Bots, Confirmed users
270
edits
Static Analysis: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Mozilla Static analysis [https://lists.mozilla.org/listinfo/dev-static-analysis mailing list] also available as m.d.static-analysis newsgroup | Mozilla Static analysis [https://lists.mozilla.org/listinfo/dev-static-analysis mailing list] also available as m.d.static-analysis newsgroup | ||
== Current Status == | |||
* '''Compiler warnings''': all of our compilers have a number of warnings; | |||
we try to turn on as many as we can, and make warnings on most Mozilla | |||
code fatal, i.e. your build will fail if the compiler warns. We | |||
generally turn off fatal warnings for third-party code, and sometimes | |||
attempt to get fixes for the warnings pushed upstream. | |||
* '''Custom static analyses''': We have a clang plugin with a number of | |||
Gecko-specific checks. There's terse documentation on the attributes | |||
we use to drive some of the checks [https://dxr.mozilla.org/mozilla-central/source/mfbt/Attributes.h#341 here]. | |||
Some checks are just good hygiene (e.g. MOZ_IMPLICIT), some checks | |||
exist to help you do the right thing (e.g. MOZ_MUST_OVERRIDE, | |||
MOZ_RAII, MOZ_MUST_USE), and some checks exist to prevent security | |||
bugs (e.g. MOZ_NON_MEMMOVABLE and related attributes). | |||
The checker currently runs on every push we do, on Windows, Mac, and | |||
Linux. | |||
* '''[http://www.coverity.com/ Coverity]''' () runs their code checker on | |||
Firefox every couple of days and throws all the problems into a nicely | |||
searchable database. | |||
== Old == | |||
Applications for static analysis tools for [[Mozilla 2]]: | Applications for static analysis tools for [[Mozilla 2]]: | ||