Bot, confirm
270
edits
Changes
no edit summary
Mozilla Static analysis [https://lists.mozilla.org/listinfo/dev-static-analysis mailing list] also available as m.d.static-analysis newsgroup
== Current Status ==
* '''Compiler warnings''': all of our compilers have a number of warnings;
we try to turn on as many as we can, and make warnings on most Mozilla
code fatal, i.e. your build will fail if the compiler warns. We
generally turn off fatal warnings for third-party code, and sometimes
attempt to get fixes for the warnings pushed upstream.
* '''Custom static analyses''': We have a clang plugin with a number of
Gecko-specific checks. There's terse documentation on the attributes
we use to drive some of the checks [https://dxr.mozilla.org/mozilla-central/source/mfbt/Attributes.h#341 here].
Some checks are just good hygiene (e.g. MOZ_IMPLICIT), some checks
exist to help you do the right thing (e.g. MOZ_MUST_OVERRIDE,
MOZ_RAII, MOZ_MUST_USE), and some checks exist to prevent security
bugs (e.g. MOZ_NON_MEMMOVABLE and related attributes).
The checker currently runs on every push we do, on Windows, Mac, and
Linux.
* '''[http://www.coverity.com/ Coverity]''' () runs their code checker on
Firefox every couple of days and throws all the problems into a nicely
searchable database.
== Old ==
Applications for static analysis tools for [[Mozilla 2]]:
