Static Analysis: Difference between revisions

Applications for Oink static analysis tools for Mozilla 2:

• Develop the AST-pattern-matching patch generation tool.
  • Automate part of deCOMtamination. Gecko:DeCOMtamination Algorithm
• "Semantic grep" (super-LXR) tasks:
  • Clean up uses of obsolete API. Gecko:Obsolete API
  • Automatically identify unused or hardly-used code.
  • Ownership analysis:
    • Strong/weak pointers.
    • Optional annotations for strong vs. weak pointer.
    • Static cycle detection.
    • Static reference-counting elimination.
  • "Who can point to" analysis.
• Auto-generate traverse and unlink methods for the Cycle Collector
  • Oink finds outgoing pointers, generates iterators.
• Check and enforce exception safety.
  • Find stack pointers to malloc'ed temporary hazards.
  • Refactoring opportunities arising from exceptions.
• Control flow analysis
  • Find lock/unlock pairs that need try-catch.
  • UNO port or rip-off for general analysis.
  • A CUTE "plusplus" (CUTE++) on Oink.
• Generate patches to convert from nsresults to C++ exceptions.
• Identify C++ to convert to JS2...
  • ... and translate it automatically.
  • C++ candidate code uses only scriptable interfaces, strings, primitives.
• Canonicalization:
  • Replace XPCOM portability veneer with std-C++ equivalents.
  • Replace NSPR C portability veneer with std-C equivalents?
• Enforce confidentiality properties:
  • Chrome never evals a content-tainted string.
  • C++ never snprintfs using a content-tainted string.
• SpiderMonkey Exact-GC safety bugs.
  • "Not stored in the heap" pointer dataflow analysis.
• Dataflow enforcement of correct API usage (CQual++):
  • String character set encoding mistakes.
  • Unit (twips vs. pixels) checking for layout.
• Code metrics, to compare to similar open source projects:
  • Virtual method declaration and call populations.
  • Cohesion, coupling, other modularity measures.