The Callgraph project is intended to produce a complete callgraph covering C and C++ code within Mozilla. This can be used for performing static analysis based on the relationship between functions and methods. For instance, given the C++ code:
int foo() { return good(); } int good() { return evil() ? 0 : 1; }
The callgraph would be foo() -> good() -> evil()
. Given the knowledge that evil()
does evil things, one could then determine foo()
also does evil things.
The Callgraph project uses gcc and Treehydra to generate information about function and method calls at compile time, and aggregates it into a sqlite database.