Oracle Developer Studio Code Analyzer

Similar documents
Oracle Developer Studio 12.6

Oracle Developer Studio Performance Analyzer

Correction Documents for Poland

VISUAL APPLICATION CREATION AND PUBLISHING FOR ANYONE

Creating Custom Project Administrator Role to Review Project Performance and Analyze KPI Categories

Generate Invoice and Revenue for Labor Transactions Based on Rates Defined for Project and Task

Oracle Cloud Applications. Oracle Transactional Business Intelligence BI Catalog Folder Management. Release 11+

JD Edwards EnterpriseOne Licensing

Oracle DIVArchive Storage Plan Manager

Oracle Financial Consolidation and Close Cloud. What s New in the December Update (16.12)

An Oracle White Paper November Primavera Unifier Integration Overview: A Web Services Integration Approach

COMPUTE CLOUD SERVICE. Moving to SPARC in the Oracle Cloud

Oracle CIoud Infrastructure Load Balancing Connectivity with Ravello O R A C L E W H I T E P A P E R M A R C H

Oracle Java SE Advanced for ISVs

Oracle Enterprise Performance Reporting Cloud. What s New in September 2016 Release (16.09)

JD Edwards EnterpriseOne User Experience

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 2, Memory Barriers and Memory Fences

Tutorial on How to Publish an OCI Image Listing

Veritas NetBackup and Oracle Cloud Infrastructure Object Storage ORACLE HOW TO GUIDE FEBRUARY 2018

WHAT S NEW IN ORACLE USER PRODUCTIVITY KIT PROFESSIONAL

Oracle Learn Cloud. Taleo Release 16B.1. Release Content Document

Repairing the Broken State of Data Protection

Oracle Service Cloud Agent Browser UI. November What s New

Oracle Fusion Configurator

Loading User Update Requests Using HCM Data Loader

Oracle Database Security Assessment Tool

Installation Instructions: Oracle XML DB XFILES Demonstration. An Oracle White Paper: November 2011

Oracle Utilities CC&B V2.3.1 and MDM V2.0.1 Integrations. Utility Reference Model Synchronize Master Data

Oracle Financial Consolidation and Close Cloud. What s New in the February Update (17.02)

Oracle Social Network

Oracle Financial Consolidation and Close Cloud. What s New in the November Update (16.11)

Extreme Performance Platform for Real-Time Streaming Analytics

Oracle Express CPQ for Salesforce.com

August 6, Oracle APEX Statement of Direction

Automatic Receipts Reversal Processing

TABLE OF CONTENTS DOCUMENT HISTORY 3

Protecting Your Investment in Java SE

Load Project Organizations Using HCM Data Loader O R A C L E P P M C L O U D S E R V I C E S S O L U T I O N O V E R V I E W A U G U S T 2018

Using the Oracle Business Intelligence Publisher Memory Guard Features. August 2013

Oracle Learn Cloud. What s New in Release 15B.1

Oracle Mobile Application Framework

Oracle Financial Consolidation and Close Cloud

NOSQL DATABASE CLOUD SERVICE. Flexible Data Models. Zero Administration. Automatic Scaling.

Oracle WebLogic Portal O R A C L E S T A T EM EN T O F D I R E C T IO N F E B R U A R Y 2016

Handling Memory Ordering in Multithreaded Applications with Oracle Solaris Studio 12 Update 2: Part 1, Compiler Barriers

ORACLE SNAP MANAGEMENT UTILITY FOR ORACLE DATABASE

ORACLE SERVICES FOR APPLICATION MIGRATIONS TO ORACLE HARDWARE INFRASTRUCTURES

Hard Partitioning with Oracle VM Server for SPARC O R A C L E W H I T E P A P E R J U L Y

Oracle Big Data SQL. Release 3.2. Rich SQL Processing on All Data

RAC Database on Oracle Ravello Cloud Service O R A C L E W H I T E P A P E R A U G U S T 2017

Oracle WebLogic Server Multitenant:

Subledger Accounting Reporting Journals Reports

Oracle Data Masking and Subsetting

ORACLE DATABASE LIFECYCLE MANAGEMENT PACK

Working with Time Zones in Oracle Business Intelligence Publisher ORACLE WHITE PAPER JULY 2014

WHAT S NEW IN ORACLE USER PRODUCTIVITY KIT PROFESSIONAL

Configuring Oracle Business Intelligence Enterprise Edition to Support Teradata Database Query Banding

Oracle Grid Infrastructure 12c Release 2 Cluster Domains O R A C L E W H I T E P A P E R N O V E M B E R

Siebel CRM Applications on Oracle Ravello Cloud Service ORACLE WHITE PAPER AUGUST 2017

Oracle Solaris 11: No-Compromise Virtualization

An Oracle Technical Article March Certification with Oracle Linux 4

STORAGETEK SL150 MODULAR TAPE LIBRARY

WebCenter Portal Task Flow Customization in 12c O R A C L E W H I T E P A P E R J U N E

Oracle Secure Backup. Getting Started. with Cloud Storage Devices O R A C L E W H I T E P A P E R F E B R U A R Y

