Heartbeat Request Create Heartbeat Response 19

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Heartbleed with Code Analyzer 20

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Heartbleed with Code Analyzer 21

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | OpenSSL Heartbeat source fix typedef struct ssl3_record_st { […] unsigned int length; /* How many bytes available */ […] unsigned char *data; /* pointer to the record data */ […] } SSL3_RECORD; unsigned char *p = &s->s3->rrec.data[0], *pl; […] /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); Read Heartbeat Request Create Heartbeat Response if ([…]+payload > s->s3->rrec.length) return 0; 22

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis int a[5]; 23

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis for (i=0; i<=5; i++) printf(“%d\n”, a[i]); int a[5]; 24

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis for (i=0; i<=5; i++) printf(“%d\n”, a[i]); int a[5]; 25

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis for (i=0; i<=5; i++) printf(“%d\n”, a[i]); int a[5]; 26

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); 27

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); printf(“*y = %c\n”, *y); 28

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); printf(“*y = %c\n”, *y); 29

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); printf(“*y = %c\n”, *y); 30

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; 31

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; printf(“*y = %c\n”, *y); 32

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; printf(“*y = %c\n”, *y); 33

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; printf(“*y = %c\n”, *y); 34

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Dogfooding 35 Internal Studio Usage Code statistics: Over 10K C/C++ source/header files Over 4M lines of C/C++ code ~300 binaries delivered Compiler and tools built nightly with Previse, new errors sent to the responsible engineer. Major components built with Discover, run on a representative test suite.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | M7 Application Data Integrity (ADI) 36 Memory checking in Silicon Real-time Data Integrity checking in test and production environments. – HW implementation, Low overhead Colored pointers detect accesses outside a memory region. – Buffer overflow – Freed pointer – Stale pointer

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | ADI in Development Ensures App Correctness 37 ADI in Deployment Ensures Data Integrity Application Oracle Solaris Studio Code Analyzer provides detailed diagnostic information to aid developers in fixing memory corruption errors Real-time data protection that provides a more robust, vulnerability-resistant platform

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study Heartbleed Wrap-up

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Next Steps and More Information Oracle Solaris Studio OTN page for download, learning resources, forums Sessions of interest: 39

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Solaris Studio 12.4 Highlights Best for Oracle Systems Best for Enterprise Applications C++11 support with validation on latest BOOST libraries Rapid identification of performance bottlenecks with re-designed Performance Analyzer UI New CLI codean, APIs, and report comparison with updated Code Analyzer Efficient code editing with IDE tuned for large apps Highest application performance on new Oracle Systems Oracle SPARC T5, M5 & M6 Intel x86 Haswell Fujitsu M10 & M10+ Leverage Oracle product integration and joint innovations 40

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |41 Questions? facebook.com/oraclesolarisstudio Learn More; Stay Connected List of sessions/demos/HOLs: bit.ly/OOW14-Solaris

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Hardware and Software Engineered to Work Together Database Oracle Applications Oracle SPARC & x86 Systems Oracle SolarisTuxedo Oracle Linux Developer Tools A Better Development Platform 42

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Backup Slides 43

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Memory corruption 44

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Automated new development checking 45

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Nightly automated checking 46

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis CLI 47

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis CLI 48

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis GUI 49

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis CLI 50

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis GUI 51

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 52

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 53

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 54

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 55

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis CLI 56

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis CLI 57

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis GUI 58

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis GUI 59

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis IDE 60

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis IDE 61

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Code Coverage GUI 62

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Code Coverage GUI 63

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisnew 64

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisnew 65

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisfixed 66

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisfixed 67

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover APIs 68

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover APIs 69

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Multiple tools 70

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Multiple tools 71

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Error suppression 72

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.