Static Analysis

From MozillaWiki
Jump to: navigation, search

Mozilla Static analysis mailing list also available as m.d.static-analysis newsgroup

Current Status

  • Compiler warnings: all of our compilers have a number of warnings. We try to turn on as many as we can, and make warnings on most Mozilla code fatal, i.e. your build will fail if the compiler warns. We generally turn off fatal warnings for third-party code, and sometimes attempt to get fixes for the warnings pushed upstream.
  • Custom static analyses: We have a clang plugin with a number of Gecko-specific checks. There's terse documentation on the attributes we use to drive some of the checks here. Some checks are just good hygiene (e.g. MOZ_IMPLICIT), some checks exist to help you do the right thing (e.g. MOZ_MUST_OVERRIDE, MOZ_RAII, MOZ_MUST_USE), and some checks exist to prevent security bugs (e.g. MOZ_NON_MEMMOVABLE and related attributes). The checker currently runs on every push we do, on Windows, Mac, and Linux.
  • Coverity: runs their code checker on Firefox every couple of days and throws all the problems into a nicely searchable database.


Applications for static analysis tools for Mozilla 2:

  • Develop code rewriting Pork tools.
  • Develop static analysis DXR tool, then:
    • Clean up uses of obsolete API. Gecko:Obsolete API
    • Automatically identify unused or hardly-used code.
    • Ownership analysis:
      • Strong/weak pointers.
      • Optional annotations for strong vs. weak pointer.
      • Finding raw pointers that should be weak or strong.
      • Static cycle detection.
      • Static reference-counting elimination.
    • "Who can point to" analysis.
  • Auto-generate traverse and unlink methods for the Cycle Collector
    • Oink finds outgoing pointers, generates iterators.
  • Check and enforce exception safety.
    • Find stack pointers to malloc'ed temporary hazards.
    • Refactoring opportunities arising from exceptions.
  • Control flow analysis
    • Find lock/unlock pairs that need try-catch.
    • A CUTE "plusplus" (CUTE++) on Pork
  • Generate patches to convert from nsresults to C++ exceptions.
  • Identify C++ to convert to JS2...
    • ... and translate it automatically.
    • C++ candidate code uses only scriptable interfaces, strings, primitives.
  • Canonicalization:
    • Replace XPCOM portability veneer with std-C++ equivalents.
    • Replace NSPR C portability veneer with std-C equivalents?
  • Enforce confidentiality properties:
    • Chrome never evals a content-tainted string.
    • C++ never snprintfs using a content-tainted string.
  • SpiderMonkey Exact-GC safety bugs. See the GC_SafetySpec page for the latest.
    • "Not stored in the heap" pointer dataflow analysis. Implemented in Oink: finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
  • Dataflow enforcement of correct API usage (CQual++):
    • String character set encoding mistakes.
  • More dataflow enforcement (beyond the reach of CQual++):
    • Unit analysis (twips vs. pixels) for layout and rendering.
  • Code metrics, to compare to similar open source projects:
    • Virtual method declaration and call populations.
    • Cohesion, coupling, other modularity measures.

See also: Static Analysis/Installing the Oink Stack