PVS-Studio is a "static analyzer that detects errors in source code of C/C++/C++11 applications." They've been using their tool on a number of open source projects and publishing results on their blog. They've had interesting results in the past, and I've been wondering if they had tried unleashing their product on Firefox. Turns out they just did... http://www.viva64.com/en/a/0078/ This most recent entry illustrates a number of problems they've found. I skimmed through a couple -- the code was still present on mozilla-central, and the issues look legit. I'm going to use this bug as a tracking bug for fixing all the specific issues they found. We should try to get in touch with them to see if there are other issues they were able to find, and perhaps see about getting an evaluation copy of their product (to find further issues, if needed, and see if this is something we should integrate into our automated testing.) May also be interesting to see if our own static analysis tools should be looking for / catching these things?

Ah, a note in their post links to a text file with more found issues: http://www.viva64.com/external-pictures/txt/mozilla-test.txt

Filed bugs for the 10 examples in the post: Example 1 - bug 710967 Example 2 - bug 710968 Example 3 - bug 710969 Example 4 - bug 710970 Example 5 - bug 710971 Example 6 - bug 710973 Example 7 - bug 710974 Example 8 - bug 710975 Example 9 - bug 710976 Example 10 - bug 710977

Filed bug 710982 for the unnumbered example in the "About other errors in Firefox" section.

Oops, and so did glandium. Duping my bug to his. :)

Going through http://www.viva64.com/external-pictures/txt/mozilla-test.txt... There are 22 reports here, some of them are the same as the examples in the full blog post. 1 -- nsstyleanimation.cpp 1767 ......... This is Example 5 above. 2 -- nsdisplaylist.cpp 767 ............. bug 710986 3 -- nspresshell.cpp 5114 .............. This is Example 6 above. 4 -- mozinlinespellwordutil.cpp 1034 ... bug 710987 5 -- gdef.cc 291 ....................... bug 710988 6 -- time_win.cc 198 ................... bug 710989 7 -- svgnumberlist.cpp 96 .............. This is Example 7 above. 8 -- svgorientsmiltype.cpp 161 ......... bug 710990 9 -- updater.cpp 1179 .................. This is Example 2 above. 10 -- exception_handler.cc 846 ......... This is Example 10 above. 11 -- ssltunnel.cpp 531 ................ bug 710991 12 -- nsieprofilemigrator.cpp 622 ...... This is Example 8 above. 13 -- pixman-image.c 520 ............... bug 710992 14 -- cairo-win32-surface.c 129 ........ This is Example 9 above. 15 -- affixmgr.cpp 3708 ................ This is Example 1 above. 16 -- http_upload.cc 152 ............... bug 710993 17 -- compiler.cpp 547 ................. This is Example 4 above. 18 -- nslocalfilewin.cpp 183 ........... bug 710995 19 -- nsselection.cpp 1107 ............. This is Example 3 above. 20 -- jsdbgapi.cpp 712 ................. bug 710996 21 -- puppetwidget.cpp 546 ............. bug 710997 22 -- detectcharset.cpp 89 ............. This is the unnumbered example (see comment 3 and comment 4)

It would be interesting to classify the issues found, to see how significant they are, i.e., what fraction is inconsequential errors vs. serious bugs.

New article - http://www.viva64.com/en/b/0262/

A new PVS-Studio check was performed for Thunderbird and is documented on <http://www.viva64.com/en/b/0347/>. Most of the examples refer to Core code and some were already reported with bugs.