Static Analysis

From MozillaWiki
Revision as of 00:30, 29 November 2006 by Brendan (talk | contribs)
Jump to navigation Jump to search

Applications for Oink static analysis tools for Mozilla 2:

  • Develop the AST-pattern-matching patch generation tool.
  • "Semantic grep" (super-LXR) tasks:
    • Clean up uses of obsolete API. Gecko:Obsolete API
    • Automatically identify unused or hardly-used code.
  • Check and enforce exception safety.
    • Find stack pointers to malloc'ed temporary hazards.
    • Refactoring opportunities arising from exceptions.
  • Control flow analysis
    • Find lock/unlock pairs that need try-catch.
    • UNO port or rip-off for general analysis.
    • A CUTE "plusplus" (CUTE++) on Oink.
  • Generate patches to convert from nsresults to C++ exceptions.
  • Identify C++ to convert to JS2...
    • ... and translate it automatically.
    • C++ candidate code uses only scriptable interfaces, strings, primitives.
  • Canonicalization:
    • Replace XPCOM portability veneer with std-C++ equivalents.
    • Replace NSPR C portability veneer with std-C equivalents?
  • Enforce confidentiality properties:
    • Chrome never evals a content-tainted string.
    • C++ never snprintfs using a content-tainted string.
  • SpiderMonkey Exact-GC safety bugs.
    • "Not stored in the heap" pointer dataflow analysis.
  • Dataflow enforcement of correct API usage (CQual++):
    • String character set encoding mistakes.
    • Unit (twips vs. pixels) checking for layout.
  • Code metrics, to compare to similar open source projects:
    • Virtual method declaration and call populations.
    • Cohesion, coupling, other modularity measures.
Retrieved from "https://wiki.mozilla.org/index.php?title=Static_Analysis&oldid=43432"