Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sessions of Interest 2.

Published byMaria Alison Dennis Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sessions of Interest 2."— Presentation transcript:

1

2 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sessions of Interest 2

3 Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | September 28 – October 2, 2014 San Francisco Code Analysis Tools For Achieving Consistent, Secure and Reliable Product Quality Sheldon Lobo Oracle Solaris Studio Jared Smolens Microelectronics

4 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

5 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study OpenSSL Heartbleed Wrap-up 1 2 3 4 5

6 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Solaris Studio Compiler Suite C, C++ Compiler Visual Debugger Performance Library Fortran Compiler #1 Development Tool Suite for Oracle Systems Analysis Suite Performance Analyzer Code Analyzer Thread Analyzer IDE 6

7 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Solaris Studio Compiler Suite C, C++ Compiler Visual Debugger Performance Library Fortran Compiler #1 Development Tool Suite for Oracle Systems Analysis Suite Performance Analyzer Code Analyzer Thread Analyzer IDE 7

8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | What is the Code Analyzer Code Analyzer Tools Previse – Source code analysis Discover – Runtime memory analysis – Memory leak detection Uncover – Code coverage Supported Interfaces CLI GUI IDE 8

9 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | The Studio 12.4 Code Analyzer is better Tightly integrated with the Studio compiler, tools, and IDE. 9 – Reliable – In sync – Backwards compatible Binary based, no recompilation. Compare and/or accumulate multiple run results. Customizable via the parseable results format. Free! – Fast – No additional configuration – Debugable

10 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study OpenSSL Heartbleed Wrap-up 2 3 4 1 10

11 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Internal simulation tool for designing and analyzing next-generation SPARC CPUs 440,000+ lines of C/C++ code built with Oracle Solaris Studio on SPARC/Solaris Largest simulations can run for 2-3 days, consume 200+GB RAM, ~32 processes Heavily-optimized codebase, including custom allocators and hand-crafted data structures Time to reproduce and diagnose a bug is a limiting factor for our performance engineers SPARC Processor Model Overview 11

12 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Reference for SPARC CPU designs Projects performance for maturing products Follows design through pre-silicon implementation Well-defined designs Gradual changes week-to-week Outcome generally predictable Experimental platform for future CPUs Initial path-finding looks at “out-of-the- box” ideas First prototypes often ad-hoc and “use- once”, no specifications, few tests May eventually inspire reference code Large code revisions week-to-week No two simulations are the same Two Application Usage Models Single code base with biweekly merges of committed code 12

13 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | On critical path to releasing chip to manufacturing – Hundreds of new lines of code + recent source merge – BUT we hit non-deterministic SEGV in multi-day simulations I requested a small-input test case from developer – Built a discover-instrumented binary – Ran smaller test case Targeted Bug Hunting with Discover 13

14 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | On critical path to releasing chip to manufacturing – Hundreds of new lines of code + recent source merge – BUT we hit non-deterministic SEGV in multi-day simulations I requested a small-input test case from developer – Built a discover-instrumented binary – Ran smaller test case In <4 hours discover pinpointed both: – Line of code and reason for the crash (array bounds write). Engineer delivered fix the same afternoon Targeted Bug Hunting with Discover buf[-1] = val; [0] [1] [2] [3] [4] ABW! 14

15 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse: static code analysis – Simple rebuild with –xanalyze=code – Error report available immediately after build Discover: dynamic code analysis – Execute regular battery of check-in tests 500+ wide-ranging tests; baseline code runs <1 hr in compute ranch – Build rules replace custom memory allocators with trivial malloc()/free() calls using #ifdef, debug compiler flags – We request 2x additional memory, expect longer runtime Biweekly Checkup Process 15

16 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Triage output after each weekend run – Perl scripts aggregate previse and discover output – Sort previously-known errors and false positives Typically a handful of new error signatures – ~30 minutes to dispatch new errors to unit owners Most common errors – Uninitialized variable read/write – Array bounds errors – Freed memory read/write Biweekly Checkup Process Discover’s output: { Error stack, Alloc location stack, Free location stack } Provides developers sufficient information to completely isolate many common errors Many new errors now detected proactively 16

