Static Analysis: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
Applications for [http://www.cubewano.org/oink/ Oink] static analysis tools for [[Mozilla 2]]:
Applications for [http://www.cubewano.org/oink/ Oink] static analysis tools for [[Mozilla 2]]:


* Develop the AST-pattern-matching [http://weblogs.mozillazine.org/roadmap/archives/2006/11/oinkbased_patch_generation.html patch generation] tool.
* Develop the AST-pattern-matching [[Squash]] tool.
** Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]]
** Automate part of deCOMtamination. [[Gecko:DeCOMtamination Algorithm]]
** Automation of ownership cleanups (see below).
** Automation of ownership cleanups (see below).
Line 21: Line 21:
* Control flow analysis
* Control flow analysis
** Find lock/unlock pairs that need try-catch.
** Find lock/unlock pairs that need try-catch.
** [http://www.spinroot.com/uno/ UNO] port or rip-off for general analysis.
** Develop [[DeHydra]], an [http://www.spinroot.com/uno/ UNO] inspired tool for general analysis.
** A [http://osl.cs.uiuc.edu/~ksen/cute/ CUTE] "plusplus" (CUTE++) on Oink.
** A [http://osl.cs.uiuc.edu/~ksen/cute/ CUTE] "plusplus" (CUTE++) on Oink.
* Generate patches to convert from nsresults to C++ exceptions.
* Generate patches to convert from nsresults to C++ exceptions.

Revision as of 02:24, 21 February 2007

Applications for Oink static analysis tools for Mozilla 2:

  • Develop the AST-pattern-matching Squash tool.
  • "Semantic grep" (super-LXR) tasks:
    • Clean up uses of obsolete API. Gecko:Obsolete API
    • Automatically identify unused or hardly-used code.
    • Ownership analysis:
      • Strong/weak pointers.
      • Optional annotations for strong vs. weak pointer.
      • Finding raw pointers that should be weak or strong.
      • Static cycle detection.
      • Static reference-counting elimination.
    • "Who can point to" analysis.
  • Auto-generate traverse and unlink methods for the Cycle Collector
    • Oink finds outgoing pointers, generates iterators.
  • Check and enforce exception safety.
    • Find stack pointers to malloc'ed temporary hazards.
    • Refactoring opportunities arising from exceptions.
  • Control flow analysis
    • Find lock/unlock pairs that need try-catch.
    • Develop DeHydra, an UNO inspired tool for general analysis.
    • A CUTE "plusplus" (CUTE++) on Oink.
  • Generate patches to convert from nsresults to C++ exceptions.
  • Identify C++ to convert to JS2...
    • ... and translate it automatically.
    • C++ candidate code uses only scriptable interfaces, strings, primitives.
  • Canonicalization:
    • Replace XPCOM portability veneer with std-C++ equivalents.
    • Replace NSPR C portability veneer with std-C equivalents?
  • Enforce confidentiality properties:
    • Chrome never evals a content-tainted string.
    • C++ never snprintfs using a content-tainted string.
  • SpiderMonkey Exact-GC safety bugs. See the GC_SafetySpec page for the latest.
    • "Not stored in the heap" pointer dataflow analysis. Implemented in Oink: finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
  • Dataflow enforcement of correct API usage (CQual++):
    • String character set encoding mistakes.
  • More dataflow enforcement (beyond the reach of CQual++):
    • Unit analysis (twips vs. pixels) for layout and rendering.
  • Code metrics, to compare to similar open source projects:
    • Virtual method declaration and call populations.
    • Cohesion, coupling, other modularity measures.
Retrieved from "https://wiki.allizom.org/index.php?title=Static_Analysis&oldid=49624"