Closed Bug 430328 (static_analyses) Opened 16 years ago Closed 6 years ago

[meta] Tracking requests for Static Analyses.

Categories

(Developer Infrastructure :: Source Code Analysis, task)

Product:
Developer Infrastructure
Component:
Source Code Analysis
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: taras.mozilla, Unassigned)

References

(Depends on 10 open bugs, Blocks 1 open bug)

Details

(Keywords: meta)

Attachments

(1 file)

cppcheck static analysis 2009-02-27, 290 lines
36.58 KB, text/plain
Details 
This is to make it easier to track ongoing analyses involving *hydras and Pork.
Depends on: 427115
Depends on: 424416
Depends on: 432915
Depends on: 432917
What kind of analyses are expected ?
This is a tracking bug. "Depends on" lists the analyses under way.
Depends on: 435814
Depends on: 436342
i am not familiar with hydra yet.

here are some random thoughts.

code analysis tools can't be made perfect, so the primary goal should
be to be effective imho.

refactoring kinda scares me - debugging a program generated by a
program generated by program is hard if possible at all.

besides a systematic scientific approach, i suggest additional
heuristic/chaotic approach - checking for blacklisted constructs that
may be dangerous - basically gcc's -Wall on steroids.

off the top of my head some checks that may help:
1. assignment in |if| - e.g. |if (a = 1)|. in some cases this
is valid, yet it may be a bug
2. misuse of preprocessing macros - macros changing stuff in unexpected
ways, e.g. in pseudocode
#define max(a,b) ((a)>(b) ? (a) : (b))

...
c=max(a++,b++);

this example is kinda fabricated, though i reported a real bug because
of similar misuse

very useful but probably hard to implement feature will be value
reachability:

on line X in file Y what are the possible values of int variable Z ?
basically Z may be anything, it may be just a singe number, it may be
in a given range or in a finite set of ranges.
Depends on: 449623
Depends on: 450777
Depends on: 455595
Depends on: 455742
Depends on: 455536
Depends on: 455792
Depends on: 455919
Depends on: 455943
Depends on: 456099
Depends on: 457003
Depends on: 457102
Depends on: 457104
Depends on: 457119
Depends on: 457125
Depends on: deadcode
No longer depends on: 457102, 457104, 457119, 457125
Depends on: 172937
Depends on: 455806
Depends on: 452357
Depends on: 477432
Depends on: 478264
Depends on: 480516
cppcheck seems interesting static analysis tool:
http://sourceforge.net/project/showfiles.php?group_id=195752&package_id=231124&release_id=657693

bugs found by it:
http://cppcheck.wiki.sourceforge.net/found_bugs

seems nice their goal is to keep false positives very low (sure there are FP)
Attachment #364503 - Attachment description: cppcheck static analysis 2008-02-28, 290 lines → cppcheck static analysis 2009-02-27, 290 lines
Depends on: 480521
> 1. assignment in |if| - e.g. |if (a = 1)|

FYI:
i patched cppcheck to search for this. the way cppcheck works i am not sure i caught all cases. caught 2 occurrences of this and they look legitimate to me.
i am investigating using hydra for security stuff.

http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsCrypto.cpp#384

while (isspace(*end)) end--;

this will crash in layout:
<UNMAPPED> <SPACES> end

is it worth a bug?

can hydra check for constructs like:

while( SINGLECONDITION( *ptr ) ) ptr--;
or
while( SINGLECONDITION( *ptr ) ) --ptr;

i think both of the above are in most cases real crashes.
Depends on: 488360
Depends on: 489914
Depends on: 492137
Depends on: 492185
Depends on: 492257
Depends on: 500860
Alias: analyses
Depends on: 500864
Depends on: 500866
Depends on: 500868
Depends on: 500870
Depends on: 428465
Depends on: 500874
Depends on: 500875
Depends on: 500876
Depends on: 502775
Depends on: 503619
Depends on: callgraph
Depends on: 508133
Depends on: 508163
Depends on: 517370
Depends on: 520626
Depends on: 522776
Depends on: 525063
Depends on: 526309
Depends on: 528206
Depends on: 536427
Depends on: 541220
Depends on: 542364
Depends on: 545052
Depends on: 551286
Depends on: 557565
Depends on: 564858
Depends on: 570416
Depends on: 423032
Depends on: 573786
Summary: Tracking: Moz2 static analyses → Tracking: static analyses
Depends on: 601522
Depends on: 602122
Depends on: 645498
Depends on: 669808
Depends on: 672389
Depends on: 685266
Depends on: 772601
Depends on: 858320
Depends on: 1285918
Depends on: 1424694
Product: Core → Firefox Build System
Alias: analyses → static_analysis
Summary: Tracking: static analyses → [meta] Tracking requests for Static Analysis.
Alias: static_analysis → static_analyses
Summary: [meta] Tracking requests for Static Analysis. → [meta] Tracking requests for Static Analyses.
I think we should instead use bug 1287757 with its dependencies.
Closing this one.
Blocks: static-analyzers
No longer depends on: 1424694
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Type: defect → task
Product: Firefox Build System → Developer Infrastructure
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: