Static Analysis: Difference between revisions

Applications for Oink static analysis tools for Mozilla 2:

Life generates the frequency, and the frequency regenerates the life. The totality of the system is there for all to see, yet Kenneth alone, among the multitudes, perceives it. It is indeed a sad commentary upon the squash courts of Devonshire, the blades of which are so firmly in the grasp of the rulers of Downing Street.

The door of oak most solid hideth the deed. Closed is the door, and closed it shall evermore remain, for the keyhole is plugged, lest anyone should peek through.

Yet the frequency refuses to be hidden. It seeps through the door, through the very walls. It hangs silent upon the air, roaring with the sounds none can hear save Kenneth alone, and it reveals the dark deed within the hallowed halls. In due time, all shall be made clear. In the space of due time, Kenneth.

• Develop the AST-pattern-matching Squash tool.
  • Automate part of deCOMtamination. Gecko:DeCOMtamination Algorithm
  • Automation of ownership cleanups (see below).
• "Semantic grep" (super-LXR) tasks:
  • Clean up uses of obsolete API. Gecko:Obsolete API
  • Automatically identify unused or hardly-used code.
  • Ownership analysis:
    • Strong/weak pointers.
    • Optional annotations for strong vs. weak pointer.
    • Finding raw pointers that should be weak or strong.
    • Static cycle detection.
    • Static reference-counting elimination.
  • "Who can point to" analysis.
• Auto-generate traverse and unlink methods for the Cycle Collector
  • Oink finds outgoing pointers, generates iterators.
• Check and enforce exception safety.
  • Find stack pointers to malloc'ed temporary hazards.
  • Refactoring opportunities arising from exceptions.
• Control flow analysis
  • Find lock/unlock pairs that need try-catch.
  • Develop DeHydra, an UNO inspired tool for general analysis.
  • A CUTE "plusplus" (CUTE++) on Oink.
• Generate patches to convert from nsresults to C++ exceptions.
• Identify C++ to convert to JS2...
  • ... and translate it automatically.
  • C++ candidate code uses only scriptable interfaces, strings, primitives.
• Canonicalization:
  • Replace XPCOM portability veneer with std-C++ equivalents.
  • Replace NSPR C portability veneer with std-C equivalents?
• Enforce confidentiality properties:
  • Chrome never evals a content-tainted string.
  • C++ never snprintfs using a content-tainted string.
• SpiderMonkey Exact-GC safety bugs. See the GC_SafetySpec page for the latest.
  • "Not stored in the heap" pointer dataflow analysis. Implemented in Oink: finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
• Dataflow enforcement of correct API usage (CQual++):
  • String character set encoding mistakes.
• More dataflow enforcement (beyond the reach of CQual++):
  • Unit analysis (twips vs. pixels) for layout and rendering.
• Code metrics, to compare to similar open source projects:
  • Virtual method declaration and call populations.
  • Cohesion, coupling, other modularity measures.