It would be very useful to have a static analysis tool which can detect reentrancies on a specified function (or a method) in a single-threaded world, barring cases which include js or code that we have no control over on the stack. Ideally, such a tool would be able to show a stack trace which leads to a reentrant function call. Ehren kindly accepted to write such a tool, so I'm assigning this to him.
Created attachment 424063 [details] script Here's my first attempt. Keep in mind that this will not detect reentries via function pointer calls. Also for calls of the form |Base* b = new Derived(); b->foo();|, the base method is registered as the callee. It's straightforward to account for this case but I was wondering if I'm on the right track so far. I could also see about uploading the sqlite database generated by Callgraph if you don't want to go through the build process. (I put usage instructions in the comments btw)
I am a student from SJCE,Mysore,India and I would like to take up this bug.
vasundhara: Ehren has attached a script here, which seems like a first step at least. Feel free to use it as a basis for your work and see if you can come up with something better.
Vasundhara, You're definitely welcome to take up the work here, but I'll just give a description of what I've done and what more could be done. As I understand it, reentrancy in this context means you have a number of functions such that eg foo calls bar, bar calls baz, and baz calls foo. To detect this situation will require a post-processing analysis after compilation which is made pretty easy by dwitte's callgraph which you can read about here: https://developer.mozilla.org/en/Callgraph My script, using callgraph, will just tell you if a given function is reentrant, which I believe is equivalent to finding if the function (a node in the graph) lies within a cycle. It prints the cycle if this is the case. It would also be possible to find all cycles in the graph (find all reentrant functions) but I'm not sure if this would be particularly useful here.
Created attachment 446193 [details] Warns by displaying the function names that are reentrant. Warns by displaying the function names that are reentrant.
What output does this produce when run on the Mozilla codebase?
The script displays the name of the functions that are reentrant.It does not show the stack trace.For example,find->detect,detect->solve,solve->find(),the script produces the output at the end as below: Warning:find() Reentrancy is detected here Warning:detect() Reentrancy is detected here Warning:solve() Reentrancy is detected here I will attach the output the script generates when run on Mozilla codebase shortly.
The script I have attached here does not make use of Callgraph.