<div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Artem,<br><br></div><div class="gmail_default" style="font-size:small">Thank you very much for this detailed information and help.<br>I will checkout the existing checkers you mentioned and try to get a better understanding of the problem.<br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><br>----<br>Regards,<br><font face="'courier new', monospace">Nithin.VR</font><br></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 9, 2020 at 2:30 AM Artem Dergachev <<a href="mailto:noqnoqneo@gmail.com">noqnoqneo@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hey!<br>
<br>
Welcome. Let's see.<br>
<br>
Nullability checker isn't the one that you're looking for. It's a <br>
different beast that governs hunt for null dereferences via so-called <br>
"nullability annotations". Like, a language extension is provided <br>
through which the programmer can tell the analyzer which variables / <br>
functions may or may not hold / produce null pointers, and the analyzer <br>
checks whether it makes sense how these nullable and non-null values <br>
propagate from one function to another. So it's the same problem but a <br>
different technique. It is targeted mostly at finding crashes in <br>
Objective-C apps that pass a lot of pointers around across many <br>
user-defined functions.<br>
<br>
The proposed GSoC project is of a different nature: we want to teach the <br>
static analyzer about a very specific C++ API, but we want to teach it <br>
much more thoroughly. It's not enough to know that <br>
std::unique_ptr::operator->() may occasionally return a null pointer; <br>
we'd much rather know when exactly does it return a null pointer (eg., <br>
if the smart pointer is freshly default-constructed).<br>
<br>
If you want to study existing checkers, check out:<br>
- MoveChecker - the use-after-move checker which already finds *some* <br>
null smart pointer dereferences, given that they're guaranteed to be <br>
null after move.<br>
- SmartPtrChecker currently does almost nothing, but that's probably <br>
where you put your code into :)<br>
- IteratorChecker is a large ongoing pioneer project to find iterator <br>
and container related bugs such as dereferencing vector.end(). It's the <br>
closest thing to what you'll be implementing, but its handling of C++ <br>
objects is outdated and overly complicated because some new facilities <br>
for C++ support (mostly the ones explained in the second half of <br>
<a href="https://www.youtube.com/watch?v=4n3l-ZcDJNY" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=4n3l-ZcDJNY</a>) weren't in place yet when <br>
it all started.<br>
<br>
Once you understand the project a bit better and like it, the next step <br>
is to discuss here (in this mailing list) what is the best way to <br>
implement the checker. The ultimate outcome of this discussion will be a <br>
so-called "GSoC proposal". It's a few pages of text that you write, post <br>
here for more discussion, and eventually upload to the GSoC website. <br>
According to the GSoC timeline, the proposal should be submitted by the <br>
end of March. The proposal summarizes how *you* understand the project <br>
and how *you* plan to tackle it during the summer.<br>
<br>
Good luck on your GSoC path!<br>
Artem.<br>
<br>
<br>
On 3/7/20 3:40 PM, Nithin Vadukkumchery Rajendrakumar via cfe-dev wrote:<br>
><br>
> Greetings,<br>
><br>
><br>
> I am interested to participate in GSoC 2020. I am particularly <br>
> interested in the project idea "Find null smart pointer dereferences <br>
> with the Static Analyzer". I am doing my masters in computer science <br>
> and interested in program analysis and verification. I thought <br>
> GSoC2020 will be a wonderful opportunity to learn more about Clang <br>
> Static Analyzer and contribute.<br>
><br>
><br>
> I have started reading about smart pointers in C++ to get a good grasp <br>
> of the concepts. Also, has some experience in implementing Clang <br>
> Static Analyzer simple checks(similar to SimpleStreamChecker) from the <br>
> tutorials. I read through few available tutorials and have some basic <br>
> idea about Control Flow Graph, Exploded Graph and Symbolic Values. I <br>
> have read the paper "A memory model for static analysis of C programs" <br>
> to get some theoretical background. I also started looking into <br>
> NullabilityChecker.cpp <br>
> <<a href="https://github.com/llvm/llvm-project/blob/master/clang/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp" rel="noreferrer" target="_blank">https://github.com/llvm/llvm-project/blob/master/clang/lib/StaticAnalyzer/Checkers/NullabilityChecker.cpp</a>> to <br>
> understand the codebase.<br>
><br>
> I would like to know is this the right place to look?<br>
><br>
> Could anyone please help me on what should I do next?<br>
><br>
> ----<br>
> Thanks & Regards,<br>
> Nithin<br>
><br>
> _______________________________________________<br>
> cfe-dev mailing list<br>
> <a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a><br>
> <a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a><br>
<br>
</blockquote></div>