On 01/20/2010 08:08 PM, Brian William Hackett wrote:
Hi guys, some updates:
1. The tool I've been working on now has a name, sixgill, and a skeletal
website, sixgill.org
2. I've put up a full source release and SVN access on the website.
3. This site also has reports for write overflows and NS_ASSERTION violations
in a current version of Firefox. These were generated with the gcc plugin
frontend and CVC3 solver (BSD-licensed); 83% of the write accesses were checked
(consistent with the old stuff) and 51% of the NS_ASSERTIONs (needs some more
work).
4. Nightly builds should be working soon (hopefully in a few days). There are
no obstacles for the tool here, just getting hardware and scripts set up.
5. My priority right now is to put together lots of (much needed)
documentation, then handle the remaining items from my email a few weeks ago
(none of those should take too long).
Also, to use this tool the annotation macros need to be defined somewhere in
the Firefox source. Below is the code I added to my local copy of
xpcom/glue/nsDebug.h. This needs to go after the block defining
NS_ASSERTION/etc. as it redefines those (only when the plugin is running), and
depends on a macro XGILL_PLUGIN being set when the plugin is running (done by
the tool's build scripts). Does this look OK?
The two errors I looked at, seem to be false positives
http://sixgill.org/firefox/write_overflow/ResolveSymlink_1244447419593944471.html
http://sixgill.org/firefox/write_overflow/EncodeString_3315072988729628109.html
Taras
_______________________________________________
dev-static-analysis mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-static-analysis
