There's a lot of ways to use the GC incorrectly, it would be nice to catch the more common ones with static analysis if we can't come up with an API fix. Examples: - declaring a GC field w/o a write barrier (except we need to allow const ctor initited fields) - checking for NULL on a non-can fail alloc - zero'ing a field in a ctor - not zeroing a field in a RCObject dtor
(In reply to comment #0) > - checking for NULL on a non-can fail alloc see bug 427115 which attemps this (not only checking, but rewriting too). not sure of its status.
Here is an analyzer that prints the C++ classnames that override createInstance(): http://hg.mozilla.org/users/edwsmith_adobe.com/analyzers/file/tip/createInstance.js In TR, these classes have a createInstance that isn't boilerplate: * avmplus::ArrayClass passes an additional capacity=0 arg to ArrayObject(). * avmplus::DictionaryClass has an extra assert(ivtable->traits->isDictionary()) * avmplus::ObjectVectorClass has code to store the type parameter on the instance (doh, why not vtable? every instance doesn't need a copy) * avmplus::RegExpClass passes extra constructor parameters to RegExpObject() * avmplus::VectorClass throws kConstructOfNonFunctionError The rest just create an instance with no extra logic or constructor parameters. All but two above could be easily made generic. ObjectVectorClass could be generic if we moved the type parameter to the instance vtable instead of the instance itself. VectorClass might be able to be generic if we throw the error in construct() instead of createInstance() (needs investigation). For the remaining generic createInstance methods, we could have nativegen.py generate the createInstance method and add an extra field in NativeClassInfo to point to it. Then, copy that pointer into VTable::createInstance instead of using slowCreateInstance -- code size is a wash but we replace handwritten boilerplate with machine written boilerplate. avmshell::ByteArrayClass avmshell::DomainClass avmplus::DeleteObjectSampleClass avmplus::DoubleVectorClass avmplus::IntVectorClass avmplus::NewObjectSampleClass avmplus::UIntVectorClass avmplus::SampleClass avmplus::StackFrameClass avmplus::ArgumentErrorClass avmplus::DefinitionErrorClass avmplus::ErrorClass avmplus::EvalErrorClass avmplus::RangeErrorClass avmplus::ReferenceErrorClass avmplus::SecurityErrorClass avmplus::SyntaxErrorClass avmplus::TypeErrorClass avmplus::UninitializedErrorClass avmplus::URIErrorClass avmplus::VerifyErrorClass
This 1997 article by Scott Meyers is interesting in how it organizes and documents checkable rules. The article is also an interesting survey of static analysis tools. http://www.aristeia.com/ddjpaper1.html
A while back, I wrote an easy-to-use script to automate building dehydra in a linux VMware image. Here it is: http://hg.mozilla.org/users/edwsmith_adobe.com/build-dehydra/
Google is using clang based semantic analysis for chrome. Some interesting links: http://code.google.com/p/chromium/wiki/Clang http://dev.chromium.org/developers/coding-style/chromium-style-checker-errors
Another couple ideas: find cases where a C++ ctor may throw an exception, this can lead to weird bugs and should probably be outlawed. find cases where an exception if thrown would trigger a leak, the analyzer would have to recognize that unmanaged memory was a) allocated and b) not freed before the throw site. This is a common error in code utilizing the older unmanaged String classes.