Product Release Notes

See What's Coming in Oracle Taleo Business Edition Cloud Service

Oracle Profitability and Cost Management Cloud. November 2017 Update (17.11) What s New

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

WHAT S NEW IN ORACLE USER PRODUCTIVITY KIT

Oracle Data Provider for.net Microsoft.NET Core and Entity Framework Core O R A C L E S T A T E M E N T O F D I R E C T I O N F E B R U A R Y

Oracle Big Data Connectors

STORAGETEK SL150 MODULAR TAPE LIBRARY

Achieving High Availability with Oracle Cloud Infrastructure Ravello Service O R A C L E W H I T E P A P E R J U N E

Oracle Diagnostics Pack For Oracle Database

See What's Coming in Oracle Express CPQ for Salesforce.com

Migration Best Practices for Oracle Access Manager 10gR3 deployments O R A C L E W H I T E P A P E R M A R C H 2015

Oracle NoSQL Database For Time Series Data O R A C L E W H I T E P A P E R D E C E M B E R

Oracle Financial Consolidation and Close Cloud. What s New in the March Update (17.03)

An Oracle White Paper December, 3 rd Oracle Metadata Management v New Features Overview

Oracle JD Edwards EnterpriseOne Object Usage Tracking Performance Characterization Using JD Edwards EnterpriseOne Object Usage Tracking

Pricing Cloud: Upgrading to R13 - Manual Price Adjustments from the R11/R12 Price Override Solution O R A C L E W H I T E P A P E R A P R I L

Migrating VMs from VMware vsphere to Oracle Private Cloud Appliance O R A C L E W H I T E P A P E R O C T O B E R

Oracle Enterprise Data Quality New Features Overview

Oracle Enterprise Performance Reporting Cloud. What s New in the November Update (16.11)

TABLE OF CONTENTS DOCUMENT HISTORY 3

Rapid Bottleneck Identification A Better Way to do Load Testing. An Oracle White Paper June 2008

DATA INTEGRATION PLATFORM CLOUD. Experience Powerful Data Integration in the Cloud

StorageTek ACSLS Manager Software Overview and Frequently Asked Questions

MySQL CLOUD SERVICE. Propel Innovation and Time-to-Market

Application Container Cloud

StorageTek ACSLS Manager Software

An Oracle White Paper July Methods for Downgrading from Oracle Database 11g Release 2

STORAGE CONSOLIDATION AND THE SUN ZFS STORAGE APPLIANCE

Oracle Spatial and Graph: Benchmarking a Trillion Edges RDF Graph ORACLE WHITE PAPER NOVEMBER 2016

Oracle Utilities Customer Care and Billing Release Utility Reference Model a Load Meter Reads

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Installing and Updating Local Software Packages 12c Release

Oracle Grid Infrastructure Cluster Domains O R A C L E W H I T E P A P E R F E B R U A R Y

CONTAINER CLOUD SERVICE. Managing Containers Easily on Oracle Public Cloud

See What's Coming in Oracle CPQ Cloud

An Oracle White Paper October Deploying and Developing Oracle Application Express with Oracle Database 12c

Transcription:

Oracle Developer Studio Code Analyzer The Oracle Developer Studio Code Analyzer ensures application reliability and security by detecting application vulnerabilities, including memory leaks and memory access violations, enabling developers to write better code with fewer errors faster. Introduction K E Y F E A T U R E S Integrated and comprehensive view of common coding errors via interactive GUI or command-line interface to meet scripting needs Quick identification of Silicon Secured Memory runtime-related errors on the latest Oracle SPARC systems with Silicon Secured Memory technology Get accurate analysis faster than competitive alternatives Low false positive rate Static code checking detects common programming errors as part of normal build process Dynamic code checking finds memory-related errors in executed code paths Code Coverage checking informs developers of gaps in test coverage K E Y B U S I N E S S B E N E F I T S Improve software quality, security, and reliability Increase developer productivity Have you ever been called in the middle of the night because your application crashed? Does your application exhibit mysterious intermittent failures that are hard to pinpoint? Do you think your software is not adequately tested? The Code Analyzer helps identify application reliability and security issues by utilizing dynamic, static and code coverage analysis to detect common coding errors, including memory leaks and memory access violations faster than competitive alternatives. In addition, the Code Analyzer provides support for SPARC Silicon Secured Memory, enabling developers to find and fix memory errors with minimal overhead. The Code Analyzer performs static analysis when you are compiling your application and it performs dynamic analysis when you are running your application and gives you feedback about where you may have errors. In addition, it provides code coverage data to give you information about functions that are not covered by your test suite and provides guidance on the type of benefit you could get by covering those functions. The Code Analyzer provides a comprehensive view of application vulnerabilities by synthesizing the data collected from these three types of analysis, enabling you to improve application correctness and reliability. It also provides advanced error filtering and sorting capabilities, enabling you to track, detect, and fix issues faster. Static Analysis Modern static checking can uncover implementation defects in software earlier, more reliably and at a far lower cost than conventional testing methods. Unlike early Unix tools like lint, programs can now be analyzed at a semantic level to point out real defects, rather than potentially problematic constructs. Using sophisticated analysis techniques, bugs and implementation defects can be found during compilation and fixed right away, saving enormous amounts of time and resources. Static Analysis is enabled in the compiler when building your application. Some of the useful errors found during this phase include: Reading and writing beyond array bounds Incorrect malloc and freed/ freeing memory issues

