Static Analysis: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
Applications for oink static analysis tools in Mozilla:
Applications for [http://www.cubewano.org/oink/ Oink] static analysis tools for [[Mozilla 2]]:


* Develop the AST-pattern-matching [http://weblogs.mozillazine.org/roadmap/archives/2006/11/oinkbased_patch_generation.html patch generation] tool.
* Develop the AST-pattern-matching [http://weblogs.mozillazine.org/roadmap/archives/2006/11/oinkbased_patch_generation.html patch generation] tool.
Line 8: Line 8:
* Generate patches to convert from nsresults to C++ exceptions.
* Generate patches to convert from nsresults to C++ exceptions.
* Identify C++ to convert to JS2...
* Identify C++ to convert to JS2...
  * ... and translate it automatically.
** ... and translate it automatically.
  * C++ candidate code uses only scriptable interfaces, strings, primitives.
** C++ candidate code uses only scriptable interfaces, strings, primitives.
* Replace XPCOM or NSPR portability with std-C++ equivalents.
* Replace XPCOM or NSPR portability with std-C++ equivalents.
* Enforce confidentiality properties:
* Enforce confidentiality properties:
  * Chrome never evals a content-tainted string.
** Chrome never evals a content-tainted string.
  * C++ never snprintfs using a content-tained string.
** C++ never snprintfs using a content-tained string.
* Enforce correct API usage:
* Enforce correct API usage:
  * Exact-GC safety bugs.
** Exact-GC safety bugs.
  * String character set encoding mistakes.
** String character set encoding mistakes.
  * Unit (twips vs. pixels) checking for layout.
** Unit (twips vs. pixels) checking for layout.
* Measure code complexity:
* Measure code complexity:
  * Virtual method declaration and call populations.
** Virtual method declaration and call populations.
  * Cohesion, coupling, other modularity measures.
** Cohesion, coupling, other modularity measures.
  * Compare to other open source projects of similar scope.
** Compare to other open source projects of similar scope.

Revision as of 20:24, 28 November 2006

Applications for Oink static analysis tools for Mozilla 2:

  • Develop the AST-pattern-matching patch generation tool.
  • Automate part of deCOMtamination. Gecko:DeCOMtamination Algorithm
  • Clean up uses of obsolete API. Gecko:Obsolete API
  • Automatically identify unused or hardly-used code.
  • Check and enforce exception safety.
  • Generate patches to convert from nsresults to C++ exceptions.
  • Identify C++ to convert to JS2...
    • ... and translate it automatically.
    • C++ candidate code uses only scriptable interfaces, strings, primitives.
  • Replace XPCOM or NSPR portability with std-C++ equivalents.
  • Enforce confidentiality properties:
    • Chrome never evals a content-tainted string.
    • C++ never snprintfs using a content-tained string.
  • Enforce correct API usage:
    • Exact-GC safety bugs.
    • String character set encoding mistakes.
    • Unit (twips vs. pixels) checking for layout.
  • Measure code complexity:
    • Virtual method declaration and call populations.
    • Cohesion, coupling, other modularity measures.
    • Compare to other open source projects of similar scope.
Retrieved from "https://wiki.mozilla.org/index.php?title=Static_Analysis&oldid=43396"