17 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study OpenSSL Heartbleed Wrap-up 4 1 2 3 17

18 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | OpenSSL Heartbleed Type (1 byte)Length (2 bytes)Payload data TLS1_HB_REQUEST65535X (1 byte) Type (1 byte)Length (2 bytes)Payload data TLS1_HB_RESPONSE65535X (65535 bytes) Heartbeat sent to victim (4 bytes): Victim’s response (65538 bytes): 18

19 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | OpenSSL Heartbeat source typedef struct ssl3_record_st { […] unsigned int length; /* How many bytes available */ […] unsigned char *data; /* pointer to the record data */ […] } SSL3_RECORD; unsigned char *p = &s->s3->rrec.data[0], *pl; […] /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); Read Heartbeat Request Create Heartbeat Response 19

20 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Heartbleed with Code Analyzer 20

21 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Heartbleed with Code Analyzer 21

22 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | OpenSSL Heartbeat source fix typedef struct ssl3_record_st { […] unsigned int length; /* How many bytes available */ […] unsigned char *data; /* pointer to the record data */ […] } SSL3_RECORD; unsigned char *p = &s->s3->rrec.data[0], *pl; […] /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); Read Heartbeat Request Create Heartbeat Response if ([…]+payload > s->s3->rrec.length) return 0; 22

23 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis int a[5]; 23

24 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis for (i=0; i<=5; i++) printf(“%d\n”, a[i]); int a[5]; 24

25 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis for (i=0; i<=5; i++) printf(“%d\n”, a[i]); int a[5]; 25

26 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Previse Beyond array bounds access Freed memory Memory leaks Compiler option No change to the executable Compile Time Analysis for (i=0; i<=5; i++) printf(“%d\n”, a[i]); int a[5]; 26

27 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); 27

28 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); printf(“*y = %c\n”, *y); 28

29 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); printf(“*y = %c\n”, *y); 29

30 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover Uninitialized memory access Beyond array bounds access Across compilation units Heap, stack, globals Points to allocation/free code Memory leak APIs Runtime Analysis char *z = (char *) malloc(1); printf(“*y = %c\n”, *y); 30

31 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; 31

32 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; printf(“*y = %c\n”, *y); 32

33 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; printf(“*y = %c\n”, *y); 33

34 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Uncover Source line level granularity Weighted call graph based sorting Coverage potential per function No recompilation Accumulates coverage over multiple runs Code Coverage if (unmet_condition) *y = ‘a’; printf(“*y = %c\n”, *y); 34

35 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Dogfooding 35 Internal Studio Usage Code statistics: Over 10K C/C++ source/header files Over 4M lines of C/C++ code ~300 binaries delivered Compiler and tools built nightly with Previse, new errors sent to the responsible engineer. Major components built with Discover, run on a representative test suite.

36 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | M7 Application Data Integrity (ADI) 36 Memory checking in Silicon Real-time Data Integrity checking in test and production environments. – HW implementation, Low overhead Colored pointers detect accesses outside a memory region. – Buffer overflow – Freed pointer – Stale pointer

37 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | ADI in Development Ensures App Correctness 37 ADI in Deployment Ensures Data Integrity Application Oracle Solaris Studio Code Analyzer provides detailed diagnostic information to aid developers in fixing memory corruption errors Real-time data protection that provides a more robust, vulnerability-resistant platform

38 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Outline Tools introduction SPARC Simulator Case Study Heartbleed Wrap-up 1 2 4 3 38

39 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Next Steps and More Information Oracle Solaris Studio OTN page for download, learning resources, forums Sessions of interest: 39

40 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Solaris Studio 12.4 Highlights Best for Oracle Systems Best for Enterprise Applications C++11 support with validation on latest BOOST libraries Rapid identification of performance bottlenecks with re-designed Performance Analyzer UI New CLI codean, APIs, and report comparison with updated Code Analyzer Efficient code editing with IDE tuned for large apps Highest application performance on new Oracle Systems Oracle SPARC T5, M5 & M6 Intel x86 Haswell Fujitsu M10 & M10+ Leverage Oracle product integration and joint innovations 40

