Static Analysis: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Link up oink installation instructions)
(content moved)
 
(11 intermediate revisions by 6 users not shown)
Line 1: Line 1:
Applications for [http://www.cubewano.org/oink/ Oink] static analysis tools for [[Mozilla 2]]:
Content moved here:
 
https://firefox-source-docs.mozilla.org/code-quality/static-analysis.html
* Develop the AST-pattern-matching [[Squash]] tool.
** Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]]
** Automation of ownership cleanups (see below).
* "Semantic grep" (super-LXR) tasks:
** Clean up uses of obsolete API. [[Gecko:Obsolete API]]
** Automatically identify unused or hardly-used code.
** Ownership analysis:
*** Strong/weak pointers.
*** Optional annotations for strong vs. weak pointer.
*** Finding raw pointers that should be weak or strong.
*** Static cycle detection.
*** Static reference-counting elimination.
** "Who can point to" analysis.
* Auto-generate traverse and unlink methods for the [https://bugzilla.mozilla.org/show_bug.cgi?id=XPCOMGC Cycle Collector]
** Oink finds outgoing pointers, generates iterators.
* Check and enforce exception safety.
** Find stack pointers to malloc'ed temporary hazards.
** Refactoring opportunities arising from exceptions.
* Control flow analysis
** Find lock/unlock pairs that need try-catch.
** Develop [[DeHydra]], an [http://www.spinroot.com/uno/ UNO] inspired tool for general analysis.
** A [http://osl.cs.uiuc.edu/~ksen/cute/ CUTE] "plusplus" (CUTE++) on Oink.
* Generate patches to convert from nsresults to C++ exceptions.
* Identify C++ to convert to JS2...
** ... and translate it automatically.
** C++ candidate code uses only scriptable interfaces, strings, primitives.
* Canonicalization:
** Replace XPCOM portability veneer with std-C++ equivalents.
** Replace NSPR C portability veneer with std-C equivalents?
* Enforce confidentiality properties:
** Chrome never evals a content-tainted string.
** C++ never snprintfs using a content-tainted string.
* SpiderMonkey Exact-GC safety bugs.  See the [[GC_SafetySpec]] page for the latest.
** "Not stored in the heap" pointer dataflow analysis.  '''Implemented in Oink''': finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
* Dataflow enforcement of correct API usage (CQual++):
** String character set encoding mistakes.
* More dataflow enforcement (beyond the reach of CQual++):
** Unit analysis (twips vs. pixels) for layout and rendering.
* Code metrics, to compare to similar open source projects:
** Virtual method declaration and call populations.
** Cohesion, coupling, other modularity measures.
 
See also: [[Static Analysis/Installing the Oink Stack]]

Latest revision as of 18:19, 10 September 2020

Content moved here: https://firefox-source-docs.mozilla.org/code-quality/static-analysis.html

Retrieved from "https://wiki.mozilla.org/index.php?title=Static_Analysis&oldid=1230744"