Static Analysis: Difference between revisions

Revision as of 13:16, 18 November 2019

Current Status

Custom static analyses: We have a clang plugin with a number of Gecko-specific checks. There's terse documentation on the attributes we use to drive some of the checks here. Some checks are just good hygiene (e.g. MOZ_IMPLICIT), some checks exist to help you do the right thing (e.g. MOZ_MUST_OVERRIDE, MOZ_RAII, MOZ_MUST_USE), and some checks exist to prevent security bugs (e.g. MOZ_NON_MEMMOVABLE and related attributes). The checker currently runs on every push we do, on Windows, Mac, and Linux.

clang upstream analyses: For every patch, at review phase, we run a bunch of clang analyzer and clang tidy checkers.

Coverity: Executed at review phase for every patch.

We are also running a bunch of linters: https://firefox-source-docs.mozilla.org/tools/lint/index.html

Compiler warnings: all of our compilers have a number of warnings. We try to turn on as many as we can, and make warnings on most Mozilla code fatal, i.e. your build will fail if the compiler warns. We generally turn off fatal warnings for third-party code, and sometimes attempt to get fixes for the warnings pushed upstream.

@@ Line 1: / Line 1: @@
-Mozilla Static analysis [https://lists.mozilla.org/listinfo/dev-static-analysis mailing list] also available as m.d.static-analysis newsgroup
 == Current Status ==
-* '''Compiler warnings''': all of our compilers have a number of warnings. We try to turn on as many as we can, and make warnings on most Mozilla code fatal, i.e. your build will fail if the compiler warns.  We generally turn off fatal warnings for third-party code, and sometimes attempt to get fixes for the warnings pushed upstream.
 * '''Custom static analyses''': We have a clang plugin with a number of Gecko-specific checks.  There's terse documentation on the attributes we use to drive some of the checks [https://dxr.mozilla.org/mozilla-central/source/mfbt/Attributes.h#341 here]. Some checks are just good hygiene (e.g. MOZ_IMPLICIT), some checks exist to help you do the right thing (e.g. MOZ_MUST_OVERRIDE, MOZ_RAII, MOZ_MUST_USE), and some checks exist to prevent security bugs (e.g. MOZ_NON_MEMMOVABLE and related attributes). The checker currently runs on every push we do, on Windows, Mac, and Linux.
-* '''[https://scan.coverity.com/projects/firefox Coverity]''': runs their code checker on Firefox every couple of days and throws all the problems into a nicely searchable database.
+* '''clang upstream analyses''': For every patch, at review phase, we run a bunch of [https://searchfox.org/mozilla-central/source/tools/clang-tidy/config.yaml clang analyzer and clang tidy] checkers.
-== Old ==
+* '''[https://scan.coverity.com/projects/firefox Coverity]''': Executed at review phase for every patch.
-Applications for static analysis tools for [[Mozilla 2]]:
+* We are also running a bunch of linters: https://firefox-source-docs.mozilla.org/tools/lint/index.html
-* Develop code rewriting [[Pork]] tools.
+* '''Compiler warnings''': all of our compilers have a number of warnings. We try to turn on as many as we can, and make warnings on most Mozilla code fatal, i.e. your build will fail if the compiler warns.  We generally turn off fatal warnings for third-party code, and sometimes attempt to get fixes for the warnings pushed upstream.
-** Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]]
-** Automation of ownership cleanups (see below).
-* Develop static analysis [https://developer.mozilla.org/en-US/docs/DXR DXR] tool, then:
-** Clean up uses of obsolete API. [[Gecko:Obsolete API]]
-** [https://bugzilla.mozilla.org/show_bug.cgi?id=1022814 Automatically identify unused or hardly-used code].
-** Ownership analysis:
-*** Strong/weak pointers.
-*** Optional annotations for strong vs. weak pointer.
-*** Finding raw pointers that should be weak or strong.
-*** Static cycle detection.
-*** Static reference-counting elimination.
-** "Who can point to" analysis.
-* Auto-generate traverse and unlink methods for the [https://bugzilla.mozilla.org/show_bug.cgi?id=XPCOMGC Cycle Collector]
-** Oink finds outgoing pointers, generates iterators.
-* Check and enforce exception safety.
-** Find stack pointers to malloc'ed temporary hazards.
-** Refactoring opportunities arising from exceptions.
-* Control flow analysis
-** Find lock/unlock pairs that need try-catch.
-** A [http://osl.cs.uiuc.edu/~ksen/cute/ CUTE] "plusplus" (CUTE++) on [[Pork]]
-* Generate patches to convert from nsresults to C++ exceptions.
-* Identify C++ to convert to JS2...
-** ... and translate it automatically.
-** C++ candidate code uses only scriptable interfaces, strings, primitives.
-* Canonicalization:
-** Replace XPCOM portability veneer with std-C++ equivalents.
-** Replace NSPR C portability veneer with std-C equivalents?
-* Enforce confidentiality properties:
-** Chrome never evals a content-tainted string.
-** C++ never snprintfs using a content-tainted string.
-* SpiderMonkey Exact-GC safety bugs.  See the [[GC_SafetySpec]] page for the latest.
-** "Not stored in the heap" pointer dataflow analysis.  '''Implemented in Oink''': finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
-* Dataflow enforcement of correct API usage (CQual++):
-** String character set encoding mistakes.
-* More dataflow enforcement (beyond the reach of CQual++):
-** Unit analysis (twips vs. pixels) for layout and rendering.
-* Code metrics, to compare to similar open source projects:
-** Virtual method declaration and call populations.
-** Cohesion, coupling, other modularity measures.
-See also: [[Static Analysis/Installing the Oink Stack]]

Static Analysis: Difference between revisions

Revision as of 13:16, 18 November 2019

Current Status

Navigation menu

Search