Null pointer deference (leaky pointer checks) Infinite empty loop Uninitialized memory reads / operations Type cast violations All of these types of errors, and many more, are detected during regular builds. Other than the addition of a special option, no other change is necessary. Developers typically find that detecting and eliminating these errors during the design and early implementation phase is an order of magnitude cheaper than detecting them later during development or having to generate patches for critical bugs. Figure 1. Comprehensive view of static errors However, not all errors are detectable at compile time. Some real errors may not be reported (these are called false negatives) and some reported errors might not actually be issues (these are called false positives). The goal of the tool is to minimize these types of errors. Another real limitation is that some errors depend on data that is available only at runtime. For such errors, the tool offers dynamic code checking capabilities. The advantage of using the same compiler to produce static errors is twofold: what is compiled is exactly what is checked and the tool does not use any other external parsing technique which may or may not analyze the same code the compilers see during build time. Dynamic Analysis While static code checking is extremely useful, it does have some limitations outlined above. Additionally, developers want to know exactly how an issue arose during application runtime. Dynamic checking provides a complementary view in discovering 2 ORACLE DEVELOPER STUDIO CODE ANALYZER

common kinds of errors: Reading from and writing to unallocated memory Accessing memory beyond allocated array bounds Incorrect use of freed memory Freeing the wrong memory blocks Uninitialized memory reads / writes Memory leaks Dynamic checking works on binaries built with the Oracle Developer Studio compilers. No special compilation flag is necessary, although the presence of the g option is recommended to help identify offending source lines. Access to source code is not required, which means it can be used on production binaries and works well with third party libraries. The binary is instrumented for these memory related errors. Due to the close linkage with the compilers and intimate knowledge of hardware and Oracle Solaris interfaces, the overhead incurred during dynamic checking is the smallest among similar tools. Figure 2. Comprehensive view of dynamic errors Code Coverage to Identify Gaps in Testing Code coverage checking uses binary instrumentation to inspect test suite runs of an application and to identify vulnerabilities by highlighting source fragments that are not covered. Highlights include: Collecting and aggregating data on uncovered portions of code over multiple runs, thus making it suitable for integration during automated product testing Displaying potential coverage percentage Multi-threaded and Multi-process safe 3 ORACLE DEVELOPER STUDIO CODE ANALYZER

Low overhead of instrumentation during runs The code coverage checking feature of the Code Analyzer includes unique patented technology that provides a sorted list of most important functions that have not been tested. These are functions with the largest functionalities. It also hides uncovered functions that are subsumed by other functions, reducing clutter. Graphical or Command-line Interface to Meet Various User Needs Based on the award-winning NetBeans framework, the Code Analyzer GUI provides an easy to use graphical view of the data collected by these three types of analysis. The tool opens with two panes: one pane highlights the types of vulnerabilities found and the other pane details the errors in the context of the surrounding code fragments to quickly pinpoint the root cause of the issues. The feature-rich GUI provides: Filters to enable focus on select types of vulnerabilities or a selection of source files to focus on Buttons to hide, show and mark vulnerabilities according to users preference Integrated editor for easy source fixes Source browsing: class, method, field usages, call-graph information Figure 3. Overview of Code Analyzer GUI The Code Analyzer also provides a command-line interface to view analysis results. In addition, it provides the ability to filter new errors and recently fixed errors making it easy to understand recent updates to the program. The Code Analyzer combines the advantages of bug-finding capabilities of static and 4 ORACLE DEVELOPER STUDIO CODE ANALYZER

dynamic code checking along with coverage capabilities, to help developers produce better code with fewer errors in less time. SPARC Silicon Secured Memory and Code Analyzer Oracle s latest SPARC processors offer coengineered hardware and software capabilities that enable applications to run with the highest levels of security, reliability, and speed. This functionality is known as Software in Silicon. One key Software in Silicon feature is called Silicon Secured Memory. Silicon Secured Memory detects common memory access errors, thereby limiting runtime data corruption due to such errors. It can be used to detect the following types of memory access errors: Buffer overflows (Buffer overreads and overwrites) Unallocated memory or freed memory access errors Double free memory access errors Stale pointer memory access errors The Code Analyzer detects runtime-related memory errors identified by Silicon Secured Memory and provides developers additional system information, making it easy to locate and fix issues. When using the Code Analyzer on systems with SPARC Silicon Secured Memory technology, developers get a memory access checker that runs at real-time speeds because the tool leverages the acceleration provided by the Software in Silicon capabilities on the hardware. C O N T A C T U S For more information about Oracle Developer Studio, visit oracle.com or call +1.800.ORACLE1 to speak to an Oracle representative. C O N N E C T W I T H U S blogs.oracle.com/oracle facebook.com/oracle twitter.com/oracle oracle.com Copyright 2017, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. 0617 5 ORACLE DEVELOPER STUDIO CODE ANALYZER

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback