Making Treehydra do useful tricks
Just today, I managed to do an intraprocedural live variable analysis, which is one of the simplest program analyses, on every file in mozilla-central. (Live variable analysis determines the set of variables that may be read in the future at every point in a function. It’s commonly used in optimization to save storage for unused variables, but I use it to make checkers “forget” information about unused variables.) Here’s a visualization of the results for Firefox’s main() function in a Linux build: the set of live variables is listed at the bottom of each basic block.
It took 25-30 minutes to run on all of Mozilla (as preprocessed C++), but I know a lot of that is simply GCC compile time, and I think a fair fraction of the rest was spent generating the visualizations, which most analyses won’t do. I guess I need to investigate how to time JS execution internally.
The next step will be to finish the outparam analysis. Hopefully, it won’t be too hard. The big pieces are:
- An analysis to determine which variables may reach the return statement of the function (the technique is similar to the liveness analysis).
- Port over my ESP analysis framework from Python.
- Implement the outparam checker in the ESP framework.