[cfe-dev] [analyzer][GSoC] Implementing a dataflow framework for the Clang Static Analyzer

[Kristóf Umann via cfe-dev]

Hi!

This summer, I indent to participate in Google Summer of Code, during which
I'd like to work on the Clang Static Analyzer. In some not-so-recent
discussions, the lack of a dataflow analysis infrastructure was mentioned,
which I think would be a great addition, and I believe certainly a "tough
enough" task.

Why I believe that this would be great, is that it would open the window
for a variety of new analyses, like "points to" analysis, better dead code
detection, and a variety of new checks that couldn't be implemented with
symbolic execution and/or AST matching.

Do you think it's realistic to implement this within a summer? Do you have
maybe some other, related but smaller projects that is a better fit for
GSoC?

So far, I've spent the better part of one and a half years on the Clang
Static Analyzer. I've implemented a path sensitive checker called
UninitializedObjectChecker, and an AST based clang-tidy check
called bugprone-throw-keyword-missing. Some other projects that didn't see
the light of day lead me to learn a lot about BugReporter and bug path
construction. Lately, I've spent most of my time on the frontend of the
analyzer, maintaining checker registration and command line option
handling, during which I got to see and learn from a lot of checker
implementations, how path sensitive analysis was implemented, and where a
new analysis type could possibly fit in.

In order to prepare for this task, I've already started reading some
literature (most notably Engineering a Compiler from Keith Cooper and Linda
Torczon), and started attending related courses at university. If you could
recommend some other sources, they would be most welcome. :)

Would greatly appreciate any feedback!

Cheers,
Kristóf Umann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190228/f863a734/attachment.html>