Static Analysis

From MozillaWiki

Revision as of 20:21, 28 November 2006 by Brendan (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Applications for oink static analysis tools in Mozilla:

Develop the AST-pattern-matching patch generation tool.
Automate part of deCOMtamination. Gecko:DeCOMtamination Algorithm
Clean up uses of obsolete API. Gecko:Obsolete API
Automatically identify unused or hardly-used code.
Check and enforce exception safety.
Generate patches to convert from nsresults to C++ exceptions.
Identify C++ to convert to JS2...

 * ... and translate it automatically.
 * C++ candidate code uses only scriptable interfaces, strings, primitives.

Replace XPCOM or NSPR portability with std-C++ equivalents.
Enforce confidentiality properties:

 * Chrome never evals a content-tainted string.
 * C++ never snprintfs using a content-tained string.

Enforce correct API usage:

 * Exact-GC safety bugs.
 * String character set encoding mistakes.
 * Unit (twips vs. pixels) checking for layout.

Measure code complexity:

 * Virtual method declaration and call populations.
 * Cohesion, coupling, other modularity measures.
 * Compare to other open source projects of similar scope.

Retrieved from "https://wiki.mozilla.org/index.php?title=Static_Analysis&oldid=43395"