On 4/8/09 8:51 AM, Tarmik wrote: > problem above: Using .c instead of .cpp: some problems fade away. > > Question: How is it possible to analyze code with de/tree hydra ? > You're providing scripting capabilities, but not the actual code > analyzer ? Is that correct ?
That is correct, for now. Mozilla has analysis scripts which it uses on its own codebase; you can find these at http://mxr.mozilla.org/mozilla-central/find?string=xpcom%2Fanalysis.*js%24&tree=mozilla-central&hint= Most of the Mozilla analyses use Mozilla-specific annotations to enforce special invariants which wouldn't make sense for general C++ code. We've talked about developing a common library of general-purpose analysis passes, but we haven't done so yet. > E.g. if I have code similar to: > int* p=NULL; > *p=5; > > - how such crashes can be detected by static analysis ? > Other programs similar to lint - I guess with dehydra it should be > relatively simple to write lint.js ? > Correct or not ? dmandelin or Taras can probably answer better than I can. It's certainly possible to generate warnings/errors for large classes of programming errors; you just have to define the problem very carefully. The ESP library which dmandelin developed allows us to do much more precise analysis across control flow paths if you can specify the variable states that you want to correlate. See https://developer.mozilla.org/En/Treehydra_Manual#ESP_Abstract_Interpretation_Library for some incomplete documentation and http://blog.mozilla.com/dmandelin/2008/04/18/esp-msrs-little-helper/ for dmandelin's blog posts about ESP. --BDS _______________________________________________ dev-static-analysis mailing list [email protected] https://lists.mozilla.org/listinfo/dev-static-analysis
