Open
Bug 542364
Opened 15 years ago
Updated 2 years ago
Create a static analysis script for detecting reentrancy on a function
Categories
(Developer Infrastructure :: Source Code Analysis, defect, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: ehsan.akhgari, Unassigned)
References
Details
Attachments
(2 files)
It would be very useful to have a static analysis tool which can detect reentrancies on a specified function (or a method) in a single-threaded world, barring cases which include js or code that we have no control over on the stack. Ideally, such a tool would be able to show a stack trace which leads to a reentrant function call.
Ehren kindly accepted to write such a tool, so I'm assigning this to him.
Updated•15 years ago
|
Blocks: static_analyses
Comment 1•15 years ago
|
||
Here's my first attempt. Keep in mind that this will not detect reentries via function pointer calls.
Also for calls of the form |Base* b = new Derived(); b->foo();|, the base method is registered as the callee. It's straightforward to account for this case but I was wondering if I'm on the right track so far.
I could also see about uploading the sqlite database generated by Callgraph if you don't want to go through the build process.
(I put usage instructions in the comments btw)
Comment 2•15 years ago
|
||
I am a student from SJCE,Mysore,India and I would like to take up this bug.
Reporter | ||
Comment 3•15 years ago
|
||
vasundhara: Ehren has attached a script here, which seems like a first step at least. Feel free to use it as a basis for your work and see if you can come up with something better.
Comment 4•15 years ago
|
||
Vasundhara,
You're definitely welcome to take up the work here, but I'll just give a description of what I've done and what more could be done.
As I understand it, reentrancy in this context means you have a number of functions such that eg foo calls bar, bar calls baz, and baz calls foo.
To detect this situation will require a post-processing analysis after compilation which is made pretty easy by dwitte's callgraph which you can read about here: https://developer.mozilla.org/en/Callgraph
My script, using callgraph, will just tell you if a given function is reentrant, which I believe is equivalent to finding if the function (a node in the graph) lies within a cycle. It prints the cycle if this is the case.
It would also be possible to find all cycles in the graph (find all reentrant functions) but I'm not sure if this would be particularly useful here.
Updated•15 years ago
|
Assignee: ehren.m → vasusomayaji
Comment 5•14 years ago
|
||
Warns by displaying the function names that are reentrant.
Attachment #446193 -
Flags: feedback?
Comment 6•14 years ago
|
||
What output does this produce when run on the Mozilla codebase?
Comment 7•14 years ago
|
||
The script displays the name of the functions that are reentrant.It does not show the stack trace.For example,find->detect,detect->solve,solve->find(),the script produces the output at the end as below:
Warning:find() Reentrancy is detected here
Warning:detect() Reentrancy is detected here
Warning:solve() Reentrancy is detected here
I will attach the output the script generates when run on Mozilla codebase shortly.
Comment 8•14 years ago
|
||
The script I have attached here does not make use of Callgraph.
Updated•8 years ago
|
Attachment #446193 -
Flags: feedback?
Updated•8 years ago
|
Priority: -- → P3
Updated•7 years ago
|
Product: Core → Firefox Build System
Updated•6 years ago
|
Assignee: vasusomayaji → nobody
Updated•2 years ago
|
Product: Firefox Build System → Developer Infrastructure
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•