Closed Bug 711241 Opened 13 years ago Closed 8 years ago

Better support for Clang static analysis

Categories

(Developer Infrastructure :: Source Code Analysis, defect)

Product:
Developer Infrastructure
Component:
Source Code Analysis
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gps, Unassigned)

References

(Blocks 1 open bug)

Details

This is a tracking bug to enable better support for the Clang static analyzer (http://clang-analyzer.llvm.org/). Currently, the static analyzer has a tough time dealing with our assert macros and it produces a number of false positives. The first bugs filed under this one will likely be to massage or implement new macro versions that can be understood by the static analyzer. See bug 663442 comment #2 and onward. I'm leaving bug 663442 to be higher-level, cross-tool static analysis advancement.
Note I suspect if you go down the clang analyzer road you will be swamped with false positives.
After some discussion in #security, the feeling is we should only create assert macro workarounds where the assert will actually abort in release builds. This will prevent possibly legitimate bugs from being discarded.
(In reply to Gregory Szorc [:gps] from comment #2) > After some discussion in #security, the feeling is we should only create > assert macro workarounds where the assert will actually abort in release > builds. This will prevent possibly legitimate bugs from being discarded. ie use NS_ABORT_IF_FALSE?
Depends on: 997145, 999893
Depends on: 1045645
As we have now ./mach static-analysis and SA at review phase, I think we can close this bug.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Product: Core → Firefox Build System
Product: Firefox Build System → Developer Infrastructure
You need to log in before you can comment on or make changes to this bug.