Bug 430328 (analyses)

Tracking: static analyses

NEW
Unassigned

Status

()

Core
Rewriting and Analysis
9 years ago
a year ago

People

(Reporter: (dormant account), Unassigned)

Tracking

(Depends on: 46 bugs, {meta})

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
This is to make it easier to track ongoing analyses involving *hydras and Pork.
(Reporter)

Updated

9 years ago
Depends on: 427115
Depends on: 424416
(Reporter)

Updated

9 years ago
Depends on: 432915
(Reporter)

Updated

9 years ago
Depends on: 432917
What kind of analyses are expected ?
(Reporter)

Comment 2

9 years ago
This is a tracking bug. "Depends on" lists the analyses under way.
(Reporter)

Updated

9 years ago
Depends on: 435814
(Reporter)

Updated

9 years ago
Depends on: 436342
i am not familiar with hydra yet.

here are some random thoughts.

code analysis tools can't be made perfect, so the primary goal should
be to be effective imho.

refactoring kinda scares me - debugging a program generated by a
program generated by program is hard if possible at all.

besides a systematic scientific approach, i suggest additional
heuristic/chaotic approach - checking for blacklisted constructs that
may be dangerous - basically gcc's -Wall on steroids.

off the top of my head some checks that may help:
1. assignment in |if| - e.g. |if (a = 1)|. in some cases this
is valid, yet it may be a bug
2. misuse of preprocessing macros - macros changing stuff in unexpected
ways, e.g. in pseudocode
#define max(a,b) ((a)>(b) ? (a) : (b))

...
c=max(a++,b++);

this example is kinda fabricated, though i reported a real bug because
of similar misuse

very useful but probably hard to implement feature will be value
reachability:

on line X in file Y what are the possible values of int variable Z ?
basically Z may be anything, it may be just a singe number, it may be
in a given range or in a finite set of ranges.


Depends on: 449623
(Reporter)

Updated

9 years ago
Depends on: 450777
(Reporter)

Updated

9 years ago
Depends on: 455595
(Reporter)

Updated

9 years ago
Depends on: 455742
(Reporter)

Updated

9 years ago
Depends on: 455536
(Reporter)

Updated

9 years ago
Depends on: 455792
(Reporter)

Updated

9 years ago
Depends on: 455919
(Reporter)

Updated

9 years ago
Depends on: 455943
(Reporter)

Updated

9 years ago
Depends on: 456099

Updated

9 years ago
Depends on: 457003
(Reporter)

Updated

9 years ago
Depends on: 457102
(Reporter)

Updated

9 years ago
Depends on: 457104
(Reporter)

Updated

9 years ago
Depends on: 457119
(Reporter)

Updated

9 years ago
Depends on: 457125
(Reporter)

Updated

9 years ago
Depends on: 457262
(Reporter)

Updated

9 years ago
No longer depends on: 457102, 457104, 457119, 457125
(Reporter)

Updated

9 years ago
Depends on: 172937
(Reporter)

Updated

9 years ago
Depends on: 455806
(Reporter)

Updated

9 years ago
Depends on: 452357

Updated

9 years ago
Depends on: 477432
(Reporter)

Updated

9 years ago
Depends on: 478264

Updated

8 years ago
Depends on: 480516
Created attachment 364503 [details]
cppcheck static analysis 2009-02-27, 290 lines
cppcheck seems interesting static analysis tool:
http://sourceforge.net/project/showfiles.php?group_id=195752&package_id=231124&release_id=657693

bugs found by it:
http://cppcheck.wiki.sourceforge.net/found_bugs

seems nice their goal is to keep false positives very low (sure there are FP)
Attachment #364503 - Attachment description: cppcheck static analysis 2008-02-28, 290 lines → cppcheck static analysis 2009-02-27, 290 lines
(Reporter)

Updated

8 years ago
Depends on: 480521
Blocks: 482373
No longer blocks: 482373
Depends on: 482373
> 1. assignment in |if| - e.g. |if (a = 1)|

FYI:
i patched cppcheck to search for this. the way cppcheck works i am not sure i caught all cases. caught 2 occurrences of this and they look legitimate to me.
Depends on: 483714
i am investigating using hydra for security stuff.

http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsCrypto.cpp#384

while (isspace(*end)) end--;

this will crash in layout:
<UNMAPPED> <SPACES> end

is it worth a bug?

can hydra check for constructs like:

while( SINGLECONDITION( *ptr ) ) ptr--;
or
while( SINGLECONDITION( *ptr ) ) --ptr;

i think both of the above are in most cases real crashes.
(Reporter)

Updated

8 years ago
Depends on: 488360
(Reporter)

Updated

8 years ago
Depends on: 489914
(Reporter)

Updated

8 years ago
Depends on: 492137
(Reporter)

Updated

8 years ago
Depends on: 492185
Depends on: 492257

Updated

8 years ago
Depends on: 500860

Updated

8 years ago
Alias: analyses

Updated

8 years ago
Depends on: 500864

Updated

8 years ago
Depends on: 500866

Updated

8 years ago
Depends on: 500868

Updated

8 years ago
Depends on: 500870

Updated

8 years ago
Depends on: 428465

Updated

8 years ago
Depends on: 500874

Updated

8 years ago
Depends on: 500875

Updated

8 years ago
Depends on: 500876

Updated

8 years ago
Depends on: 502775
(Reporter)

Updated

8 years ago
Depends on: 503619

Updated

8 years ago
Depends on: 507711
(Reporter)

Updated

8 years ago
Depends on: 508133

Updated

8 years ago
Depends on: 508163
(Reporter)

Updated

8 years ago
Depends on: 517370
(Reporter)

Updated

8 years ago
Depends on: 520626
Depends on: 522774
(Reporter)

Updated

8 years ago
Depends on: 522776
(Reporter)

Updated

8 years ago
Depends on: 525063
Depends on: 512868
Depends on: 526143
(Reporter)

Updated

8 years ago
Depends on: 526309
(Reporter)

Updated

8 years ago
Depends on: 528206
Depends on: 529382
Depends on: 535646
(Reporter)

Updated

8 years ago
Depends on: 536427
(Reporter)

Updated

8 years ago
Depends on: 541220

Updated

8 years ago
Depends on: 542364

Updated

8 years ago
Depends on: 545052
(Reporter)

Updated

7 years ago
Depends on: 551286
Depends on: 551569

Updated

7 years ago
Depends on: 557565

Updated

7 years ago
Depends on: 564858

Updated

7 years ago
Depends on: 570416

Updated

7 years ago
Depends on: 423032
(Reporter)

Updated

7 years ago
Depends on: 573786
Depends on: 488941

Updated

7 years ago
Summary: Tracking: Moz2 static analyses → Tracking: static analyses

Updated

7 years ago
Depends on: 601522

Updated

7 years ago
Depends on: 602122

Updated

6 years ago
Depends on: 645498

Updated

6 years ago
Depends on: 669808

Updated

6 years ago
Depends on: 672389
Depends on: 685266

Updated

5 years ago
Depends on: 772601
Depends on: 773217

Updated

4 years ago
Depends on: 858320

Updated

2 years ago
Depends on: 1114683
Depends on: 1285918
You need to log in before you can comment on or make changes to this bug.