[cfe-dev] GSoC - Static Analyzer project ideas?

Martin Milata b42-ml at srck.net
Mon Mar 21 12:55:42 PDT 2011 

On Mon, Mar 21, 2011 at 13:18:42 +0000, Ben Laurie wrote:
> On 21 March 2011 12:05, Martin Milata <b42-ml at srck.net> wrote:
> > Hello,
> >
> > I would like to participate in this year's Google Summer of Code
> > program. I'm interested in working on the Static Analyzer, because I
> > think it has great potential to be a tool that a lot of programmers can
> > benefit from, and it also overlaps with my academic interests.
> >
> > The analyzer is not mentioned on the open projects page, so my question
> > is if anybody has some project idea and/or is willing to mentor it?
> 
> Sadly I don't think I'm qualified to mentor, or I would certainly
> offer. I like your list (not so sure about dynamic loading, that seems
> low priority).
> 
> One I'd like to add is some kind of support for rule-based finding of
> particular known bad patterns (e.g. the OpenSSL bug where return
> values that could be -1, 0 or 1 were checked as if they were
> true/false). Yes, this is vague :-)

If I understand your proposal correctly, it may actually be related to
the dynamic loading. Instead of just loading the ordinary compiled
checker, it might be possible to allow writing external checkers as some
set of rules or in some general-purpose scripting language. This might
make it possible to write simple, project-specific checkers.

But I'm even less sure here whether it would be possible, useful and
small enough project to do over the summer.

> > I
> > have tried to come up with something, but I don't know if it would be
> > really possible, useful and doable in the given time:
> >
> > - support for interprocedural analysis
> >
> > - support for external checkers (i.e. loadable at runtime, so clang does
> >  not have to be recompiled in order to use new checker)
> >
> > - false positive elimination with constraint solver (klee seems to
> >  contain a solver that could be specifically used for this)
> >
> > - C++ support (only thing mentioned on the analyzer web, I don't have an
> >  idea of extent of the work needed)
> >
> > Thank you for any feedback,
> > Martin Milata
> > _______________________________________________
> > cfe-dev mailing list
> > cfe-dev at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> >
>

More information about the cfe-dev mailing list