41 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |41 Questions? oracle.com/goto/solarisstudio @SolarisStudio facebook.com/oraclesolarisstudio Learn More; Stay Connected List of sessions/demos/HOLs: bit.ly/OOW14-Solaris

42 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Hardware and Software Engineered to Work Together Database Oracle Applications Oracle SPARC & x86 Systems Oracle SolarisTuxedo Oracle Linux Developer Tools A Better Development Platform 42

43 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Backup Slides 43

44 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Memory corruption 44

45 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Automated new development checking 45

46 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Nightly automated checking 46

47 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis CLI 47

48 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis CLI 48

49 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis GUI 49

50 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis CLI 50

51 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis GUI 51

52 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 52

53 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 53

54 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 54

55 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Compile Time Analysis IDE 55

56 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis CLI 56

57 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis CLI 57

58 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis GUI 58

59 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis GUI 59

60 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis IDE 60

61 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Runtime Analysis IDE 61

62 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Code Coverage GUI 62

63 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Code Coverage GUI 63

64 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisnew 64

65 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisnew 65

66 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisfixed 66

67 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | --whatisfixed 67

68 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover APIs 68

69 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Discover APIs 69

70 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Multiple tools 70

71 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Multiple tools 71

72 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Error suppression 72

Download ppt "Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Sessions of Interest 2."

Similar presentations

1.

1.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Your customer as a segment of one That changes every second! Hein Van Der Merwe Chief.
Oracle Labs Graph Analytics Research Hassan Chafi Sr. Research Manager Oracle Labs Graph-TA 2/21/2014.

Oracle Labs Graph Analytics Research Hassan Chafi Sr. Research Manager Oracle Labs Graph-TA 2/21/2014.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. 1.
Jim Ferrentino Elizabeth West

Jim Ferrentino Elizabeth West
High Tech Executive Discussion New Industry Solutions to Shape Your Future Rosh Dawes, Equinix Joseph Ahn: Principal Consultant, Samsung SDS Jaechul Lee:

High Tech Executive Discussion New Industry Solutions to Shape Your Future Rosh Dawes, Equinix Joseph Ahn: Principal Consultant, Samsung SDS Jaechul Lee:
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Oracle Cloud Marketplace Neelesh Gurnani Director, Product Development Arif Khan Director, Product Management September 29, 2014 Copyright © 2014, Oracle.

Oracle Cloud Marketplace Neelesh Gurnani Director, Product Development Arif Khan Director, Product Management September 29, 2014 Copyright © 2014, Oracle.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle SQL Developer What’s New in Version 4.1 Jeff Smith
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Advanced Metadata Modeling Modeling for the Oracle Business Intelligence Cloud.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Introduction and Update: Oracle Hyperion Financial Close Management CON8536 Richard.

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Introduction and Update: Oracle Hyperion Financial Close Management CON8536 Richard.
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2 Hidden Gems of APEX David Gale Software Engineer Oracle Application Express November,

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2 Hidden Gems of APEX David Gale Software Engineer Oracle Application Express November,
The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.

The Safe Harbor The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated.
Best Practices for Supporting Oracle Hyperion EPM and Business Intelligence Solutions Mitra Veluri Senior Principal Technical Support Engineer David Valociek.

Best Practices for Supporting Oracle Hyperion EPM and Business Intelligence Solutions Mitra Veluri Senior Principal Technical Support Engineer David Valociek.
Best Practices for Upgrading Oracle PeopleSoft Environments

Best Practices for Upgrading Oracle PeopleSoft Environments
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.

Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates.
2 2 The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into.

2 2 The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit The Newest JDE Module – Rental Management Joel Sandberg Sales Consultant.

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. JD Edwards Summit The Newest JDE Module – Rental Management Joel Sandberg Sales Consultant.
Getting Started with Oracle Compute Cloud

Getting Started with Oracle Compute Cloud

Similar presentations

Ads by Google