Static Analysis: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Applications for oink static analysis tools in Mozilla: | |||
* Develop the AST-pattern-matching [http://weblogs.mozillazine.org/roadmap/archives/2006/11/oinkbased_patch_generation.html patch generation] tool. | |||
* Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]] | * Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]] | ||
* Clean up uses of obsolete API. [[Gecko:Obsolete API]] | * Clean up uses of obsolete API. [[Gecko:Obsolete API]] | ||
* Automatically identify unused code. | * Automatically identify unused or hardly-used code. | ||
* Enforce correct API usage - GC bugs. | * Check and enforce exception safety. | ||
* Unit | * Generate patches to convert from nsresults to C++ exceptions. | ||
* Identify C++ to convert to JS2... | |||
* ... and translate it automatically. | |||
* C++ candidate code uses only scriptable interfaces, strings, primitives. | |||
* Replace XPCOM or NSPR portability with std-C++ equivalents. | |||
* Enforce confidentiality properties: | |||
* Chrome never evals a content-tainted string. | |||
* C++ never snprintfs using a content-tained string. | |||
* Enforce correct API usage: | |||
* Exact-GC safety bugs. | |||
* String character set encoding mistakes. | |||
* Unit (twips vs. pixels) checking for layout. | |||
* Measure code complexity: | |||
* Virtual method declaration and call populations. | |||
* Cohesion, coupling, other modularity measures. | |||
* Compare to other open source projects of similar scope. | |||
Revision as of 20:21, 28 November 2006
Applications for oink static analysis tools in Mozilla:
- Develop the AST-pattern-matching patch generation tool.
- Automate part of deCOMtamination. Gecko:DeCOMtamination Algorithm
- Clean up uses of obsolete API. Gecko:Obsolete API
- Automatically identify unused or hardly-used code.
- Check and enforce exception safety.
- Generate patches to convert from nsresults to C++ exceptions.
- Identify C++ to convert to JS2...
* ... and translate it automatically. * C++ candidate code uses only scriptable interfaces, strings, primitives.
- Replace XPCOM or NSPR portability with std-C++ equivalents.
- Enforce confidentiality properties:
* Chrome never evals a content-tainted string. * C++ never snprintfs using a content-tained string.
- Enforce correct API usage:
* Exact-GC safety bugs. * String character set encoding mistakes. * Unit (twips vs. pixels) checking for layout.
- Measure code complexity:
* Virtual method declaration and call populations. * Cohesion, coupling, other modularity measures. * Compare to other open source projects of similar scope.