Closed
Bug 430328
(static_analyses)
Opened 17 years ago
Closed 6 years ago
[meta] Tracking requests for Static Analyses.
Categories
(Developer Infrastructure :: Source Code Analysis, task)
Developer Infrastructure
Source Code Analysis
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: taras.mozilla, Unassigned)
References
(Depends on 10 open bugs, Blocks 1 open bug)
Details
(Keywords: meta)
Attachments
(1 file)
(deleted),
text/plain
|
Details |
This is to make it easier to track ongoing analyses involving *hydras and Pork.
Comment 1•16 years ago
|
||
What kind of analyses are expected ?
Reporter | ||
Comment 2•16 years ago
|
||
This is a tracking bug. "Depends on" lists the analyses under way.
Comment 3•16 years ago
|
||
i am not familiar with hydra yet. here are some random thoughts. code analysis tools can't be made perfect, so the primary goal should be to be effective imho. refactoring kinda scares me - debugging a program generated by a program generated by program is hard if possible at all. besides a systematic scientific approach, i suggest additional heuristic/chaotic approach - checking for blacklisted constructs that may be dangerous - basically gcc's -Wall on steroids. off the top of my head some checks that may help: 1. assignment in |if| - e.g. |if (a = 1)|. in some cases this is valid, yet it may be a bug 2. misuse of preprocessing macros - macros changing stuff in unexpected ways, e.g. in pseudocode #define max(a,b) ((a)>(b) ? (a) : (b)) ... c=max(a++,b++); this example is kinda fabricated, though i reported a real bug because of similar misuse very useful but probably hard to implement feature will be value reachability: on line X in file Y what are the possible values of int variable Z ? basically Z may be anything, it may be just a singe number, it may be in a given range or in a finite set of ranges.
Reporter | ||
Updated•16 years ago
|
Comment 4•16 years ago
|
||
Comment 5•16 years ago
|
||
cppcheck seems interesting static analysis tool: http://sourceforge.net/project/showfiles.php?group_id=195752&package_id=231124&release_id=657693 bugs found by it: http://cppcheck.wiki.sourceforge.net/found_bugs seems nice their goal is to keep false positives very low (sure there are FP)
Updated•16 years ago
|
Attachment #364503 -
Attachment description: cppcheck static analysis 2008-02-28, 290 lines → cppcheck static analysis 2009-02-27, 290 lines
Updated•16 years ago
|
Comment 6•16 years ago
|
||
> 1. assignment in |if| - e.g. |if (a = 1)|
FYI:
i patched cppcheck to search for this. the way cppcheck works i am not sure i caught all cases. caught 2 occurrences of this and they look legitimate to me.
Comment 7•16 years ago
|
||
i am investigating using hydra for security stuff. http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsCrypto.cpp#384 while (isspace(*end)) end--; this will crash in layout: <UNMAPPED> <SPACES> end is it worth a bug? can hydra check for constructs like: while( SINGLECONDITION( *ptr ) ) ptr--; or while( SINGLECONDITION( *ptr ) ) --ptr; i think both of the above are in most cases real crashes.
Updated•15 years ago
|
Alias: analyses
Updated•14 years ago
|
Summary: Tracking: Moz2 static analyses → Tracking: static analyses
Updated•7 years ago
|
Product: Core → Firefox Build System
Updated•6 years ago
|
Alias: analyses → static_analysis
Summary: Tracking: static analyses → [meta] Tracking requests for Static Analysis.
Updated•6 years ago
|
Alias: static_analysis → static_analyses
Summary: [meta] Tracking requests for Static Analysis. → [meta] Tracking requests for Static Analyses.
Comment 8•6 years ago
|
||
I think we should instead use bug 1287757 with its dependencies. Closing this one.
Blocks: static-analyzers
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Depends on: semmle-analysis
Updated•6 years ago
|
No longer depends on: semmle-analysis
Updated•5 years ago
|
Type: defect → task
Updated•2 years ago
|
Product: Firefox Build System → Developer Infrastructure
You need to log in
before you can comment on or make changes to this bug.
Description
•