Personal tools

Static Analysis

From MozillaWiki

Jump to: navigation, search

Mozilla Static analysis mailing list also available as m.d.static-analysis newsgroup

Applications for static analysis tools for Mozilla 2:

  • Develop code rewriting Pork tools.
  • Develop static analysis Dehydra GCC tool.
  • "Semantic grep" (super-LXR) tasks:
    • Clean up uses of obsolete API. Gecko:Obsolete API
    • Automatically identify unused or hardly-used code.
    • Ownership analysis:
      • Strong/weak pointers.
      • Optional annotations for strong vs. weak pointer.
      • Finding raw pointers that should be weak or strong.
      • Static cycle detection.
      • Static reference-counting elimination.
    • "Who can point to" analysis.
  • Auto-generate traverse and unlink methods for the Cycle Collector
    • Oink finds outgoing pointers, generates iterators.
  • Check and enforce exception safety.
    • Find stack pointers to malloc'ed temporary hazards.
    • Refactoring opportunities arising from exceptions.
  • Control flow analysis
    • Find lock/unlock pairs that need try-catch.
    • A CUTE "plusplus" (CUTE++) on Pork
  • Generate patches to convert from nsresults to C++ exceptions.
  • Identify C++ to convert to JS2...
    • ... and translate it automatically.
    • C++ candidate code uses only scriptable interfaces, strings, primitives.
  • Canonicalization:
    • Replace XPCOM portability veneer with std-C++ equivalents.
    • Replace NSPR C portability veneer with std-C equivalents?
  • Enforce confidentiality properties:
    • Chrome never evals a content-tainted string.
    • C++ never snprintfs using a content-tainted string.
  • SpiderMonkey Exact-GC safety bugs. See the GC_SafetySpec page for the latest.
    • "Not stored in the heap" pointer dataflow analysis. Implemented in Oink: finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
  • Dataflow enforcement of correct API usage (CQual++):
    • String character set encoding mistakes.
  • More dataflow enforcement (beyond the reach of CQual++):
    • Unit analysis (twips vs. pixels) for layout and rendering.
  • Code metrics, to compare to similar open source projects:
    • Virtual method declaration and call populations.
    • Cohesion, coupling, other modularity measures.

See also: Static Analysis/Installing the Oink Stack