openharmony-thread-safety-review_skill

This skill performs deep C/C++ thread-safety and lifecycle reviews for OpenHarmony/Chromium code, generating structured JSON and Markdown reports to guide
  • Python

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openharmonyinsight/openharmony-skills --skill openharmony-thread-safety-review

  • SKILL.md15.8 KB

Overview

This skill performs deep C/C++ code audits for OpenHarmony and Chromium components with a focus on thread safety, object lifecycle, and logic vulnerabilities. It applies a strict 14-rule checklist, produces structured JSON and Markdown reports, and assigns findings to responsible teams. The review style is rigorous and evidence-driven, intended to surface issues static tools often miss.

How this skill works

The auditor first maps the thread model, object lifecycles, and module dependencies. It then systematically checks source code for the 14 core rules (Unretained usage, GPU/Audio/NDK thread constraints, WeakPtr sequencing, mojo/Connector access, etc.). For each finding the skill performs deep data-flow, control-flow, and C++ memory-model analysis and produces severity, confidence, impact, and remediation recommendations.

When to use it

  • Before merging changes touching multi-threaded subsystems (GPU, Audio, mojo, NDK).
  • When refactoring lifecycle-managed classes (BrowserContext, WebContents, Nweb).
  • For security hardening of renderer/compositor and IPC code paths.
  • When static analysis reports are inconclusive or miss high-order race conditions.
  • During release readiness checks for components interacting with GPU or threads.

Best practices

  • Replace base::Unretained(this) in asynchronous callbacks with weak_factory_.GetWeakPtr().
  • Ensure all GPU, Audio, and UI constrained APIs run on their designated threads via PostTask.
  • Bind and use WeakPtr on the same sequence or use sequence-safe weak pointer wrappers.
  • Annotate locks and sequences with GUARDED_BY and SEQUENCE_CHECKER; add DCHECKs for thread assertions.
  • Include precise line references and a reproduction-trigger description for every reported issue.

Example use cases

  • Audit an incoming patch that posts tasks with base::BindOnce and base::Unretained usage.
  • Review mojo callback handlers to confirm they post work to the correct GPU thread.
  • Assess cross-thread usage of WeakPtrFactory and propose sequence-safe fixes.
  • Validate that NDK and InitializeWebEngine() invocations are constrained to the UI thread.
  • Produce a team-assigned JSON report mapping issues to responsible groups for triage.

FAQ

No. It complements static tools by finding high-order race conditions, lifecycle races, and logic flaws that automated tools often miss.

What output formats are provided?

Structured JSON for automated ingestion and a detailed Markdown report for human review, both including severity, confidence, responsible team, and fix suggestions.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational