|
|
| (9 intermediate revisions by 5 users not shown) |
| Line 1: |
Line 1: |
| Mozilla Static analysis [https://lists.mozilla.org/listinfo/dev-static-analysis mailing list] also available as m.d.static-analysis newsgroup
| | Content moved here: |
| | | https://firefox-source-docs.mozilla.org/code-quality/static-analysis.html |
| Applications for static analysis tools for [[Mozilla 2]]:
| |
| | |
| * Develop code rewriting [[Pork]] tools.
| |
| ** Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]]
| |
| ** Automation of ownership cleanups (see below).
| |
| * Develop static analysis [[Dehydra GCC]] tool.
| |
| * "Semantic grep" (super-LXR) tasks:
| |
| ** Clean up uses of obsolete API. [[Gecko:Obsolete API]]
| |
| ** Automatically identify unused or hardly-used code.
| |
| ** Ownership analysis:
| |
| *** Strong/weak pointers.
| |
| *** Optional annotations for strong vs. weak pointer.
| |
| *** Finding raw pointers that should be weak or strong.
| |
| *** Static cycle detection.
| |
| *** Static reference-counting elimination.
| |
| ** "Who can point to" analysis.
| |
| * Auto-generate traverse and unlink methods for the [https://bugzilla.mozilla.org/show_bug.cgi?id=XPCOMGC Cycle Collector]
| |
| ** Oink finds outgoing pointers, generates iterators.
| |
| * Check and enforce exception safety.
| |
| ** Find stack pointers to malloc'ed temporary hazards.
| |
| ** Refactoring opportunities arising from exceptions.
| |
| * Control flow analysis
| |
| ** Find lock/unlock pairs that need try-catch.
| |
| ** A [http://osl.cs.uiuc.edu/~ksen/cute/ CUTE] "plusplus" (CUTE++) on [[Pork]]
| |
| * Generate patches to convert from nsresults to C++ exceptions.
| |
| * Identify C++ to convert to JS2...
| |
| ** ... and translate it automatically.
| |
| ** C++ candidate code uses only scriptable interfaces, strings, primitives.
| |
| * Canonicalization:
| |
| ** Replace XPCOM portability veneer with std-C++ equivalents.
| |
| ** Replace NSPR C portability veneer with std-C equivalents?
| |
| * Enforce confidentiality properties:
| |
| ** Chrome never evals a content-tainted string.
| |
| ** C++ never snprintfs using a content-tainted string.
| |
| * SpiderMonkey Exact-GC safety bugs. See the [[GC_SafetySpec]] page for the latest.
| |
| ** "Not stored in the heap" pointer dataflow analysis. '''Implemented in Oink''': finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
| |
| * Dataflow enforcement of correct API usage (CQual++):
| |
| ** String character set encoding mistakes.
| |
| * More dataflow enforcement (beyond the reach of CQual++):
| |
| ** Unit analysis (twips vs. pixels) for layout and rendering.
| |
| * Code metrics, to compare to similar open source projects:
| |
| ** Virtual method declaration and call populations.
| |
| ** Cohesion, coupling, other modularity measures.
| |
| | |
| See also: [[Static Analysis/Installing the Oink Stack]]
| |