Confirmed users, Bureaucrats and Sysops emeriti
419
edits
Static Analysis: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Applications for oink static analysis tools in Mozilla: | |||
* Develop the AST-pattern-matching [http://weblogs.mozillazine.org/roadmap/archives/2006/11/oinkbased_patch_generation.html patch generation] tool. | |||
* Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]] | * Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]] | ||
* Clean up uses of obsolete API. [[Gecko:Obsolete API]] | * Clean up uses of obsolete API. [[Gecko:Obsolete API]] | ||
* Automatically identify unused code. | * Automatically identify unused or hardly-used code. | ||
* Enforce correct API usage - GC bugs. | * Check and enforce exception safety. | ||
* Unit | * Generate patches to convert from nsresults to C++ exceptions. | ||
* Identify C++ to convert to JS2... | |||
* ... and translate it automatically. | |||
* C++ candidate code uses only scriptable interfaces, strings, primitives. | |||
* Replace XPCOM or NSPR portability with std-C++ equivalents. | |||
* Enforce confidentiality properties: | |||
* Chrome never evals a content-tainted string. | |||
* C++ never snprintfs using a content-tained string. | |||
* Enforce correct API usage: | |||
* Exact-GC safety bugs. | |||
* String character set encoding mistakes. | |||
* Unit (twips vs. pixels) checking for layout. | |||
* Measure code complexity: | |||
* Virtual method declaration and call populations. | |||
* Cohesion, coupling, other modularity measures. | |||
* Compare to other open source projects of similar scope. | |||